Vulnerability templates
In addition to query-based vulnerability reporting, runZero natively detects exposures using an embedded version of the open-source Nuclei vulnerability scanner and it’s YAML-based vulnerability check templates. To maintain fast scan times and minimize network disruption, runZero dynamically selects appropriate templates based on the scan’s configured categories and precise asset and service fingerprinting.
The table below lists the templates available for scans. The full set can be found in our nuclei-templates repository.
Current templates
2200 templates, last updated on: 2026-01-15
| Name | CVEs | Enabled by | Severity | Template Source |
|---|---|---|---|---|
| .NET Framework - Leaking ObjRefs via HTTP .NET Remoting | CVE-2024-29059 | Identify critical remote vulnerabilities | High | Source |
| 1Password SCIM Bridge - Panel | Identify web-based control panels | Info | Source | |
| 3COM NJ2000 Default Credentials | Identify default logins in web-based control panels | High | Source | |
| 3CX Phone System Management Console - Panel Detect | Identify web-based control panels | Info | Source | |
| 3CX Phone System Web Client Management Console - Panel Detect | Identify web-based control panels | Info | Source | |
| 3Com Wireless 8760 Dual Radio Default Credentials | Identify default logins in web-based control panels | High | Source | |
| 3ware Controller 3DM2 Default Credentials | Identify default logins in web-based control panels | High | Source | |
| 74cms - ajax_common.php SQL Injection | CVE-2020-22209 | Identify critical remote vulnerabilities | Critical | Source |
| 74cms - ajax_officebuilding.php SQL Injection | CVE-2020-22210 | Identify critical remote vulnerabilities | Critical | Source |
| 74cms - ajax_street.php 'key' SQL Injection | CVE-2020-22211 | Identify critical remote vulnerabilities | Critical | Source |
| 74cms - ajax_street.php 'x' SQL Injection | CVE-2020-22208 | Identify critical remote vulnerabilities | Critical | Source |
| AC Centralized Management System - Default Login | Identify default logins in web-based control panels | High | Source | |
| AC Smart II - Authentication Bypass | CVE-2025-10204 | Identify critical remote vulnerabilities | High | Source |
| ACME Challenge Path - Reflected Cross-Site Scripting | Identify critical remote vulnerabilities | Low | Source | |
| ACTi Video Monitoring Panel - Detection | Identify web-based control panels | Info | Source | |
| AIC Intelligent Campus System - Password Exposure | Identify critical remote vulnerabilities | Medium | Source | |
| AJ-Report < 1.4.1 - Remote Code Execution | CVE-2024-7314 | Identify critical remote vulnerabilities | Critical | Source |
| AKHQ Panel - Detect | Identify web-based control panels | Info | Source | |
| AMD Pensando PSM - Default Login | Identify default logins in web-based control panels | High | Source | |
| AMR Printer Management Dashboard - Exposure | Identify critical remote vulnerabilities | Medium | Source | |
| APC Rack PDU Default Login | Identify default logins in web-based control panels | High | Source | |
| ARL Default Credentials | Identify default logins in web-based control panels | High | Source | |
| ARRIS Touchstone Telephony Modem - Panel Detect | Identify web-based control panels | Info | Source | |
| ASUS AiCloud Panel - Detect | Identify web-based control panels | Info | Source | |
| ASUS RT-N16 Default Credentials | Identify default logins in web-based control panels | High | Source | |
| ASUS WL-500G Default Credentials | Identify default logins in web-based control panels | High | Source | |
| ASUS WL-520GU Default Credentials | Identify default logins in web-based control panels | High | Source | |
| ASUSTOR ADM 3.1.0.RFQ3 - SQL Injection | CVE-2018-11511 | Identify critical remote vulnerabilities | Critical | Source |
| ATutor < 2.2.1 - Cross Site Scripting | CVE-2023-27008 | Identify critical remote vulnerabilities | Medium | Source |
| AVM FRITZ!Box 7530 AX - Unauthorized Access | CVE-2024-54767 | Identify critical remote vulnerabilities | High | Source |
| AVTECH DVR - Login Verification Code Bypass | CVE-2013-4982 | Identify critical remote vulnerabilities | Low | Source |
| AVTECH DVR - SSRF | Identify critical remote vulnerabilities | Medium | Source | |
| AVTECH Room Alert Login Panel - Detect | Identify web-based control panels | Info | Source | |
| AVTECH Video Surveillance Product - Authentication Bypass | Identify critical remote vulnerabilities | High | Source | |
| AVTECH Video Surveillance Product - Unauthenticated File Download | Identify critical remote vulnerabilities | High | Source | |
| AWS EC2 Auto Scaling Lab | Identify web-based control panels | Info | Source | |
| AWStats <= 7.5 - Full Path Disclosure | Identify critical remote vulnerabilities | Medium | Source | |
| Abandoned Cart Lite for WooCommerce < 5.2.0 - Cross-Site Scripting | CVE-2019-25152 | Identify critical remote vulnerabilities | High | Source |
| Academy LMS 6.2 - SQL Injection | CVE-2023-4974 | Identify critical remote vulnerabilities | Medium | Source |
| AceNet AceReporter Report Panel - Detect | Identify web-based control panels | Info | Source | |
| Ackee Panel - Detect | Identify web-based control panels | Info | Source | |
| Acrolinx Dashboard | Identify web-based control panels | Info | Source | |
| Actifio Resource Center - Panel | Identify web-based control panels | Info | Source | |
| Acunetix Login Panel - Detect | Identify web-based control panels | Info | Source | |
| AdGuard Panel - Detect | Identify web-based control panels | Info | Source | |
| Adapt Authoring Tool - Panel | Identify web-based control panels | Info | Source | |
| AddOnFinance Portal - Detect | Identify web-based control panels | Info | Source | |
| Adfinity Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Adminer <4.7.9 - Server-Side Request Forgery | CVE-2021-21311 | Identify critical remote vulnerabilities | High | Source |
| Adminer <=4.8.0 - Cross-Site Scripting | CVE-2021-29625 | Identify critical remote vulnerabilities | High | Source |
| Adminer Default Credentials | Identify default logins in web-based control panels | High | Source | |
| Adminer Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Adminer Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Adobe AEM CRX Package Manager - Panel Detect | Identify web-based control panels | Info | Source | |
| Adobe AEM Default Credentials | Identify default logins in web-based control panels | High | Source | |
| Adobe AEM JCR Compare Exposure | Identify critical remote vulnerabilities | Medium | Source | |
| Adobe ColdFusion - Access Control Bypass | CVE-2023-38205 | Identify critical remote vulnerabilities | High | Source |
| Adobe ColdFusion - Access Control Bypass | CVE-2023-29298 | Identify critical remote vulnerabilities | High | Source |
| Adobe ColdFusion - Arbitrary File Read | CVE-2024-20767 | Identify critical remote vulnerabilities | High | Source |
| Adobe ColdFusion - Local File Read | CVE-2023-26360 | Identify critical remote vulnerabilities | High | Source |
| Adobe ColdFusion 8.0/8.0.1/9.0/9.0.1 LFI | CVE-2010-2861 | Identify critical remote vulnerabilities | Critical | Source |
| Adobe ColdFusion Component Browser Login Panel | Identify web-based control panels | Info | Source | |
| Adobe ColdFusion WDDX Deserialization Gadgets | CVE-2023-44353 | Identify critical remote vulnerabilities | Critical | Source |
| Adobe Coldfusion - Authentication Bypass | CVE-2023-26347 | Identify critical remote vulnerabilities | High | Source |
| Adobe Connect < 12.1.5 - Local File Disclosure | CVE-2023-22232 | Identify critical remote vulnerabilities | Medium | Source |
| Adobe Connect Central Login Panel | Identify web-based control panels | Info | Source | |
| Adobe Experience Manager Felix Console Default Credentials | Identify default logins in web-based control panels | High | Source | |
| Adobe Experience Manager Login Panel | Identify web-based control panels | Info | Source | |
| Adobe Experience Manager Sling User Login - Detect | Identify web-based control panels | Info | Source | |
| Adobe Media Server Login Panel | Identify web-based control panels | Info | Source | |
| Ads Pro Plugin <= 4.89 - Local File Inclusion | CVE-2025-4380 | Identify critical remote vulnerabilities | Critical | Source |
| Advanced eMail Solution DEEPMail - Panel | Identify web-based control panels | Info | Source | |
| Advantech R-SeeNet 2.4.12 - OS Command Injection | CVE-2021-21805 | Identify critical remote vulnerabilities | Critical | Source |
| Aerohive NetConfig UI | Identify web-based control panels | Info | Source | |
| Aethra Telecommunications Login - Panel | Identify web-based control panels | Info | Source | |
| Agent-Zero 0.8.0 - 0.9.4 - Arbitrary File Download | CVE-2025-55523 | Identify critical remote vulnerabilities | High | Source |
| Agentejo Cockpit < 0.11.2 - NoSQL Injection | CVE-2020-35846 | Identify critical remote vulnerabilities | Critical | Source |
| Agentejo Cockpit <0.11.2 - NoSQL Injection | CVE-2020-35847 | Identify critical remote vulnerabilities | Critical | Source |
| Agentejo Cockpit <0.12.0 - NoSQL Injection | CVE-2020-35848 | Identify critical remote vulnerabilities | Critical | Source |
| AirNotifier Login Panel - Detect | Identify web-based control panels | Info | Source | |
| AirOS Panel - Detect | Identify web-based control panels | Info | Source | |
| Airflow Experimental <1.10.11 - REST API Auth Bypass | CVE-2020-13927 | Identify critical remote vulnerabilities | Critical | Source |
| Akuiteo Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Alamos GmbH Panel - Detect | Identify web-based control panels | Info | Source | |
| Alcatel-Lucent OmniPCX - Remote Command Execution | CVE-2007-3010 | Identify critical remote vulnerabilities | Critical | Source |
| Alfresco Content App Panel - Detect | Identify web-based control panels | Info | Source | |
| Alibaba Druid Monitor - Default Login | Identify default logins in web-based control panels | High | Source | |
| Alibaba Nacos - Default Login | Identify default logins in web-based control panels | High | Source | |
| AlienVault USM Login Panel | Identify web-based control panels | Info | Source | |
| All-in-One WP Migration < 7.87 - Unauthenticated Information Disclosure | CVE-2024-8852 | Identify critical remote vulnerabilities | Medium | Source |
| Allied Telesis Device GUI Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Allnet Default Credentials | Identify default logins in web-based control panels | High | Source | |
| AlphaWeb XE Default Credentials | Identify default logins in web-based control panels | Medium | Source | |
| Altenergy Power Control Software - SQL Injection | CVE-2024-11305 | Identify critical remote vulnerabilities | Medium | Source |
| AlternC Desktop Panel - Detect | Identify web-based control panels | Info | Source | |
| Ambassador API Gateway Diagnostics - Exposure | Identify critical remote vulnerabilities | Medium | Source | |
| Amcrest Login | Identify web-based control panels | Info | Source | |
| AmpJuke Default Credentials | Identify default logins in web-based control panels | High | Source | |
| Ampache Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Anaqua Login - Panel | Identify web-based control panels | Info | Source | |
| Ansible Semaphore Panel Detect | Identify web-based control panels | Info | Source | |
| Ansible Tower - Detect | Identify web-based control panels | Info | Source | |
| AnteeoWMS < v4.7.34 - SQL Injection | CVE-2024-44349 | Identify critical remote vulnerabilities | Critical | Source |
| Anyscale Ray - Remote Code Execution | CVE-2023-48022 | Identify critical remote vulnerabilities | Critical | Source |
| AnythingLLM - Information Disclosure | CVE-2024-6842 | Identify critical remote vulnerabilities | High | Source |
| Apache 2.4.49 - Path Traversal and Remote Code Execution | CVE-2021-41773 | Identify critical remote vulnerabilities | High | Source |
| Apache 2.4.49/2.4.50 - Path Traversal and Remote Code Execution | CVE-2021-42013 | Identify critical remote vulnerabilities | Critical | Source |
| Apache APISIX Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Apache ActiveMQ Artemis Console Default Login | Identify default logins in web-based control panels | High | Source | |
| Apache ActiveMQ Default Login | Identify default logins in web-based control panels | High | Source | |
| Apache ActiveMQ Exposure | Identify web-based control panels | Info | Source | |
| Apache Airflow <1.10.14 - Authentication Bypass | CVE-2020-17526 | Identify critical remote vulnerabilities | High | Source |
| Apache Airflow <=1.10.10 - Remote Code Execution | CVE-2020-11978 | Identify critical remote vulnerabilities | High | Source |
| Apache Airflow Admin Login Panel | Identify web-based control panels | Info | Source | |
| Apache Airflow Default Login | Identify default logins in web-based control panels | High | Source | |
| Apache Airflow OS Command Injection | CVE-2022-24288 | Identify critical remote vulnerabilities | High | Source |
| Apache Airflow v3 Default Login | Identify default logins in web-based control panels | High | Source | |
| Apache Ambari Default Credentials | Identify default logins in web-based control panels | High | Source | |
| Apache Apisix Admin Default Credentials | Identify default logins in web-based control panels | High | Source | |
| Apache Apollo Default Credentials | Identify default logins in web-based control panels | High | Source | |
| Apache Apollo Panel - Detect | Identify web-based control panels | Info | Source | |
| Apache CloudStack Default Credentials | Identify default logins in web-based control panels | High | Source | |
| Apache DolphinScheduler Default Credentials | Identify default logins in web-based control panels | High | Source | |
| Apache Doris Default Credentials | Identify default logins in web-based control panels | High | Source | |
| Apache Flink - Local File Inclusion | CVE-2020-17519 | Identify critical remote vulnerabilities | High | Source |
| Apache HTTP Server - ACL Bypass | CVE-2024-38473 | Identify critical remote vulnerabilities | High | Source |
| Apache HTTP Server End-of-Life - Detect | Identify web-based control panels | Info | Source | |
