Vulnerability Encyclopedia
understand, detect, remediate
A practical reference for security professionals. Each entry covers what the vulnerability is, how to find it, and how to fix it, with CVSS scoring, compliance mapping, and detection guidance.
No credit card required. Free plan available forever.
30 vulnerabilities
SQL Injection
SQL injection allows attackers to manipulate database queries through unsanitised user input, potentially leading to full data breaches, authentication bypass, and remote code execution.
Read moreOS Command Injection
Command injection allows attackers to execute arbitrary operating system commands on the host server by injecting malicious input into application functions that pass data to system shells.
Read moreInsecure Deserialization
Insecure deserialization allows attackers to manipulate serialised objects to achieve remote code execution, privilege escalation, or injection attacks when the application deserialises untrusted data.
Read moreJWT Security Vulnerabilities
JWT vulnerabilities include weak signing algorithms, missing expiration claims, the "none" algorithm bypass, and algorithm confusion attacks that can lead to authentication bypass and token forgery.
Read moreDefault Credentials
Default credentials provide attackers with immediate, unauthenticated access to systems and applications. They are among the first things automated scanners and botnets check.
Read moreHardcoded Secrets
Hardcoded secrets (API keys, passwords, tokens, and private keys embedded in source code) are a leading cause of data breaches when code is shared, committed to repositories, or decompiled.
Read moreCross-Site Scripting (XSS)
XSS allows attackers to inject malicious scripts into web pages viewed by other users, enabling session hijacking, credential theft, and defacement.
Read moreServer-Side Request Forgery (SSRF)
SSRF allows attackers to make the server send requests to internal services, cloud metadata endpoints, or other restricted resources, potentially leading to data exfiltration or remote code execution.
Read moreInsecure Direct Object Reference (IDOR)
IDOR occurs when an application exposes internal object references without authorisation checks, allowing attackers to access or modify other users' data by simply changing a parameter value.
Read moreBroken Authentication
Broken authentication encompasses weaknesses in login mechanisms (weak brute-force protection, predictable tokens, insecure password recovery) that allow attackers to compromise user accounts.
Read moreSensitive Data Exposure
Sensitive data exposure occurs when applications inadvertently leak PII, credentials, API keys, or internal details through responses, logs, error messages, or insecure storage.
Read morePath Traversal
Path traversal (directory traversal) allows attackers to access files and directories outside the intended web root by manipulating file path references with sequences like "../".
Read moreXML External Entity (XXE) Injection
XXE injection exploits misconfigured XML parsers to read local files, perform SSRF, or cause denial of service through entity expansion attacks.
Read moreCORS Misconfiguration
CORS misconfiguration occurs when overly permissive cross-origin resource sharing policies allow malicious websites to read sensitive data from your application on behalf of authenticated users.
Read moreSubdomain Takeover
Subdomain takeover occurs when a DNS record points to a deprovisioned cloud resource, allowing attackers to claim the resource and serve malicious content on a trusted subdomain.
Read moreUnrestricted File Upload
Unrestricted file upload vulnerabilities allow attackers to upload malicious files (web shells, scripts, or executables) that can lead to remote code execution on the server.
Read moreSession Fixation & Session Management
Session fixation allows attackers to set a user's session ID before authentication, gaining access to the authenticated session. Weak session management amplifies the risk.
Read moreVulnerable & Outdated Dependencies
Using libraries and frameworks with known vulnerabilities is one of the most common security risks. Attackers actively exploit published CVEs in outdated dependencies.
Read moreBroken Access Control
Broken access control, the #1 OWASP Top 10 category, allows users to act outside their intended permissions, accessing other users' data or performing unauthorised administrative actions.
Read moreCloud Storage Misconfiguration
Misconfigured cloud storage buckets (AWS S3, Google Cloud Storage, Azure Blob) with public access are a leading cause of large-scale data breaches, exposing sensitive files to the internet.
Read moreCross-Site Request Forgery (CSRF)
CSRF tricks authenticated users into submitting unintended requests, allowing attackers to change account settings, transfer funds, or modify data without the user's knowledge.
Read moreSecurity Misconfiguration
Security misconfiguration is one of the most common vulnerability categories. Missing security headers, default credentials, verbose error messages, and unnecessary services expose applications to attack.
Read moreOpen Redirect
Open redirect vulnerabilities allow attackers to redirect users from a trusted domain to a malicious site, enabling phishing attacks that leverage the trust of the vulnerable domain.
Read moreTLS/SSL Misconfiguration
TLS/SSL misconfigurations (deprecated protocols, weak ciphers, expired certificates, and missing HSTS) expose encrypted communications to interception and downgrade attacks.
Read moreMissing Security Headers
Missing HTTP security headers leave applications vulnerable to clickjacking, XSS, MIME sniffing, and other client-side attacks that are easily prevented with proper header configuration.
Read moreWeak Password Policy
Weak password policies permit short or simple passwords that are easily guessed or cracked through brute-force, dictionary, or credential stuffing attacks.
Read moreMissing Rate Limiting
Missing rate limiting allows attackers to send unlimited requests to sensitive endpoints, enabling brute-force attacks, credential stuffing, account enumeration, and denial of service.
Read moreDNS Misconfiguration
DNS misconfigurations (missing or incorrect SPF, DKIM, and DMARC records) allow attackers to spoof your domain in phishing emails, damaging reputation and enabling social engineering.
Read moreDirectory Listing
Directory listing reveals the contents of web server directories to anyone who requests them, potentially exposing backup files, configuration files, source code, and other sensitive data.
Read moreInformation Disclosure
Information disclosure through verbose error messages, stack traces, server banners, and debug pages gives attackers valuable intelligence about your application's internals and attack surface.
Read moreDetect vulnerabilities automatically
SecPortal scans for all these vulnerabilities with 33+ built-in modules. External scanning, authenticated testing, and code analysis. Start free.
No credit card required. Free plan available forever.