| Apache HertzBeat - Default Credentials | Identify default logins in web-based control panels | High | Source | |
| Apache HugeGraph-Server - Remote Command Execution | CVE-2024-27348 | Identify critical remote vulnerabilities | High | Source |
| Apache HugeGraph-Server <1.5.0 - Authentication Bypass | CVE-2024-43441 | Identify critical remote vulnerabilities | Critical | Source |
| Apache JMeter Dashboard Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Apache Kafka Center Default Credentials | Identify default logins in web-based control panels | High | Source | |
| Apache Kafka Consumer Offset Monitor Panel - Detect | Identify web-based control panels | Info | Source | |
| Apache Kafka Control Center Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Apache Kafka Monitor Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Apache Karaf Default Credentials | Identify default logins in web-based control panels | High | Source | |
| Apache Mesos - Panel Detect | Identify web-based control panels | Info | Source | |
| Apache NiFi - Information Disclosure | CVE-2024-56512 | Identify critical remote vulnerabilities | Medium | Source |
| Apache NiFi - Remote Code Execution | Identify critical remote vulnerabilities | Critical | Source | |
| Apache OFBiz - Improper Authorization & Remote Code Execution | CVE-2024-38856 | Identify critical remote vulnerabilities | Critical | Source |
| Apache OFBiz - XML External Entity Injection | CVE-2011-3600 | Identify critical remote vulnerabilities | High | Source |
| Apache OFBiz Directory Traversal - Remote Code Execution | CVE-2024-32113 | Identify critical remote vulnerabilities | High | Source |
| Apache OfBiz Default Login | Identify default logins in web-based control panels | High | Source | |
| Apache Pinot < 1.3.0 - Authentication Bypass | Identify critical remote vulnerabilities | Critical | Source | |
| Apache Ranger Default Credentials | Identify default logins in web-based control panels | High | Source | |
| Apache RocketMQ Console Panel - Detect | Identify web-based control panels | Info | Source | |
| Apache S2-032 Struts - Remote Code Execution | CVE-2016-3081 | Identify critical remote vulnerabilities | High | Source |
| Apache ShardingSphere ElasticJob-UI privilege escalation | CVE-2022-22733 | Identify critical remote vulnerabilities | Medium | Source |
| Apache Solr - Authentication Bypass | CVE-2024-45216 | Identify critical remote vulnerabilities | Critical | Source |
| Apache Solr - Host Environment Variables Leak via Metrics API | CVE-2023-50290 | Identify critical remote vulnerabilities | Medium | Source |
| Apache Solr Admin Panel - Detect | Identify web-based control panels | Info | Source | |
| Apache Spark Panel - Detect | Identify web-based control panels | Info | Source | |
| Apache Spark UI - Remote Command Injection | CVE-2022-33891 | Identify critical remote vulnerabilities | High | Source |
| Apache Streampark - Default Login | Identify default logins in web-based control panels | High | Source | |
| Apache Streampark - Detect | Identify web-based control panels | Info | Source | |
| Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution | CVE-2013-2251 | Identify critical remote vulnerabilities | Critical | Source |
| Apache Struts 2 - Remote Command Execution | CVE-2017-5638 | Identify critical remote vulnerabilities | Critical | Source |
| Apache Struts 2.0.0-2.5.25 - Remote Code Execution | CVE-2020-17530 | Identify critical remote vulnerabilities | Critical | Source |
| Apache Struts <=2.5.20 - Remote Code Execution | CVE-2019-0230 | Identify critical remote vulnerabilities | Critical | Source |
| Apache Struts2 S2-008 RCE | CVE-2012-0392 | Identify critical remote vulnerabilities | Medium | Source |
| Apache Struts2 S2-012 RCE | CVE-2013-1965 | Identify critical remote vulnerabilities | Critical | Source |
| Apache Struts2 S2-053 - Remote Code Execution | CVE-2017-12611 | Identify critical remote vulnerabilities | Critical | Source |
| Apache Struts2 S2-053 - Remote Code Execution | CVE-2017-9791 | Identify critical remote vulnerabilities | Critical | Source |
| Apache Struts2 S2-057 - Remote Code Execution | CVE-2018-11776 | Identify critical remote vulnerabilities | High | Source |
| Apache Superset - Authentication Bypass | CVE-2023-27524 | Identify critical remote vulnerabilities | High | Source |
| Apache Superset Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Apache Tomcat Default Credentials | Identify default logins in web-based control panels | Info | Source | |
| Apache Tomcat Manager Default Credentials | Identify default logins in web-based control panels | High | Source | |
| Apache Tomcat Manager Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Apache Tomcat Remote Command Execution | CVE-2020-9484 | Identify critical remote vulnerabilities | High | Source |
| Apache `mod_proxy_cluster` Cluster Manager Interface - Exposure | Identify web-based control panels | Info | Source | |
| Aperio eSlideManager - Panel | Identify web-based control panels | Info | Source | |
| Apigee Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Apollo Default Credentials | Identify default logins in web-based control panels | High | Source | |
| Application Management Panel - Detect | Identify web-based control panels | Info | Source | |
| Appsmith User Login - Panel Detect | Identify web-based control panels | Info | Source | |
| Appspace Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Appsuite Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Appwrite Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Aptus Login - Panel Detect | Identify web-based control panels | Info | Source | |
| Aqua Enterprise - Panel Detect | Identify web-based control panels | Info | Source | |
| Aquatronica Controller System <= 5.1.6 - Information Disclosure | CVE-2025-25037 | Identify critical remote vulnerabilities | High | Source |
| ArangoDB Web Interface - Detect | Identify web-based control panels | Info | Source | |
| ArcGIS REST Services Directory - Detect | Identify web-based control panels | Info | Source | |
| ArcServe Panel - Detect | Identify web-based control panels | Info | Source | |
| Archibus Web Central Login - Panel Detect | Identify web-based control panels | Info | Source | |
| Arcserve UDP <= 9.0.6034 - Authentication Bypass | CVE-2023-26258 | Identify critical remote vulnerabilities | Critical | Source |
| Arcserve Unified Data Protection - Authentication Bypass | CVE-2024-0799 | Identify critical remote vulnerabilities | Critical | Source |
| Argo CD Login Panel | Identify web-based control panels | Info | Source | |
| Argo CD Unauthenticated Access to sensitive setting | CVE-2024-37152 | Identify critical remote vulnerabilities | Medium | Source |
| Aria2 WebUI - Path traversal | CVE-2023-39141 | Identify critical remote vulnerabilities | High | Source |
| Artica Pandora FMS 7.44 - Remote Code Execution | CVE-2020-13851 | Identify critical remote vulnerabilities | High | Source |
| Aruba Instant - Default Login | Identify default logins in web-based control panels | High | Source | |
| Astro - Reflected XSS via server islands feature | CVE-2025-64764 | Identify critical remote vulnerabilities | High | Source |
| Atarim < 4.2.2 - Sensitive Information Exposure | Identify critical remote vulnerabilities | High | Source | |
| Atlantis Panel - Detect | Identify web-based control panels | Info | Source | |
| Atlassian Bamboo Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Atlassian Jira Server-Side Template Injection | CVE-2019-11581 | Identify critical remote vulnerabilities | Critical | Source |
| Atlassian Questions For Confluence - Hardcoded Credentials | CVE-2022-26138 | Identify critical remote vulnerabilities | Critical | Source |
| Atom.CMS 2.0 - SQL Injection | CVE-2022-28033 | Identify critical remote vulnerabilities | Critical | Source |
| AudioCodes 310HD, 320HD, 420HD, 430HD & 440HD Default Credentials | Identify default logins in web-based control panels | High | Source | |
| AudioCodes Device Manager Express - SQL Injection | CVE-2022-24627 | Identify critical remote vulnerabilities | Critical | Source |
| AudioCodes Login - Panel Detect | Identify web-based control panels | Info | Source | |
| Audiobookshelf Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Authelia Panel - Detect | Identify web-based control panels | Info | Source | |
| Authentik Panel - Detect | Identify web-based control panels | Info | Source | |
| AutoSet Page - Detect | Identify web-based control panels | Info | Source | |
| Automation By Autonami < 3.3.0 - SQL Injection | CVE-2024-9186 | Identify critical remote vulnerabilities | High | Source |
| Automatisch Panel - Detect | Identify web-based control panels | Info | Source | |
| AvantFAX Login Panel | Identify web-based control panels | Info | Source | |
| Avatier Password Management Panel | Identify web-based control panels | Info | Source | |
| Aviatrix Cloud Controller Panel | Identify web-based control panels | Info | Source | |
| Avigilon Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Avtech AVN801 Network Camera Admin Panel - Detect | Identify web-based control panels | Info | Source | |
| Axel WebServer - Panel Detect | Identify web-based control panels | Info | Source | |
| Axigen Web Admin Detection | Identify web-based control panels | Info | Source | |
| Axigen WebMail PanelDetection | Identify web-based control panels | Info | Source | |
| Axway API Manager Panel - Detect | Identify web-based control panels | Info | Source | |
| Axway SecureTransport Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Axway SecureTransport Web Client Panel - Detect | Identify web-based control panels | Info | Source | |
| Axxon Next Client Login - Detect | Identify web-based control panels | Info | Source | |
| Azkaban Web Client | Identify web-based control panels | Info | Source | |
| Azkaban Web Client Default Credentials | Identify default logins in web-based control panels | High | Source | |
| BEdita Login Panel - Detect | Identify web-based control panels | Info | Source | |
| BMC Control-M MFT Login Panel - Detect | Identify web-based control panels | Info | Source | |
| BMC Discovery Login Panel - Detect | Identify web-based control panels | Info | Source | |
| BMC Remedy SSO Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Barco ClickShare Default Credentials | Identify default logins in web-based control panels | High | Source | |
| Barracuda Message Archiver - Panel Detect | Identify web-based control panels | Info | Source | |
| Batflat CMS Default Credentials | Identify default logins in web-based control panels | High | Source | |
| Bazarr < 1.4.3 - Arbitrary File Read | Identify critical remote vulnerabilities | High | Source | |
| Beego Admin Dashboard Panel- Detect | Identify web-based control panels | Medium | Source | |
| Beszel Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Better Search Replace < 1.4.5 - PHP Object Injection | CVE-2023-6933 | Identify critical remote vulnerabilities | Critical | Source |
| BeyondTrust Login Panel - Detect | Identify web-based control panels | Info | Source | |
| BeyondTrust Privileged Remote Access - Panel | Identify web-based control panels | Info | Source | |
| BeyondTrust Remote Support Panel - Detect | Identify web-based control panels | Info | Source | |
| BigAnt Admin Login Panel - Detect | Identify web-based control panels | Info | Source | |
| BigAnt Default Credentials | Identify default logins in web-based control panels | Critical | Source | |
| BigAnt Server 5.6.06 - Improper Access Control | CVE-2022-23348 | Identify critical remote vulnerabilities | Medium | Source |
| BioTime Web Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Bitbucket Panel - Detect | Identify web-based control panels | Info | Source | |
| Bitdefender GravityZone Panel - Detect | Identify web-based control panels | Info | Source | |
| Bitrix Component - Cross-Site Scripting | CVE-2023-1719 | Identify critical remote vulnerabilities | High | Source |
| Bitrix Login Panel | Identify web-based control panels | Info | Source | |
| Bitrix Path Disclosure | Identify critical remote vulnerabilities | Low | Source | |
| Bitrix Site Manager - Log File Disclosure | Identify critical remote vulnerabilities | Medium | Source | |
| Bitwarden Web Vault Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Black Duck Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Blue Iris Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Blue Yonder Panel - Detect | Identify web-based control panels | Info | Source | |
| Bluemind Panel - Detect | Identify web-based control panels | Info | Source | |
| Bonita Default Credentials | Identify default logins in web-based control panels | High | Source | |
| Bonita Portal Login - Detect | Identify web-based control panels | Info | Source | |
| Bonobo Git Server Login Panel - Detect | Identify web-based control panels | Info | Source | |
| BookStack Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Brother MFC-L9570CDW - Information Disclosure | CVE-2024-51977 | Identify critical remote vulnerabilities | Medium | Source |
| Browser Configuration "browserconfig.xml" Exposure | Identify critical remote vulnerabilities | Info | Source | |
| Buddy Panel - Detect | Identify web-based control panels | Info | Source | |
| Buffalo WSR-2533DHPL2 - Path Traversal | CVE-2021-20090 | Identify critical remote vulnerabilities | Critical | Source |
| Buildbot Panel - Detect | Identify web-based control panels | Info | Source | |
| Busybox Repository Browser - Detect | Identify web-based control panels | Info | Source | |
| Bylancer Quicklancer 2.4 G - SQL Injection | CVE-2024-7188 | Identify critical remote vulnerabilities | High | Source |
| Bynder Login Panel - Detect | Identify web-based control panels | Info | Source | |
| CAIMORE Gateway Default Credentials | Identify default logins in web-based control panels | High | Source | |
| CAS Login Panel - Detect | Identify web-based control panels | Info | Source | |
| CData API Server < 23.4.8844 - Path Traversal | CVE-2024-31848 | Identify critical remote vulnerabilities | Critical | Source |
| CData Arc < 23.4.8839 - Path Traversal | CVE-2024-31850 | Identify critical remote vulnerabilities | High | Source |
| CData Connect < 23.4.8846 - Path Traversal | CVE-2024-31849 | Identify critical remote vulnerabilities | Critical | Source |
| CData Sync < 23.4.8843 - Path Traversal | CVE-2024-31851 | Identify critical remote vulnerabilities | High | Source |
| CERIO-DT Interface - Command Execution | Identify critical remote vulnerabilities | Critical | Source | |
| CGIT - Detect | Identify web-based control panels | Info | Source | |
| CISCO Expressway Login Panel - Detect | Identify web-based control panels | Info | Source | |
| CRMEB v.5.2.2 - SQL Injection | CVE-2024-36837 | Identify critical remote vulnerabilities | High | Source |
| Cachet <=2.3.18 - SQL Injection | CVE-2021-39165 | Identify critical remote vulnerabilities | High | Source |
| Cacti 1.2.24 - SQL Injection | CVE-2023-39361 | Identify critical remote vulnerabilities | Critical | Source |
| Cacti Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Calibre <= 7.14.0 Arbitrary File Read | Identify critical remote vulnerabilities | High | Source | |
| Calibre <= 7.14.0 Remote Code Execution | CVE-2024-6782 | Identify critical remote vulnerabilities | Critical | Source |
| Camaleon CMS Default Credentials | Identify default logins in web-based control panels | High | Source | |
| Camaleon CMS Login - Panel | Identify web-based control panels | Info | Source | |
| Camunda Default Credentials | Identify default logins in web-based control panels | High | Source | |
| Canon Devices - Authentication Bypass in Catwalk Server | CVE-2021-38154 | Identify critical remote vulnerabilities | High | Source |
| Canon R-ADV C3325 Default Credentials | Identify default logins in web-based control panels | High | Source | |
| Canon iR-ADV Panel - Detect | Identify web-based control panels | Info | Source | |
| Canopy 5.7GHz Access Point Default Credentials | Identify default logins in web-based control panels | High | Source | |
| Caprover Default Credentials | Identify default logins in web-based control panels | High | Source | |
| Car Rental Management System 1.0 - Local File Inclusion | CVE-2020-29227 | Identify critical remote vulnerabilities | Critical | Source |
| Car Rental Management System 1.0 - SQL Injection | CVE-2022-32022 | Identify critical remote vulnerabilities | High | Source |
| CasaOS < 0.4.4 - Authentication Bypass via Internal IP | CVE-2023-37265 | Identify critical remote vulnerabilities | Critical | Source |
| CasaOS < 0.4.4 - Authentication Bypass via Random JWT Token | CVE-2023-37266 | Identify critical remote vulnerabilities | Critical | Source |
| CasaOS Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Cascade CMS Panel - Detect | Identify web-based control panels | Info | Source | |
| Casdoor 1.13.0 - Unauthenticated SQL Injection | CVE-2022-24124 | Identify critical remote vulnerabilities | High | Source |
| Casdoor Login Panel - Detect | Identify web-based control panels | Info | Source | |
| CaseManager Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Cassia Bluetooth Gateway Panel - Detect | Identify web-based control panels | Info | Source | |
| Caton Network Manager System Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Cellinx NVT Web Server - Local File Disclosure | CVE-2023-23063 | Identify critical remote vulnerabilities | High | Source |
| Celonis Login - Panel | Identify web-based control panels | Info | Source | |
| CentOS EOL - Detect | Identify web-based control panels | Info | Source | |
| CentOS Web Panel - OS Command Injection | CVE-2021-31324 | Identify critical remote vulnerabilities | Critical | Source |
| CentOS Web Panel - SQL Injection | CVE-2021-31316 | Identify critical remote vulnerabilities | Critical | Source |
| CentreStack Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Centreon Login Panel - Detect | Identify web-based control panels | Info | Source | |
| ChanCMS <= 3.3.0 - SQL Injection | CVE-2025-10210 | Identify critical remote vulnerabilities | Medium | Source |
| Change Detection - Server Side Template Injection | CVE-2024-32651 | Identify critical remote vulnerabilities | Critical | Source |
| Changedetection.io <= 0.47.4 - Path Traversal | CVE-2024-51483 | Identify critical remote vulnerabilities | Medium | Source |
| Changedetection.io Panel - Detect | Identify web-based control panels | Info | Source | |
| Changjietong Remote Communication GNRemote.dll - SQL Injection | Identify critical remote vulnerabilities | High | Source | |
| Check Point Quantum Gateway - Information Disclosure | CVE-2024-24919 | Identify critical remote vulnerabilities | High | Source |
| CheckPoint SSL Network Extender Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Checkmarx Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Checkmk Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Chef Automate < 4.13.295 — SQL Injection | CVE-2025-8868 | Identify critical remote vulnerabilities | Critical | Source |
| Chemotargets Clarity Vista Login Panel - Detect | Identify web-based control panels | Info | Source | |
| ChirpStack Default Credentials | Identify default logins in web-based control panels | High | Source | |
| ChirpStack LoRaWAN Detection | Identify web-based control panels | Info | Source | |
| Chronos Panel - Detect | Identify web-based control panels | Info | Source | |
| ChurchCRM - Cross-Site Scripting | Identify critical remote vulnerabilities | Medium | Source | |
| ChurchCRM - Default Login | Identify default logins in web-based control panels | High | Source | |
| ChurchCRM Panel - Detect | Identify web-based control panels | Info | Source | |
| Ciphertrust - Default Login | Identify default logins in web-based control panels | High | Source | |
| Cisco ACE 4710 Device Manager Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Cisco ASA - Local File Inclusion | CVE-2018-0296 | Identify critical remote vulnerabilities | High | Source |
| Cisco Adaptive Security Appliance (ASA)/Firepower Threat Defense (FTD) - Local File Inclusion | CVE-2020-3452 | Identify critical remote vulnerabilities | High | Source |
| Cisco Edge 340 Panel - Detect | Identify web-based control panels | Info | Source | |
| Cisco Email Security Appliance - Panel | Identify web-based control panels | Info | Source | |
| Cisco IOS XE - Impant Detection | Identify critical remote vulnerabilities | Critical | Source | |
| Cisco IOS XE Web UI - Command Injection | CVE-2023-20198 | Identify critical remote vulnerabilities | Critical | Source |
| Cisco ISE Admin Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Cisco Identity Services Engine Admin Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Cisco Prime Infrastructure Panel - Detect | Identify web-based control panels | Info | Source | |
| Cisco Secure CN Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Cisco Secure Firewall ASA & FTD - Authentication Bypass | CVE-2025-20362 | Identify critical remote vulnerabilities | Medium | Source |
| Cisco ServiceGrid Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Cisco Smart Software Manager On-Prem Panel - Detect | Identify web-based control panels | Info | Source | |
| Cisco Systems Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Cisco TelePresence Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Cisco UCS Manager KVM Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Cisco Unity Connection Panel - Detect | Identify web-based control panels | Info | Source | |
| Cisco Web UI Login - Detect | Identify web-based control panels | Info | Source | |
| Cisco vManage Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Citrix ADC Gateway Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Citrix Bleed - Leaking Session Tokens | CVE-2023-4966 | Identify critical remote vulnerabilities | Critical | Source |
| Citrix NetScaler Memory Disclosure - CitrixBleed 2 | Identify critical remote vulnerabilities | Critical | Source | |
| Citrix Netscaler ADC & Gateway - Out-Of-Bounds Memory Read | CVE-2023-6549 | Identify critical remote vulnerabilities | Critical | Source |
| Citrix SD-WAN and NetScaler SD-WAN - SQL Injection | CVE-2019-12989 | Identify critical remote vulnerabilities | Critical | Source |
| Citrix VPN Panel - Detect | Identify web-based control panels | Info | Source | |
| Claris FileMaker WebDirect Panel - Detect | Identify web-based control panels | Info | Source | |
| CleanWeb Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Clear-Com Core Configuration Manager Panel - Detect | Identify web-based control panels | Info | Source | |
| ClearPass Policy Manager Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Cleo Harmony < 5.8.0.21 - Arbitrary File Read | CVE-2024-50623 | Identify critical remote vulnerabilities | High | Source |
| Cloud OA System - SQL Injection | Identify critical remote vulnerabilities | High | Source | |
| CloudPanel Login - Detect | Identify web-based control panels | Info | Source | |
| Cloudera Hue Default Credentials | Identify default logins in web-based control panels | High | Source | |
| Cloudlog Panel - Detect | Identify web-based control panels | Info | Source | |
| Cloudphysician RADAR Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Cluster Control CMON API - Directory Traversal | CVE-2024-41628 | Identify critical remote vulnerabilities | High | Source |
| Cnzxsoft System - Default Login | Identify default logins in web-based control panels | High | Source | |
| Cobbler 'XML-RPC' - Authentication Bypass | CVE-2024-47533 | Identify critical remote vulnerabilities | Critical | Source |
| Cobbler - Authentication Bypass | CVE-2018-1000226 | Identify critical remote vulnerabilities | Critical | Source |
| Cobbler <3.3.0 - Remote Code Execution | CVE-2021-40323 | Identify critical remote vulnerabilities | Critical | Source |
| Cobbler WebGUI Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Cockpit CMS 0.6.1 - Remote Code Execution | CVE-2020-35131 | Identify critical remote vulnerabilities | Critical | Source |
| Cockpit Project Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Code-Server Login Panel - Detect | Identify web-based control panels | Info | Source | |
| CodeChecker <= 6.24.1 - Authentication Bypass | CVE-2024-10081 | Identify critical remote vulnerabilities | Critical | Source |
| Cofense Vision Login Panel - Detect | Identify web-based control panels | Info | Source | |
| ColdFusion Administrator Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Coming Soon & Maintenance < 4.1.7 - Unauthenticated Post/Page Access | CVE-2023-1263 | Identify critical remote vulnerabilities | Medium | Source |
| Commvault Web Console Panel - Detect | Identify web-based control panels | Info | Source | |
| Compalex Panel - Detect | Identify web-based control panels | Medium | Source | |
| CompleteView Panel - Detect | Identify web-based control panels | Info | Source | |
| Concourse CI Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Concrete5 Install Panel | Identify web-based control panels | Critical | Source | |
| Concrete5 Login Panel - Detect | Identify web-based control panels | Info | Source | |
| ConnectWise Control Remote Support Software Panel - Detect | Identify web-based control panels | Info | Source | |
| ConnectWise ScreenConnect 23.9.7 - Authentication Bypass | CVE-2024-1709 | Identify critical remote vulnerabilities | Critical | Source |
| Contao Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Content Central Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Contest Gallery < 13.1.0.6 - SQL injection | CVE-2021-24915 | Identify critical remote vulnerabilities | Critical | Source |
| Control Web Panel (CWP) - File Inclusion | CVE-2021-45467 | Identify critical remote vulnerabilities | Critical | Source |
| Control Web Panel Login Panel - Detect | Identify web-based control panels | Info | Source | |
| CopyParty v1.8.6 - Cross Site Scripting | CVE-2023-38501 | Identify critical remote vulnerabilities | Medium | Source |
| Copyparty <= 1.8.2 - Directory Traversal | CVE-2023-37474 | Identify critical remote vulnerabilities | High | Source |
| Copyparty <=1.18.6 - Cross-Site Scripting | CVE-2025-54589 | Identify critical remote vulnerabilities | Medium | Source |
| Cortex XSOAR Login Panel - Detect | Identify web-based control panels | Info | Source | |
| CouchDB - Detect | Identify web-based control panels | Info | Source | |
| CouchDB Default Credentials | Identify default logins in web-based control panels | High | Source | |
| CouchDB Erlang Distribution - Remote Command Execution | CVE-2022-24706 | Identify critical remote vulnerabilities | Critical | Source |
| Cox Business Dominion Gateway Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Craft CMS - Remote Code Execution via Template Path Manipulation | CVE-2024-56145 | Identify critical remote vulnerabilities | Critical | Source |
| Craft CMS < 3.3.0 - Server-Side Template Injection | CVE-2020-9757 | Identify critical remote vulnerabilities | Critical | Source |
| Craft CMS <=v3.7.31 - SQL Injection | CVE-2024-37843 | Identify critical remote vulnerabilities | Critical | Source |
| Craft CMS Admin Login Panel - Detect | Identify web-based control panels | Info | Source | |
| CraftCMS - Remote Code Execution | CVE-2025-32432 | Identify critical remote vulnerabilities | Critical | Source |
| CraftCMS < 4.4.15 - Unauthenticated Remote Code Execution | CVE-2023-41892 | Identify critical remote vulnerabilities | Critical | Source |
| CraftCMS SEOmatic - Server-Side Template Injection | CVE-2021-41749 | Identify critical remote vulnerabilities | Critical | Source |
| CrafterCMS Engine - Cross-Site Scripting | CVE-2023-4136 | Identify critical remote vulnerabilities | High | Source |
| CrafterCMS Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Creatio Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Crestron Airmedia 2.0 - Default Login | Identify default logins in web-based control panels | High | Source | |
| Crontab UI - Dashboard Exposure | Identify web-based control panels | High | Source | |
| CrushFTP - Authentication Bypass | CVE-2025-31161 | Identify critical remote vulnerabilities | Critical | Source |
| CrushFTP Anonymous Login | Identify default logins in web-based control panels | High | Source | |
| CrushFTP Default Credentials | Identify default logins in web-based control panels | High | Source | |
| CrushFTP VFS - Sandbox Escape LFR | CVE-2024-4040 | Identify critical remote vulnerabilities | Critical | Source |
| CrushFTP WebInterface Panel - Detect | Identify web-based control panels | Info | Source | |
| Crypto <= 2.15 - Authentication Bypass | CVE-2024-9989 | Identify critical remote vulnerabilities | Critical | Source |
| Cryptobox Panel - Detect | Identify web-based control panels | Info | Source | |
| Cryptocurrency Widgets Pack < 2.0 - SQL Injection | CVE-2022-4059 | Identify critical remote vulnerabilities | Critical | Source |
| CudaTel Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Cvent Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Cyber Chef Panel - Detect | Identify web-based control panels | Info | Source | |
| CyberPanel - Command Injection | CVE-2024-51378 | Identify critical remote vulnerabilities | Critical | Source |
| CyberPower - Missing Authentication | CVE-2024-32735 | Identify critical remote vulnerabilities | Critical | Source |
| CyberPower - SQL Injection | CVE-2024-32738 | Identify critical remote vulnerabilities | High | Source |
| CyberPower - SQL Injection | CVE-2024-32737 | Identify critical remote vulnerabilities | High | Source |
| CyberPower < v2.8.3 - SQL Injection | CVE-2024-32736 | Identify critical remote vulnerabilities | High | Source |
| CyberPower < v2.8.3 - SQL Injection | CVE-2024-32739 | Identify critical remote vulnerabilities | High | Source |
| Cyberoam SSL VPN Panel - Detect | Identify web-based control panels | Info | Source | |
| Cyberpanel Login Panel - Detect | Identify web-based control panels | Info | Source | |
| D-LINK DNS-320L,DNS-320LW and DNS-327L - Information Disclosure | CVE-2024-3274 | Identify critical remote vulnerabilities | Medium | Source |
| D-Link AC Centralized Management System Default Credentials | Identify default logins in web-based control panels | High | Source | |
| D-Link Central WiFi Manager CWM(100) - Remote Code Execution | CVE-2019-13372 | Identify critical remote vulnerabilities | Critical | Source |
| D-Link D-View 8 v2.0.1.28 - Authentication Bypass | CVE-2023-5074 | Identify critical remote vulnerabilities | Critical | Source |
| D-Link DAR-8000-10 - Command Injection | CVE-2023-4542 | Identify critical remote vulnerabilities | Medium | Source |
| D-Link DIR-605 - Information Disclosure | CVE-2021-40655 | Identify critical remote vulnerabilities | High | Source |
| D-Link DIR-615 - Unauthorized Access | CVE-2021-42627 | Identify critical remote vulnerabilities | Critical | Source |
| D-Link DIR-816L - Improper Access Control | CVE-2022-28955 | Identify critical remote vulnerabilities | High | Source |
| D-Link DIR-859 - Information Disclosure | CVE-2024-57045 | Identify critical remote vulnerabilities | Critical | Source |
| D-Link DNS-320 - Remote Code Execution | CVE-2019-16057 | Identify critical remote vulnerabilities | Critical | Source |
| D-Link DSL-2750B Devices Command Injection Vulnerability | CVE-2016-20017 | Identify critical remote vulnerabilities | Critical | Source |
| D-Link NAS - Command Injection via Group Parameter | CVE-2024-10915 | Identify critical remote vulnerabilities | High | Source |
| D-Link NAS - Command Injection via Name Parameter | CVE-2024-10914 | Identify critical remote vulnerabilities | High | Source |
| D-Link NAS `sc_mgr.cgi` - Remote Code Execution | Identify critical remote vulnerabilities | Critical | Source | |
| D-Link Network Attached Storage - Backdoor Account | CVE-2024-3272 | Identify critical remote vulnerabilities | Critical | Source |
| D-Link Network Attached Storage - Command Injection and Backdoor Account | CVE-2024-3273 | Identify critical remote vulnerabilities | Critical | Source |
| D-Link Routers - Remote Code Execution | CVE-2019-16920 | Identify critical remote vulnerabilities | Critical | Source |
| DATAGERRY - Improper Access Control | CVE-2024-50967 | Identify critical remote vulnerabilities | Medium | Source |
| DATAGERRY - REST API Auth Bypass | CVE-2024-46627 | Identify critical remote vulnerabilities | Critical | Source |
| DELL iDRAC9 - Default Login | Identify default logins in web-based control panels | High | Source | |
| DPLUS Dashboard Panel - Detect | Identify web-based control panels | Info | Source | |
| DQS Superadmin Login Panel - Detect | Identify web-based control panels | Info | Source | |
| DVWA - Default Login | Identify default logins in web-based control panels | Critical | Source | |
| Dahua IPC/VTH/VTO - Authentication Bypass | CVE-2021-33045 | Identify critical remote vulnerabilities | Critical | Source |
| Dahua IPC/VTH/VTO - Authentication Bypass | CVE-2021-33044 | Identify critical remote vulnerabilities | Critical | Source |
| Dahua Web Service Panel - Detect | Identify web-based control panels | Info | Source | |
| Danswer - Insecure Direct Object Reference | CVE-2024-9617 | Identify critical remote vulnerabilities | Medium | Source |
| Dapr Dashboard 0.1.0-0.10.0 - Improper Access Control | CVE-2022-38817 | Identify critical remote vulnerabilities | High | Source |
| Darktrace Threat Visualizer Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Dashy Panel - Detect | Identify web-based control panels | Info | Source | |
| Dassault Systèmes DELMIA Apriso (up to 2025) - Insecure Deserialization | CVE-2025-5086 | Identify critical remote vulnerabilities | Critical | Source |
| DataEase <= 2.4.1 - Sensitive Information Exposure | CVE-2024-30269 | Identify critical remote vulnerabilities | Medium | Source |
| DataEase v2.10.2 - JWT Signature Verification Bypass | CVE-2024-47073 | Identify critical remote vulnerabilities | Critical | Source |
| DataHub Metadata Default Credentials | Identify default logins in web-based control panels | High | Source | |
| DataTaker DT80 dEX 1.50.012 - Information Disclosure | CVE-2017-11165 | Identify critical remote vulnerabilities | Critical | Source |
| Datadog Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Dataease - Login Panel | Identify web-based control panels | Info | Source | |
| Dataease Default Credentials | Identify default logins in web-based control panels | High | Source | |
| Datagerry Default Credentials | Identify default logins in web-based control panels | High | Source | |
| Datagerry Panel - Detect | Identify web-based control panels | Info | Source | |
| Dataiku Default Credentials | Identify default logins in web-based control panels | High | Source | |
| Dataiku Panel - Detect | Identify web-based control panels | Info | Source | |
| Davantis Video Analytics Panel - Detect | Identify web-based control panels | Info | Source | |
| DaybydayCRM Login Panel - Detect | Identify web-based control panels | Info | Source | |
| DbGate Web Client Management - Panel Detect | Identify web-based control panels | Info | Source | |
| Debug Endpoint pprof - Exposure Detection | CVE-2019-11248 | Identify critical remote vulnerabilities | High | Source |
| Dede CMS - SQL Injection | Identify critical remote vulnerabilities | Critical | Source | |
| DedeCMS 5.7 - SQL Injection | CVE-2017-17731 | Identify critical remote vulnerabilities | Critical | Source |
| DedeCMS 5.7.87 - Directory Traversal | CVE-2023-2059 | Identify critical remote vulnerabilities | Medium | Source |
| DedeCMS 5.7SP2 - Cross-Site Request Forgery/Remote Code Execution | CVE-2018-7700 | Identify critical remote vulnerabilities | High | Source |
| DefectDojo Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Defender Security < 4.1.0 - Protection Bypass (Hidden Login Page) | CVE-2023-5089 | Identify critical remote vulnerabilities | Medium | Source |
| Dell BMC Panel - Detect | Identify web-based control panels | Info | Source | |
| Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager - Invalid Access Control | CVE-2018-1217 | Identify critical remote vulnerabilities | Critical | Source |
| Dell IDRAC Panel - Detect | Identify web-based control panels | Info | Source | |
| Dell Laser Printer - Unauthenticated Detect | http-iot | High | Source | |
| Dell OpenManage Switch Administrator Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Dell Remote Web Access Panel - Detect | Identify web-based control panels | Info | Source | |
| Dell iDRAC6/7/8 - Default Login | Identify default logins in web-based control panels | High | Source | |
| Delta Controls Admin Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Deluge - Default Login | Identify default logins in web-based control panels | High | Source | |
| Deluge WebUI Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Dependency-Track Login - Panel | Identify web-based control panels | Info | Source | |
| Dericam Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Desktop Portal VMware Horizon DaaS Trade Platform | Identify web-based control panels | Info | Source | |
| DevDojo Voyager - Default login | Identify default logins in web-based control panels | High | Source | |
| DevDojo Voyager <=1.8.0 - Arbitrary File Read | CVE-2024-55415 | Identify critical remote vulnerabilities | Medium | Source |
| Devika - Local File Inclusion | CVE-2024-5334 | Identify critical remote vulnerabilities | High | Source |
| Devika v1 - Path Traversal | CVE-2024-40422 | Identify critical remote vulnerabilities | Critical | Source |
| Dex Authentication - Panel | Identify web-based control panels | Info | Source | |
| Dialogic XMS Admin Console - Default Login | Identify default logins in web-based control panels | High | Source | |
| Dialogic XMS Admin Console - Detect | Identify web-based control panels | Info | Source | |
| Diced Zipline - Detect | Identify web-based control panels | Info | Source | |
| Dify - User Enumeration via "Account not found" Message | CVE-2025-11750 | Identify critical remote vulnerabilities | Medium | Source |
| Dify v1.9.1 - Broken Access Control | CVE-2025-63387 | Identify critical remote vulnerabilities | Medium | Source |
| Digital Watchdog - Default Login | Identify default logins in web-based control panels | High | Source | |
| Digital Watchdog - Detect | Identify web-based control panels | Info | Source | |
| Digital Watchdog DW Spectrum Server 4.2.0.32842 - Information Disclosure | CVE-2022-34534 | Identify critical remote vulnerabilities | High | Source |
| DirectAdmin Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Directum Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Discuz Panel - Detection | Identify web-based control panels | Info | Source | |
| Django QuerySet.order_by - SQL Injection | CVE-2021-35042 | Identify critical remote vulnerabilities | Critical | Source |
| Django SQL Injection | CVE-2020-9402 | Identify critical remote vulnerabilities | High | Source |
| Docassemble - Local File Inclusion | CVE-2024-27292 | Identify critical remote vulnerabilities | High | Source |
| Docebo eLearning Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Dockge Panel - Detect | Identify web-based control panels | Info | Source | |
| DocuWare - Detect | Identify web-based control panels | Info | Source | |
| Docusaurus Gists Plugin < 4.0.0 - GitHub Personal Access Token Exposure | CVE-2025-53624 | Identify critical remote vulnerabilities | High | Source |
| Dokuwiki Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Dolibarr Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Dolibarr Unauthenticated Contacts Database Theft | CVE-2023-33568 | Identify critical remote vulnerabilities | High | Source |
| Doris Panel - Detect | Identify web-based control panels | Info | Source | |
| Dotclear Admin Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Dradis Professional Edition Login Panel - Detect | Identify web-based control panels | Info | Source | |
| DragonFly Login - Panel | Identify web-based control panels | Info | Source | |
| Dragonfly - Default Login | Identify default logins in web-based control panels | High | Source | |
| DrayTek - Remote Code Execution | CVE-2020-8515 | Identify critical remote vulnerabilities | Critical | Source |
| DrayTek Vigor - Command Injection | CVE-2020-15415 | Identify critical remote vulnerabilities | Critical | Source |
| Draytek VigorConnect 1.6.0-B - Local File Inclusion | CVE-2021-20123 | Identify critical remote vulnerabilities | High | Source |
| Draytek VigorConnect 6.0-B3 - Local File Inclusion | CVE-2021-20124 | Identify critical remote vulnerabilities | High | Source |
| Drone CI Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Drupal - Remote Code Execution | CVE-2019-6340 | Identify critical remote vulnerabilities | High | Source |
| Duomi CMS - SQL Injection | Identify critical remote vulnerabilities | Critical | Source | |
| Dynatrace Login Panel - Detect | Identify web-based control panels | Info | Source | |
| DzzOffice Installation Panel - Detect | Identify web-based control panels | High | Source | |
| DzzOffice Login Panel - Detect | Identify web-based control panels | Info | Source | |
| E-mobile Panel - Detect | Identify web-based control panels | Info | Source | |
| EMQX Login Panel - Detect | Identify web-based control panels | Info | Source | |
| EOS HTTP Browser | Identify web-based control panels | Medium | Source | |
| ERPNext - Default Login | Identify default logins in web-based control panels | High | Source | |
| ESPHome - Authentication Bypass | CVE-2025-57808 | Identify critical remote vulnerabilities | High | Source |
| ESPHome Login Panel - Detect | Identify web-based control panels | Info | Source | |
| ESXi System Login Panel - Detect | Identify web-based control panels | Info | Source | |
| ETQ Reliance - Reflected XSS via SQLConverterServlet | CVE-2025-34141 | Identify critical remote vulnerabilities | Medium | Source |
| EVSE Web Interface Panel - Detection | Identify web-based control panels | Info | Source | |
| EVlink City < R8 V3.4.0.1 - Authentication Bypass | CVE-2021-22707 | Identify critical remote vulnerabilities | Critical | Source |
| EVlink Local Controller - Detection | Identify web-based control panels | Info | Source | |
| EWM Manager Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Eagle For Apache Kakfa Login - Detect | Identify web-based control panels | Info | Source | |
| EasyCVR video management - Users Information Exposure | Identify critical remote vulnerabilities | High | Source | |
| EasyJOB Login Panel - Detect | Identify web-based control panels | Info | Source | |
| EasyReport - Default Login | Identify default logins in web-based control panels | High | Source | |
| EasyVista Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Eclipse BIRT Panel - Detect | Identify web-based control panels | Info | Source | |
| Eclipse Jetty - Directory Listing Enabled | Identify critical remote vulnerabilities | Low | Source | |
| Edito CMS - Sensitive Data Leak | CVE-2024-4836 | Identify critical remote vulnerabilities | High | Source |
| EfroTech Timetrax v8.3 - Sql Injection | Identify critical remote vulnerabilities | High | Source | |
| Eko Charger Management Console Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Eko Software Update Panel - Detect | Identify web-based control panels | Info | Source | |
| EkoAPI Admin Panel - Detect | Identify web-based control panels | Info | Source | |
| Ektron CMS Login Panel - Detect | Identify web-based control panels | Info | Source | |
| ElasticSearch - Default Login | Identify default logins in web-based control panels | High | Source | |
| Elber ESE DVB-S/S2 - Authentication Bypass | CVE-2025-0674 | Identify critical remote vulnerabilities | Critical | Source |
| Electrolink FM/DAB/TV Transmitter - Credentials Disclosure | CVE-2025-28228 | Identify critical remote vulnerabilities | High | Source |
| Elemiz Network Manager Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Elestio Memos <= v0.24.0 - Server-Side Request Forgery | CVE-2025-22952 | Identify critical remote vulnerabilities | Critical | Source |
| Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via Hash | CVE-2024-4295 | Identify critical remote vulnerabilities | Critical | Source |
| Emby Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Emby Server - Authentication Bypass | CVE-2023-33193 | Identify critical remote vulnerabilities | Critical | Source |
| Emerson Network Power IntelliSlot Web Card Panel - Detect | Identify web-based control panels | Info | Source | |
| Emqx - Default Login | Identify default logins in web-based control panels | High | Source | |
| Enablix Panel - Detect | Identify web-based control panels | Info | Source | |
| Endpoint Protector Login Panel - Detect | Identify web-based control panels | Info | Source | |
| EnjoyRMIS - SQL Injection | Identify critical remote vulnerabilities | High | Source | |
| Episerver Login Panel | Identify web-based control panels | Info | Source | |
| Error Log Viewer By WP Guru <= 1.0.1.3 - Missing Authorization to Arbitrary File Read | CVE-2024-12849 | Identify critical remote vulnerabilities | High | Source |
| Esafenet CDG NetSecConfigAjax - Sql Injection | Identify critical remote vulnerabilities | High | Source | |
| Esafenet CDG NoticeAjax - Sql Injection | Identify critical remote vulnerabilities | High | Source | |
| Eset Protect Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Eslint Ignore File Exposure | Identify critical remote vulnerabilities | Low | Source | |
| Espec Web Controller - Panel | Identify web-based control panels | Info | Source | |
| Essential Blocks < 4.4.3 - Local File Inclusion | CVE-2023-6623 | Identify critical remote vulnerabilities | Critical | Source |
| EuroTel ETL3100 - Default Login | Identify default logins in web-based control panels | High | Source | |
| EventON (Free < 2.2.8, Premium < 4.5.5) - Information Disclosure | CVE-2024-0235 | Identify critical remote vulnerabilities | Medium | Source |
| EventON <= 2.1 - Missing Authorization | CVE-2023-2796 | Identify critical remote vulnerabilities | Medium | Source |
| EventON Lite < 2.1.2 - Arbitrary File Download | CVE-2023-3219 | Identify critical remote vulnerabilities | Medium | Source |
| Eventum Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Evertz SDVN 3080ipx-10G - Unauthenticated Arbitrary Command Injection | CVE-2025-4009 | Identify critical remote vulnerabilities | Critical | Source |
| ExaGrid Manager Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Exchange Server - Remote Code Execution | CVE-2021-34473 | Identify critical remote vulnerabilities | Critical | Source |
| Exolis Engage Panel - Detect | Identify web-based control panels | Info | Source | |
| Extensive VC Addons for WPBakery page builder < 1.9.1 - Unauthenticated RCE | CVE-2023-0159 | Identify critical remote vulnerabilities | High | Source |
| Extreme NetConfig UI Panel - Detect | Identify web-based control panels | Info | Source | |
| EyesOfNetwork - Hardcoded API Key | CVE-2020-8657 | Identify critical remote vulnerabilities | Critical | Source |
| EyesOfNetwork - Hardcoded API Key & SQL Injection | CVE-2020-8656 | Identify critical remote vulnerabilities | Critical | Source |
| EyouCms v1.6.3 - Information Disclosure | CVE-2023-37645 | Identify critical remote vulnerabilities | Medium | Source |
| F-Secure Policy Manager Server Login Panel - Detect | Identify web-based control panels | Info | Source | |
| F-logic DataCube3 - SQL Injection | CVE-2024-31750 | Identify critical remote vulnerabilities | Critical | Source |
| F5 Admin Interface - Detect | Identify web-based control panels | Info | Source | |
| F5 BIG-IP TMUI - Remote Code Execution | CVE-2020-5902 | Identify critical remote vulnerabilities | Critical | Source |
| F5 BIG-IP iControl - REST Auth Bypass RCE | CVE-2022-1388 | Identify critical remote vulnerabilities | Critical | Source |
| F5 BIG-IP iControl REST Panel - Detect | Identify web-based control panels | Info | Source | |
| F5 iControl REST - Remote Command Execution | CVE-2021-22986 | Identify critical remote vulnerabilities | Critical | Source |
| FASTPANEL Login Panel - Detect | Identify web-based control panels | Info | Source | |
| FOG Project < 1.5.10.34 - Remote Command Execution | CVE-2024-39914 | Identify critical remote vulnerabilities | Critical | Source |
| FOSSBilling Panel - Detect | Identify web-based control panels | Info | Source | |
| FREEDOM Administration - Default Login | Identify critical remote vulnerabilities | Critical | Source | |
| FUEL CMS 1.4.1 - Remote Code Execution | CVE-2018-16763 | Identify critical remote vulnerabilities | Critical | Source |
| Falcosidekick UI Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Faraday Login Panel - Detect | Identify web-based control panels | Info | Source | |
| FastAdmin < V1.3.4.20220530 - Path Traversal | CVE-2024-7928 | Identify critical remote vulnerabilities | Medium | Source |
| FastCGI Test Page | Identify web-based control panels | Info | Source | |
| Fastify Swagger-UI - Information Disclosure | CVE-2024-22207 | Identify critical remote vulnerabilities | Medium | Source |
| Feiyuxing Enterprise-Level Management System - Default Login | Identify default logins in web-based control panels | High | Source | |
| Femtocell Access Point Panel - Detect | Identify web-based control panels | Info | Source | |
| Fides Privacy Center ≤ 2.39.1 - Server-Side URL Disclosure | CVE-2024-31223 | Identify critical remote vulnerabilities | Medium | Source |
| File Browser Login Panel - Detect | Identify web-based control panels | Info | Source | |
| FileCatalyst File Transfer Solution - Detect | Identify web-based control panels | Info | Source | |
| FileGator Panel - Detect | Identify web-based control panels | Info | Source | |
| FileMage Gateway - Directory Traversal | CVE-2023-39026 | Identify critical remote vulnerabilities | High | Source |
| Filegator - Default Login | Identify default logins in web-based control panels | High | Source | |
| Financial Transaction Manager Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Fireware XTM Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Flahscookie Superadmin Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Flatpress < 1.3 - Path Traversal | CVE-2023-0947 | Identify critical remote vulnerabilities | Critical | Source |
| FleetCart 4.1.1 - Information Disclosure | CVE-2024-5230 | Identify critical remote vulnerabilities | Medium | Source |
| Flexible Checkout Fields for WooCommerce <= 2.3.1 - Unauthenticated Arbitrary Plugin Settings Update | CVE-2020-36731 | Identify critical remote vulnerabilities | High | Source |
| FlightPath Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Flock Safety Camera Admin Panel - Detect | http-iot | Info | Source | |
| Flowise 1.6.5 - Authentication Bypass | Identify critical remote vulnerabilities | High | Source | |
| Flowise <= 1.8.2 Authentication Bypass | CVE-2024-8181 | Identify critical remote vulnerabilities | Critical | Source |
| FlureeDB Admin Console Login Panel - Detect | Identify web-based control panels | Info | Source | |
| FootPrints Service Core Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Forcepoint Appliance | Identify web-based control panels | Info | Source | |
| ForgeRock OpenAM <7.0 - Remote Code Execution | CVE-2021-35464 | Identify critical remote vulnerabilities | Critical | Source |
| Fork CMS - Installer | Identify critical remote vulnerabilities | Critical | Source | |
| Form-Maker < 1.15.20 - Unauthenticated Arbitrary File Upload | CVE-2023-4666 | Identify critical remote vulnerabilities | Critical | Source |
| Formidable Forms < 2.05.02 - Cross-Site Scripting | CVE-2017-20192 | Identify critical remote vulnerabilities | Medium | Source |
| FortiADC Login Panel - Detect | Identify web-based control panels | Info | Source | |
| FortiAP Login Panel - Detect | Identify web-based control panels | Info | Source | |
| FortiAuthenticator - Detect | Identify web-based control panels | Info | Source | |
| FortiClient Endpoint Management Server Panel - Detect | Identify web-based control panels | Info | Source | |
| FortiOS Admin Login Panel - Detect | Identify web-based control panels | Info | Source | |
| FortiRecorder Panel - Detect | Identify web-based control panels | Info | Source | |
| FortiWLM - Directory Traversal | CVE-2023-34990 | Identify critical remote vulnerabilities | Critical | Source |
| Fortinet FortiDDoS Panel | Identify web-based control panels | Info | Source | |
| Fortinet FortiMail Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Fortinet FortiNAC Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Fortinet FortiOS - Credentials Disclosure | CVE-2018-13379 | Identify critical remote vulnerabilities | Critical | Source |
| Fortinet FortiOS Management Interface Panel - Detect | Identify web-based control panels | Info | Source | |
| Fortinet FortiTester Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Fortinet FortiWLM Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Fortinet FortiWeb - SQL Injection | CVE-2025-25257 | Identify critical remote vulnerabilities | Critical | Source |
| Fortinet FortiWeb Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Fortinet Forticlient Endpoint Management Server - SQL Injection | CVE-2023-48788 | Identify critical remote vulnerabilities | Critical | Source |
| Fortinet Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Fortra GoAnywhere MFT - Authentication Bypass | CVE-2024-0204 | Identify critical remote vulnerabilities | Critical | Source |
| FoxCMS v.1.2.5 - Remote Code Execution | CVE-2025-29306 | Identify critical remote vulnerabilities | Critical | Source |
| Frappe Helpdesk Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Frappe Panel - Detect | Identify web-based control panels | Info | Source | |
| Free5gc 3.2.1 - Information Disclosure | CVE-2022-38870 | Identify critical remote vulnerabilities | High | Source |
| FreeIPA Identity Management Login Panel - Detect | Identify web-based control panels | Info | Source | |
| FreePBX - CVE-2025-57819 Backdoor | Identify critical remote vulnerabilities | High | Source | |
| FreePBX Admin Panel - Detect | Identify web-based control panels | Info | Source | |
| Freshrss Panel - Detect | Identify web-based control panels | Info | Source | |
| Friendica Panel - Detect | Identify web-based control panels | Info | Source | |
| Froxlor Server Management Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Fuel CMS 1.4.7 - SQL Injection | CVE-2020-17463 | Identify critical remote vulnerabilities | Critical | Source |
| Fuel CMS Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Fuji Xerox Printer Panel - Detect | Identify web-based control panels | Info | Source | |
| Fujian Kelixin Communication - Command Injection | CVE-2024-2621 | Identify critical remote vulnerabilities | Medium | Source |
| Fumasoft Cloud - SQL Injection | Identify critical remote vulnerabilities | Critical | Source | |
| Fumeng - SQL Injection | Identify critical remote vulnerabilities | Critical | Source | |
| FusionAuth Admin Panel - Detect | Identify web-based control panels | Info | Source | |
| GL.iNET SSID Key Disclosure | CVE-2023-31478 | Identify critical remote vulnerabilities | High | Source |
| GLPI 9.2/<9.5.6 - Information Disclosure | CVE-2021-39211 | Identify critical remote vulnerabilities | Medium | Source |
| GLPI < 10.0.17 - Pre-Auth SQL Injection | CVE-2025-24799 | Identify critical remote vulnerabilities | High | Source |
| GLPI <=10.0.2 - Remote Command Execution | CVE-2022-35914 | Identify critical remote vulnerabilities | Critical | Source |
| GLPI Panel - Detect | Identify web-based control panels | Info | Source | |
| GNU Mailman Panel - Detect | Identify web-based control panels | Info | Source | |
| GXD5 Pacs Connexion Login Panel - Detect | Identify web-based control panels | Info | Source | |
| GYRA Master Admin Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Gargoyle Router Management Utility Admin Login Panel - Detect | Identify web-based control panels | Info | Source | |
| GenieACS => 1.2.8 - OS Command Injection | CVE-2021-46704 | Identify critical remote vulnerabilities | Critical | Source |
| GeoServer - Missing Authorization on REST API Index | CVE-2025-27505 | Identify critical remote vulnerabilities | Medium | Source |
| GeoServer - XML External Entity Injection | CVE-2025-58360 | Identify critical remote vulnerabilities | High | Source |
| GeoServer <1.2.2 - Remote Code Execution | CVE-2022-24816 | Identify critical remote vulnerabilities | Critical | Source |
| GeoServer Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Geoserver Admin - Default Login | Identify default logins in web-based control panels | High | Source | |
| Gibbon v25.0.0 - Local File Inclusion | CVE-2023-34598 | Identify critical remote vulnerabilities | Critical | Source |
| Gira HomeServer 4 Login Panel - Detect | Identify web-based control panels | Info | Source | |
| GitHub Enterprise - Encrypted SAML | Identify web-based control panels | Info | Source | |
| GitLab CE/EE - Remote Code Execution | CVE-2021-22205 | Identify critical remote vulnerabilities | Critical | Source |
| GitLab GraphQL API User Enumeration | CVE-2021-4191 | Identify critical remote vulnerabilities | Medium | Source |
| GitLab Instance Explore - Detect | Identify web-based control panels | Info | Source | |
| Gitblit - Default Login | Identify default logins in web-based control panels | High | Source | |
| Gitblit Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Gitea 1.4.0 - Remote Code Execution | Identify critical remote vulnerabilities | Critical | Source | |
| Gitea Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Github Enterprise Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Gitlab CE/EE 13.4 - 13.6.2 - Information Disclosure | CVE-2020-26413 | Identify critical remote vulnerabilities | Medium | Source |
| Gitlab Default Login | Identify default logins in web-based control panels | High | Source | |
| Gitlab Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Gitlab SAML - Detection | Identify web-based control panels | Info | Source | |
| Gladinet CentreStack & TrioFox - Local File Inclusion | CVE-2025-11371 | Identify critical remote vulnerabilities | Medium | Source |
| Gladinet CentreStack & Triofox - Hardcoded Credentials | CVE-2025-14611 | Identify critical remote vulnerabilities | Critical | Source |
| Gladinet CentreStack < 16.4.10315.56368 Use of Hard-coded Key Leads to Unauthenticated RCE | CVE-2025-30406 | Identify critical remote vulnerabilities | Critical | Source |
| Glimpse Diagnostics - Sensitive Data Exposure | Identify critical remote vulnerabilities | High | Source | |
| Glowroot - Panel | Identify web-based control panels | Info | Source | |
| GnuBoard5 5.5.16 - Open Redirect | CVE-2024-37656 | Identify critical remote vulnerabilities | Medium | Source |
| Go.Control Event Administration Panel - Detect | Identify web-based control panels | Info | Source | |
| GoAnywhere - Authentication Bypass | CVE-2025-10035 | Identify critical remote vulnerabilities | Critical | Source |
| GoAnywhere Managed File Transfer Login Panel - Detect | Identify web-based control panels | Info | Source | |
| GoCD Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Gogs (Go Git Service) - SQL Injection | CVE-2014-8682 | Identify critical remote vulnerabilities | High | Source |
| Gogs (Go Git Service) 0.11.66 - Remote Code Execution | CVE-2018-18925 | Identify critical remote vulnerabilities | Critical | Source |
| Gogs Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Google Earth Enterprise - Default Login | Identify default logins in web-based control panels | High | Source | |
| Gophish Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Gotify Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Gradio - Local File Inclusion | Identify critical remote vulnerabilities | Critical | Source | |
| Gradle Develocity Build Cache Node Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Gradle Enterprise Build Cache Node Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Grafana & Zabbix Integration - Credentials Disclosure | CVE-2022-26148 | Identify critical remote vulnerabilities | Critical | Source |
| Grafana - Default Login | Identify default logins in web-based control panels | High | Source | |
| Grafana - Exposes DingDing API Keys | Identify critical remote vulnerabilities | Medium | Source | |
| Grafana Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Grafana Snapshot - Authentication Bypass | CVE-2021-39226 | Identify critical remote vulnerabilities | High | Source |
| Grafana v8.x - Arbitrary File Read | CVE-2021-43798 | Identify critical remote vulnerabilities | High | Source |
| Grandstream Networks UCM6200 Series SQL Injection Vulnerability | CVE-2020-5722 | Identify critical remote vulnerabilities | Critical | Source |
| Graphite Browser Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Graylog Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Greenbone Security Assistant Panel - Detect | Identify web-based control panels | Info | Source | |
| Group-IB Managed XDR Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Gryphon Panel - Detect | Identify web-based control panels | Info | Source | |
| Gurock TestRail Application files.md5 Exposure | CVE-2021-40875 | Identify critical remote vulnerabilities | High | Source |
| H2 Console Web Login Panel - Detect | Identify web-based control panels | Info | Source | |
| H2O ImportFiles - Local File Inclusion | CVE-2023-6038 | Identify critical remote vulnerabilities | High | Source |
| H3C ER8300G2-X - Password Disclosure | CVE-2024-32238 | Identify critical remote vulnerabilities | Critical | Source |
| H3c IMC - Remote Code Execution | Identify critical remote vulnerabilities | Critical | Source | |
| HAL Management Console Panel | Identify web-based control panels | Info | Source | |
| HCL BigFix Login Panel - Detect | Identify web-based control panels | Info | Source | |
| HOOBS Panel - Detect | Identify web-based control panels | Info | Source | |
| HP 1820-8G Switch J9979A - Default Login | Identify default logins in web-based control panels | High | Source | |
| HP Service Manager Login Panel - Detect | Identify web-based control panels | Info | Source | |
| HP Virtual Connect Manager Login Panel - Detect | Identify web-based control panels | Info | Source | |
| HPE OfficeConnect Switch - Panel Detect | Identify web-based control panels | Info | Source | |
| HPE OneView - Panel Detect | Identify web-based control panels | Info | Source | |
| HTTP File Server <2.3c - Remote Command Execution | CVE-2014-6287 | Identify critical remote vulnerabilities | Critical | Source |
| HTTPBin Login Panel - Detect | Identify web-based control panels | Info | Source | |
| HYPERPLANNING Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Haivision Gateway Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Haivision Media Platform Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Hangfire Dashboard Panel - Detect | Identify web-based control panels | Info | Source | |
| Harbor Login Panel - Detect | Identify web-based control panels | Info | Source | |
| HashiCorp Consul Web UI Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Hashicorp Consul Agent - Detect | Identify web-based control panels | Info | Source | |
| Hestia Control Panel Login - Detect | Identify web-based control panels | Info | Source | |
| Hide My WP Ghost < 5.2.02 - Hidden Login Page Disclosure | CVE-2024-6420 | Identify critical remote vulnerabilities | High | Source |
| HighMail Admin Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Hikvision IP ping.php - Command Execution | CVE-2023-6895 | Identify critical remote vulnerabilities | Medium | Source |
| Hitachi Pentaho Business Analytics Server - Bypass Authorization | CVE-2022-43939 | Identify critical remote vulnerabilities | High | Source |
| HiveManager Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Home Assistant Panel | Identify web-based control panels | Info | Source | |
| Home Assistant Supervisor - Authentication Bypass | CVE-2023-27482 | Identify critical remote vulnerabilities | Critical | Source |
| Homebridge Panel - Detect | Identify web-based control panels | Info | Source | |
| Homematic Panel - Detect | Identify web-based control panels | Info | Source | |
| Homer Panel - Detect | Identify web-based control panels | Info | Source | |
| Honeywell Excel Web Control Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Honeywell PM43 Printers - Command Injection | CVE-2023-3710 | Identify critical remote vulnerabilities | Critical | Source |
| Hongjing e-HR 2020 - SQL Injection | CVE-2023-6655 | Identify critical remote vulnerabilities | High | Source |
| Hookbot Rat Panel - Detect | Identify web-based control panels | Info | Source | |
| Horde Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Horde Webmail Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Hospital Management System 1.0 - SQL Injection | CVE-2022-34590 | Identify critical remote vulnerabilities | High | Source |
| Hospital Management System 1.0 - SQL Injection | CVE-2022-32094 | Identify critical remote vulnerabilities | Critical | Source |
| Hospital Management System 1.0 - SQL Injection | CVE-2022-38637 | Identify critical remote vulnerabilities | Critical | Source |
| Hospital Management System Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Hotel Booking Lite < 4.8.5 - Arbitrary File Download & Deletion | CVE-2023-5991 | Identify critical remote vulnerabilities | Critical | Source |
| Hoteldruid v3.0.5 - SQL Injection | CVE-2023-43374 | Identify critical remote vulnerabilities | Critical | Source |
| HuangDou UTCMS V9 - OS Command Injection | CVE-2024-9916 | Identify critical remote vulnerabilities | High | Source |
| Huawei HG532e - Default Credential | Identify default logins in web-based control panels | High | Source | |
| Huawei HG532e Router Panel - Detect | Identify web-based control panels | Info | Source | |
| Huawei HoloSens SDC - Panel | Identify web-based control panels | Info | Source | |
| Huginn Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Huly Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Hybris - Default Login | Identify default logins in web-based control panels | High | Source | |
| Hybris Administration Console Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Hybris Management Console Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Hydra Router Dashboard - Detect | Identify web-based control panels | Info | Source | |
| HyperDX Panel - Detect | Identify web-based control panels | Info | Source | |
| HyperTest Common Dashboard - Detect | Identify web-based control panels | Info | Source | |
| Hytec Inter HWL-2511-SS - Remote Command Execution | CVE-2022-36553 | Identify critical remote vulnerabilities | Critical | Source |
| IBM Advanced System Management Panel - Detect | Identify web-based control panels | Info | Source | |
| IBM BigFix Platform - Information Disclosure | CVE-2019-4061 | Identify critical remote vulnerabilities | Medium | Source |
| IBM Data Risk Manager - Authentication Bypass via SAML | CVE-2020-4427 | Identify critical remote vulnerabilities | Critical | Source |
| IBM Decision Center Business Console - Default Login | Identify default logins in web-based control panels | High | Source | |
| IBM Decision Center Enterprise Console - Default Login | Identify default logins in web-based control panels | High | Source | |
| IBM Decision Center Enterprise Console - Panel Detection | Identify web-based control panels | Info | Source | |
| IBM Decision Server Console - Default Login | Identify default logins in web-based control panels | High | Source | |
| IBM Decision Server Console Panel - Detect | Identify web-based control panels | Info | Source | |
| IBM Maximo Login Panel - Detect | Identify web-based control panels | Info | Source | |
| IBM OpenAdmin Tool - Panel | Identify web-based control panels | Info | Source | |
| IBM Operational Decision Manager Panel - Detect | Identify web-based control panels | Info | Source | |
| IBM Planning Analytics - Authentication Bypass & Remote Code Execution Version Detection | CVE-2019-4716 | Identify critical remote vulnerabilities | Critical | Source |
| IBM Power HMC - Default Login | Identify default logins in web-based control panels | High | Source | |
| IBM Security Access Manager Login Panel - Detect | Identify web-based control panels | Info | Source | |
| IBM Security Verify Access Login - Panel | Identify web-based control panels | Info | Source | |
| IBM Service Assistant Login Panel - Detect | Identify web-based control panels | Info | Source | |
| IBM WebSphere Application Server Community Edition Admin Login Panel - Detect | Identify web-based control panels | Info | Source | |
| IBM WebSphere Portal Login Panel - Detect | Identify web-based control panels | Info | Source | |
| IBM iNotes Login Panel - Detect | Identify web-based control panels | Info | Source | |
| ICC PRO Login Panel - Detect | Identify web-based control panels | Info | Source | |
| ICE HRM Login - Detect | Identify web-based control panels | Info | Source | |
| ICT Protege WX Login Panel - Detect | Identify web-based control panels | Info | Source | |
| ICTBroadcast Login Panel - Detect | Identify web-based control panels | Info | Source | |
| IDEMIA BIOMetrics - Default Login | Identify default logins in web-based control panels | Medium | Source | |
| ILIAS Login Panel - Detect | Identify web-based control panels | Info | Source | |
| INTELBRAS TELEFONE IP TIP200 60.61.75.22 - Local File Inclusion | CVE-2020-24285 | Identify critical remote vulnerabilities | High | Source |
| IPS Community Suite - Unauthenticated SQL Injection | CVE-2024-30163 | Identify critical remote vulnerabilities | Critical | Source |
| IPdiva Mediation Login Panel - Detect | Identify web-based control panels | Info | Source | |
| IPeakCMS 3.5 - SQL Injection | CVE-2021-3018 | Identify critical remote vulnerabilities | Critical | Source |
| IRISNext Login Panel - Detect | Identify web-based control panels | Info | Source | |
| ISPConfig Admin Panel - Default Login | Identify default logins in web-based control panels | High | Source | |
| ISPConfig Hosting Control Panel - Default Login | Identify default logins in web-based control panels | High | Source | |
| IceWarp Email Client - Cross Site Scripting | CVE-2023-39598 | Identify critical remote vulnerabilities | Medium | Source |
| IceWarp Login Panel - Detect | Identify web-based control panels | Info | Source | |
| IceWarp WebClient - Remote Code Execution | Identify critical remote vulnerabilities | Critical | Source | |
| IceWarp Webmail Server v10.2.1 - Cross Site Scripting | CVE-2023-37728 | Identify critical remote vulnerabilities | Medium | Source |
| Icinga Exposed Dashboard | Identify critical remote vulnerabilities | Medium | Source | |
| Icinga Web 2 Login Panel - Detect | Identify web-based control panels | Info | Source | |
| IdeaCMS <= 1.7 - SQL Injection | CVE-2025-5569 | Identify critical remote vulnerabilities | Medium | Source |
| Ilch CMS Admin Login Panel - Detect | Identify web-based control panels | Info | Source | |
| ImageResizer Debug - Information Exposure | Identify critical remote vulnerabilities | Low | Source | |
| Immich Panel - Detect | Identify web-based control panels | Info | Source | |
| ImpressCMS < 1.4.3 - SQL Injection | CVE-2021-26599 | Identify critical remote vulnerabilities | Critical | Source |
| ImpressCMS <1.4.3 - Incorrect Authorization | CVE-2021-26598 | Identify critical remote vulnerabilities | Medium | Source |
| InduSoft Web Studio NTWebServer Directory Traversal Vulnerability | CVE-2014-0780 | Identify critical remote vulnerabilities | Critical | Source |
| InfluxDB <1.7.6 - Authentication Bypass | CVE-2019-20933 | Identify critical remote vulnerabilities | Critical | Source |
| InfluxDB Admin Interface Panel - Detect | Identify web-based control panels | Info | Source | |
| Infoblox NIOS Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Inspur Clusterengine 4 - Default Admin Login | Identify default logins in web-based control panels | High | Source | |
| Inspur Clusterengine V4 SYSshell - Remote Command Execution | CVE-2020-21224 | Identify critical remote vulnerabilities | Critical | Source |
| InstaWP Connect < 0.1.0.86 - Local PHP File Inclusion | CVE-2025-2636 | Identify critical remote vulnerabilities | Critical | Source |
| Integrate Google Drive <= 1.5.3 - Information Disclosure | CVE-2025-12139 | Identify critical remote vulnerabilities | High | Source |
| Integrated Management Module - Default Login | Identify default logins in web-based control panels | High | Source | |
| Intel Active Management - Authentication Bypass | CVE-2017-5689 | Identify critical remote vulnerabilities | Critical | Source |
| Intelbras NPLUG 1.0.0.14 - Authentication Bypass | CVE-2018-12455 | Identify critical remote vulnerabilities | High | Source |
| Intelbras Router Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Intelbras Router Panel - Detect | Identify web-based control panels | Info | Source | |
| Intelbras Switch - Information Disclosure | CVE-2023-36144 | Identify critical remote vulnerabilities | High | Source |
| Intelbras WRN 150 - Authentication Bypass | CVE-2017-14942 | Identify critical remote vulnerabilities | Critical | Source |
| Intellian Aptus Web Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Internet Multi Server Control Panel - Detect | Identify web-based control panels | Info | Source | |
| Invision Community <=5.0.6 Unauthenticated RCE via Template Injection | CVE-2025-47916 | Identify critical remote vulnerabilities | Critical | Source |
| Issabel Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Issabel PBX 4.0.0-6 - Directory Listing | CVE-2023-37599 | Identify critical remote vulnerabilities | High | Source |
| Ivanti Cloud Services Appliance - Path Traversal | CVE-2024-8963 | Identify critical remote vulnerabilities | Critical | Source |
| Ivanti Connect Secure - Stack-based Buffer Overflow | CVE-2025-0282 | Identify critical remote vulnerabilities | Critical | Source |
| Ivanti Connect Secure Panel - Detect | Identify web-based control panels | Info | Source | |
| Ivanti EPM Cloud Services Appliance Code Injection | CVE-2021-44529 | Identify critical remote vulnerabilities | Critical | Source |
| Ivanti Endpoint Manager Mobile (EPMM) - Authentication Bypass | CVE-2023-35078 | Identify critical remote vulnerabilities | Critical | Source |
| Ivanti ICS - Authentication Bypass | CVE-2023-46805 | Identify critical remote vulnerabilities | High | Source |
| Ivanti Incapptic Connect Panel - Detect | Identify web-based control panels | Info | Source | |
| Ivanti Traffic Manager Panel - Detect | Identify web-based control panels | Info | Source | |
| Ivanti(R) Cloud Services Appliance - Panel | Identify web-based control panels | Info | Source | |
| JBoss SOA Platform Login Panel - Detect | Identify web-based control panels | Info | Source | |
| JBoss WS JUDDI Console Panel - Detect | Identify web-based control panels | Info | Source | |
| JBoss jBPM Administration Console - Default Login | Identify default logins in web-based control panels | High | Source | |
| JBoss jBPM Administration Console Login Panel - Detect | Identify web-based control panels | Info | Source | |
| JEHC-BPM - Remote Code Execute | CVE-2025-45854 | Identify critical remote vulnerabilities | Critical | Source |
| JFinalCMS v5.0.0 - Directory Traversal | CVE-2023-41599 | Identify critical remote vulnerabilities | Medium | Source |
| JFrog Artifactory Artifacts Exposure | Identify critical remote vulnerabilities | Low | Source | |
| JFrog Artifactory Build - Exposure | Identify critical remote vulnerabilities | Medium | Source | |
| JFrog Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Jalios JCMS Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Jamf MDM Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Jamf Pro Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Jamf Pro Setup Assistant Panel - Detect | Identify web-based control panels | Info | Source | |
| Jan v0.4.12 'readFileSync' - Path Traversal | CVE-2024-36857 | Identify critical remote vulnerabilities | High | Source |
| Jedox Web Login Panel - Detect | Identify web-based control panels | Info | Source | |
| JeePlus CMS - SQL Injection | Identify critical remote vulnerabilities | High | Source | |
| Jeecg Boot <= 2.4.5 - Information Disclosure | CVE-2021-37304 | Identify critical remote vulnerabilities | High | Source |
| Jeecg Boot <= 2.4.5 - Sensitive Information Disclosure | CVE-2021-37305 | Identify critical remote vulnerabilities | High | Source |
| Jeecg P3 Biz Chat - Local File Inclusion | CVE-2023-33510 | Identify critical remote vulnerabilities | High | Source |
| Jeecg-Boot v3.5.1 - SQL Injection | CVE-2023-38992 | Identify critical remote vulnerabilities | Critical | Source |
| Jeecg-boot 3.5.0 qurestSql - SQL Injection | CVE-2023-1454 | Identify critical remote vulnerabilities | Medium | Source |
| JeecgBoot 3.5.0 - SQL Injection | CVE-2023-34659 | Identify critical remote vulnerabilities | Critical | Source |
| JeecgBoot v3.7.1 - SQL Injection | CVE-2024-48307 | Identify critical remote vulnerabilities | Critical | Source |
| Jeedom - Default Login | Identify default logins in web-based control panels | High | Source | |
| Jeedom Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Jellyfin Console - Default Login | Identify default logins in web-based control panels | High | Source | |
| Jellyseerr Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Jenkins - Remote Command Injection | CVE-2018-1000861 | Identify critical remote vulnerabilities | Critical | Source |
| Jenkins API Panel - Detect | Identify web-based control panels | Info | Source | |
| Jenkins Command Line Interface (CLI) Path Traversal Vulnerability | CVE-2024-23897 | Identify critical remote vulnerabilities | Critical | Source |
| Jenkins Default Login | Identify default logins in web-based control panels | High | Source | |
| Jenkins Login Detected | Identify web-based control panels | Info | Source | |
| Jenkins Users - Exposure | Identify critical remote vulnerabilities | Info | Source | |
| JetBrains TeamCity > 2023.11.3 - Authentication Bypass | CVE-2024-23917 | Identify critical remote vulnerabilities | Critical | Source |
| Jinhe OA - SQL Injection | Identify critical remote vulnerabilities | High | Source | |
| Joget Panel - Detect | Identify web-based control panels | Info | Source | |
| Joomla HTTP Header Unauthenticated - Remote Code Execution | CVE-2015-8562 | Identify critical remote vulnerabilities | High | Source |
| Joomla! <3.7.1 - SQL Injection | CVE-2017-8917 | Identify critical remote vulnerabilities | Critical | Source |
| Joomla! Core SQL Injection | CVE-2015-7297 | Identify critical remote vulnerabilities | High | Source |
| Joomla! Panel | Identify web-based control panels | Info | Source | |
| Joomla! Webservice - Password Disclosure | CVE-2023-23752 | Identify critical remote vulnerabilities | Medium | Source |
| JoomlaUX JUX Real Estate 3.4.0 - Reflected XSS | CVE-2025-2127 | Identify critical remote vulnerabilities | Medium | Source |
| Joplin Server Login - Panel | Identify web-based control panels | Info | Source | |
| Jorani 1.0.0 - Remote Code Execution | CVE-2023-26469 | Identify critical remote vulnerabilities | Critical | Source |
| Jorani Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Journyx - XML External Entities Injection (XXE) | CVE-2024-6893 | Identify critical remote vulnerabilities | High | Source |
| Journyx 11.5.4 - Reflected Cross Site Scripting | CVE-2024-6892 | Identify critical remote vulnerabilities | Medium | Source |
| JshERP Boot Panel - Detect | Identify web-based control panels | Info | Source | |
| JumpServer > 3.6.4 - Information Disclosure | CVE-2023-42442 | Identify critical remote vulnerabilities | High | Source |
| JumpServer Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Juniper J-Web - Remote Code Execution | CVE-2023-36845 | Identify critical remote vulnerabilities | Critical | Source |
| Juniper J-Web Panel - Detect | Identify web-based control panels | Info | Source | |
| Jupyter Notebook - Remote Command Execution | Identify critical remote vulnerabilities | High | Source | |
| Jupyter Notebook Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Jupyterhub - Default Login | Identify default logins in web-based control panels | High | Source | |
| JustBoil.me Images Plugin - Exposed Image Upload | Identify critical remote vulnerabilities | Medium | Source | |
| KLog Server - Default Login | Identify default logins in web-based control panels | High | Source | |
| Kanboard - Default Login | Identify default logins in web-based control panels | High | Source | |
| Kanboard Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Kaseya VSA < 9.5.7 - Credential Disclosure via Windows Agent | CVE-2021-30116 | Identify critical remote vulnerabilities | Critical | Source |
| Kasm Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Kavita Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Kentico - Installer Privilege Escalation | CVE-2017-17736 | Identify critical remote vulnerabilities | Critical | Source |
| Kerio Connect Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Kerio Controle Panel - Detect | Identify web-based control panels | Info | Source | |
| Kettle - Default Login | Identify default logins in web-based control panels | Medium | Source | |
| Kettle Panel - Detect | Identify web-based control panels | Info | Source | |
| KeyCloak - Information Exposure | CVE-2020-27838 | Identify critical remote vulnerabilities | Medium | Source |
| Keycloak Admin Console Configuration Disclosure | Identify critical remote vulnerabilities | Low | Source | |
| Keycloak Admin Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Kiali - Detect | Identify web-based control panels | Info | Source | |
| Kibana Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Kibana Timelion - Arbitrary Code Execution | CVE-2019-7609 | Identify critical remote vulnerabilities | Critical | Source |
| Kiteworks PCN Panel - Detect | Identify web-based control panels | Info | Source | |
| KiviCare Clinic & Patient Management System (EHR) <= 3.6.4 - SQL Injection | CVE-2024-11728 | Identify critical remote vulnerabilities | High | Source |
| Kiwi TCMS Information Disclosure | Identify critical remote vulnerabilities | High | Source | |
| Kiwi TCMS Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Koel Panel - Detect | Identify web-based control panels | Info | Source | |
| Kong Manager OSS/Admin - Exposure | Identify web-based control panels | Medium | Source | |
| Kopano WebApp Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Kraken Cluster Monitoring Dashboard - Detect | Identify web-based control panels | Info | Source | |
| Krpano Panorama Viewer - Detection | Identify web-based control panels | Info | Source | |
| KubeOperator Foreground `kubeconfig` - File Download | CVE-2023-22480 | Identify critical remote vulnerabilities | High | Source |
| KubePi <= v1.6.4 LoginLogsSearch - Unauthorized Access | CVE-2023-22478 | Identify critical remote vulnerabilities | High | Source |
| KubeView <=0.1.31 - Information Disclosure | CVE-2022-45933 | Identify critical remote vulnerabilities | Critical | Source |
| KubeView Dashboard - Detect | Identify web-based control panels | Info | Source | |
| Kubernetes API Server - YAML Parsing DoS (Billion Laughs) | CVE-2019-11253 | Identify critical remote vulnerabilities | High | Source |
| Kubernetes Enterprise Manager Panel - Detect | Identify web-based control panels | Info | Source | |
| Kubernetes Local Cluster Web View Panel- Detect | Identify web-based control panels | Medium | Source | |
| Kubio AI Page Builder <= 2.5.1 - Local File Inclusion | CVE-2025-2294 | Identify critical remote vulnerabilities | Critical | Source |
| Kyocera TASKalfa printer - Path Traversal | CVE-2023-34259 | Identify critical remote vulnerabilities | Medium | Source |
| LDAP Account Manager Login Panel - Detect | Identify web-based control panels | Info | Source | |
| LaRecipe < 2.8.1 Remote Code Execution via SSTI | CVE-2025-53833 | Identify critical remote vulnerabilities | Critical | Source |
| LabKey Server Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Label Studio - Login Panel | Identify web-based control panels | Info | Source | |
| Laminas Project laminas-http - Remote Code Execution | CVE-2021-3007 | Identify critical remote vulnerabilities | Critical | Source |
| Lancom Router Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Langflow AI - Unauthenticated Remote Code Execution | CVE-2025-3248 | Identify critical remote vulnerabilities | Critical | Source |
| Langflow AI <= 1.6.9 - CORS Misconfiguration | CVE-2025-34291 | Identify critical remote vulnerabilities | Critical | Source |
| Lansweeper Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Lansweeper Unauthenticated SQL Injection | CVE-2019-13462 | Identify critical remote vulnerabilities | Critical | Source |
| Laravel Backpack Admin Login Panel - Detect | Identify web-based control panels | Info | Source | |
| LearnDash LMS < 4.10.2 - Sensitive Information Exposure | CVE-2024-1210 | Identify critical remote vulnerabilities | Medium | Source |
| LearnDash LMS < 4.10.2 - Sensitive Information Exposure via assignments | CVE-2024-1209 | Identify critical remote vulnerabilities | Medium | Source |
| LearnDash LMS < 4.10.3 - Sensitive Information Exposure | CVE-2024-1208 | Identify critical remote vulnerabilities | Medium | Source |
| LearnPress < 4.2.7.1 - SQL Injection | CVE-2024-8529 | Identify critical remote vulnerabilities | Critical | Source |
| LearnPress < 4.2.7.1 - SQL Injection | CVE-2024-8522 | Identify critical remote vulnerabilities | Critical | Source |
| LearnPress <= 4.2.5.7 - SQL Injection | CVE-2023-6567 | Identify critical remote vulnerabilities | Critical | Source |
| LearnPress Plugin < 4.2.0 - Unauthenticated Time-Based Blind SQLi | CVE-2022-45808 | Identify critical remote vulnerabilities | Critical | Source |
| Lenovo Fan Power Controller Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Leostream Default Login | Identify default logins in web-based control panels | High | Source | |
| Leostream Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Letta Letta 0.7.12 - Remote Code Execution | CVE-2025-51482 | Identify critical remote vulnerabilities | High | Source |
| LibreChat <= 0.7.9 - HTML Injection via Accept-Language Header | CVE-2025-8848 | Identify critical remote vulnerabilities | Medium | Source |
| LibreChat Login Panel - Detection | Identify web-based control panels | Info | Source | |
| LibreNMS Login Panel - Detect | Identify web-based control panels | Info | Source | |
| LibrePhotos Panel - Detect | Identify web-based control panels | Info | Source | |
| LibreSpeed Panel - Detect | Identify web-based control panels | Info | Source | |
| Liferay Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Liferay Portal Unauthenticated < 7.2.1 CE GA2 - Remote Code Execution | CVE-2020-7961 | Identify critical remote vulnerabilities | Critical | Source |
| Lightdash version <= 0.510.3 Arbitrary File Read | CVE-2023-35844 | Identify critical remote vulnerabilities | High | Source |
| Lin CMS Spring Boot - Default JWT Token | CVE-2022-32430 | Identify critical remote vulnerabilities | High | Source |
| LinShare Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Linear eMerge E3-Series - Information Disclosure | CVE-2022-31269 | Identify critical remote vulnerabilities | High | Source |
| Linkerd Panel - Detect | Identify web-based control panels | Info | Source | |
| Linksys Smart Wi-Fi Login Panel - Detect | Identify web-based control panels | Info | Source | |
| ListSERV Maestro <= 9.0-8 RCE | CVE-2010-1870 | Identify critical remote vulnerabilities | Medium | Source |
| ListingPro < 2.6.1 - Arbitrary Plugin Installation/Activation/Deactivation | CVE-2020-36719 | Identify critical remote vulnerabilities | Critical | Source |
| ListingPro < 2.6.1 - Sensitive Data Disclosure | CVE-2020-36723 | Identify critical remote vulnerabilities | High | Source |
| Live Helper Chat Admin Login Panel - Detect | Identify web-based control panels | Info | Source | |
| LiveZilla Login Panel - Detect | Identify web-based control panels | Info | Source | |
| LocalAI - Partial Local File Read | CVE-2024-6095 | Identify critical remote vulnerabilities | Medium | Source |
| LockSelf Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Locklizard Web Viewer Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Login as User or Customer < 3.3 - Privilege Escalation | CVE-2022-4305 | Identify critical remote vulnerabilities | Critical | Source |
| Logitech Harmony Pro Installer Portal Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Lomnido Panel - Detect | Identify web-based control panels | Info | Source | |
| Looker Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Loxone Intercom Video Panel - Detect | Identify web-based control panels | Info | Source | |
| Loxone WebInterface Panel - Detect | Identify web-based control panels | Info | Source | |
| Loytec PLC - Default Login | Identify default logins in web-based control panels | High | Source | |
| Lucee - Default Login | Identify default logins in web-based control panels | High | Source | |
| Lucee - Unset Credentials | Identify critical remote vulnerabilities | High | Source | |
| Lucee < 6.0.1.59 - Remote Code Execution | Identify critical remote vulnerabilities | Critical | Source | |
| Lucee Web and Lucee Server Admin Login Panel - Detect | Identify web-based control panels | Info | Source | |
| M-Bus Converter Web Interface - Detect | Identify web-based control panels | Info | Source | |
| M-Files Web Login Panel - Detect | Identify web-based control panels | Info | Source | |
| MAG Dashboard Login Panel - Detect | Identify web-based control panels | Info | Source | |
| MCMS 5.2.4 - SQL Injection | CVE-2022-25125 | Identify critical remote vulnerabilities | Critical | Source |
| MCMS 5.2.5 - SQL Injection | CVE-2022-23898 | Identify critical remote vulnerabilities | Critical | Source |
| MCP Inspector < 0.14.0 UnauthenticatedRemote Code Execution | Identify critical remote vulnerabilities | Critical | Source | |
| MCP Inspector Detect | Identify web-based control panels | Info | Source | |
| MISP Threat Intelligence Sharing Platform Panel - Detect | Identify web-based control panels | Info | Source | |
| MLFlow < 2.8.1 - Sensitive Information Disclosure | CVE-2023-43472 | Identify critical remote vulnerabilities | High | Source |
| MLflow Absolute Path Traversal | CVE-2023-3765 | Identify critical remote vulnerabilities | Critical | Source |
| MOFI4500-4GXeLTE-V2 Default Login | Identify default logins in web-based control panels | High | Source | |
| MPDV Mikrolab GmbH HYDRA X, MIP 2 & FEDRA 2 - Path Traversal | CVE-2025-12055 | Identify critical remote vulnerabilities | High | Source |
| MPFTVC Admin Login Panel - Detect | Identify web-based control panels | Info | Source | |
| MSNSwitch Firmware MNT.2408 - Authentication Bypass | CVE-2022-32429 | Identify critical remote vulnerabilities | Critical | Source |
| MSPControl Login Panel - Detect | Identify web-based control panels | Info | Source | |
| MStore API < 3.9.8 - SQL Injection | CVE-2023-3077 | Identify critical remote vulnerabilities | Critical | Source |
| MStore API <= 3.9.1 - Authentication Bypass | CVE-2023-2734 | Identify critical remote vulnerabilities | Critical | Source |
| MStore API <= 3.9.2 - Authentication Bypass | CVE-2023-2732 | Identify critical remote vulnerabilities | Critical | Source |
| MStore API <= 4.10.7 - Unauthorized Account Access and Privilege Escalation | CVE-2023-3277 | Identify critical remote vulnerabilities | Critical | Source |
| MachForm Admin Panel - Detect | Identify web-based control panels | Info | Source | |
| Maestro LISTSERV - Detect | Identify web-based control panels | Info | Source | |
| Maestro LuCI Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Mage AI - Insecure Default Authentication Setup | CVE-2025-2129 | Identify critical remote vulnerabilities | Medium | Source |
| Magnolia CMS Default Login - Detect | Identify default logins in web-based control panels | High | Source | |
| Magnolia CMS Login Panel - Detect | Identify web-based control panels | Info | Source | |
| MagnusBilling - Default Login | Identify default logins in web-based control panels | High | Source | |
| MagnusBilling - Login Panel | Identify web-based control panels | Info | Source | |
| MailEnable Mail Service < v10 - Cross-Site Scripting | CVE-2025-44148 | Identify critical remote vulnerabilities | Critical | Source |
| MailHog Panel - Detect | Identify web-based control panels | Info | Source | |
| MailWatch Login Panel - Detect | Identify web-based control panels | Info | Source | |
| MainWP Dashboard <= 3.1.2 - Stored Cross-Site Scripting | Identify critical remote vulnerabilities | High | Source | |
| MajorDoMo thumb.php - OS Command Injection | CVE-2023-50917 | Identify critical remote vulnerabilities | Critical | Source |
| Maltrail Panel - Detect | Identify web-based control panels | Info | Source | |
| Malwared (Build Your Own Botnet) - Detect | Identify web-based control panels | Info | Source | |
| Malwared BYOB - Unauthenticated Remote Code Execution | Identify critical remote vulnerabilities | Critical | Source | |
| ManageEngine Applications Manager - Default Login | Identify default logins in web-based control panels | High | Source | |
| ManageEngine ServiceDesk 9.3.9328 - Arbitrary File Retrieval | CVE-2017-11512 | Identify critical remote vulnerabilities | High | Source |
| MantisBT <=2.30 - Arbitrary Password Reset/Admin Access | CVE-2017-7615 | Identify critical remote vulnerabilities | High | Source |
| MantisBT Default Admin Login | Identify default logins in web-based control panels | High | Source | |
| MantisBT Login Panel - Detect | Identify web-based control panels | Info | Source | |
| MapSVG < 6.2.20 - Unauthenticated SQLi | CVE-2022-0592 | Identify critical remote vulnerabilities | Critical | Source |
| MapTiler Tileserver-php v2.0 - Unauthenticated File Read | CVE-2025-44137 | Identify critical remote vulnerabilities | High | Source |
| MapTiler Tileserver-php v2.0 - Unauthenticated XSS | CVE-2025-44136 | Identify critical remote vulnerabilities | Medium | Source |
| MasterSAM Star Gate v11 - Local File Inclusion | Identify critical remote vulnerabilities | Medium | Source | |
| MasterStudy LMS WordPress Plugin <= 3.2.5 - SQL Injection | CVE-2024-1512 | Identify critical remote vulnerabilities | Critical | Source |
| Masteriyo LMS <= 1.7.3 - Insecure Direct Object Reference | CVE-2024-33939 | Identify critical remote vulnerabilities | Medium | Source |
| Matomo Panel - Detect | Identify web-based control panels | Info | Source | |
| Mattermost Login - Panel | Identify web-based control panels | Info | Source | |
| MeTube Instance Detected | Identify web-based control panels | Info | Source | |
| Media Library Assistant < 2.82 - Unauthenticated Limited Local File Inclusion | CVE-2020-11732 | Identify critical remote vulnerabilities | High | Source |
| Meduza Stealer Panel - Detect | Identify web-based control panels | Info | Source | |
| Memos Panel - Detect | Identify web-based control panels | Info | Source | |
| MeshCentral Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Metabase - Local File Inclusion | CVE-2021-41277 | Identify critical remote vulnerabilities | Critical | Source |
| Metabase < 0.46.6.1 - Remote Code Execution | CVE-2023-38646 | Identify critical remote vulnerabilities | Critical | Source |
| Metabase Installer - Exposure | Identify critical remote vulnerabilities | High | Source | |
| Metabase Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Metasploit Panel - Detect | Identify web-based control panels | Info | Source | |
| Metasploit Setup and Configuration Page - Detect | Identify web-based control panels | Info | Source | |
| MeterSphere Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Metersphere - Arbitrary File Read | CVE-2023-25573 | Identify critical remote vulnerabilities | High | Source |
| Micro Focus Application Lifecycle Management - Panel | Identify web-based control panels | Info | Source | |
| Micro Focus Filr Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Micro Focus Vibe Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Microsoft Exchange - Authentication Bypass | CVE-2021-33766 | Identify critical remote vulnerabilities | High | Source |
| Microsoft Exchange Admin Center Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Microsoft Exchange Web Service - Detect | Identify web-based control panels | Info | Source | |
| Microsoft SharePoint - List API Disclosure | Identify web-based control panels | Low | Source | |
| Microsoft Windows 'HTTP.sys' - Remote Code Execution | CVE-2015-1635 | Identify critical remote vulnerabilities | Critical | Source |
| Microweber <1.1.20 - Information Disclosure | CVE-2020-13405 | Identify critical remote vulnerabilities | High | Source |
| MikroTik Router OS Login Panel - Detect | Identify web-based control panels | Info | Source | |
| MikroTik RouterOS Admin Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Milesight Routers - Information Disclosure | CVE-2023-43261 | Identify critical remote vulnerabilities | High | Source |
| MinIO Browser Login Panel - Detect | Identify web-based control panels | Info | Source | |
| MinIO Cluster Deployment - Information Disclosure | CVE-2023-28432 | Identify critical remote vulnerabilities | High | Source |
| MinIO Console Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Mingsoft MCMS - SQL Injection | CVE-2022-4375 | Identify critical remote vulnerabilities | Medium | Source |
| Mingsoft MCMS 5.2.9 - SQL Injection | CVE-2023-50578 | Identify critical remote vulnerabilities | Critical | Source |
| Mingsoft MCMS v5.2.7 - SQL Injection | CVE-2022-26585 | Identify critical remote vulnerabilities | Critical | Source |
| Minio Default Login | Identify default logins in web-based control panels | High | Source | |
| Mirantis Kubernetes Engine Panel - Detect | Identify web-based control panels | Info | Source | |
| Mitel 6000 - Default Login | Identify default logins in web-based control panels | High | Source | |
| Mitel Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Mitel MiCollab - Arbitrary File Read | CVE-2024-55550 | Identify critical remote vulnerabilities | Low | Source |
| Mitel MiCollab - Authentication Bypass | CVE-2024-41713 | Identify critical remote vulnerabilities | Critical | Source |
| Mitel MiCollab - Information Disclosure & Denial of Service | CVE-2022-26143 | Identify critical remote vulnerabilities | Critical | Source |
| Mitel MiCollab <= 9.8.0.33 - SQL Injection | CVE-2024-35286 | Identify critical remote vulnerabilities | Critical | Source |
| Mitel MiCollab Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Mitel NuPoint Unified Messaging Panel - Detect | Identify web-based control panels | Info | Source | |
| Mobile Management Platform Panel - Detect | Identify web-based control panels | Info | Source | |
| MobileIron Core & Connector <= v10.6 & Sentry <= v9.8 - Remote Code Execution | CVE-2020-15505 | Identify critical remote vulnerabilities | Critical | Source |
| MobileIron Core - Remote Unauthenticated API Access | CVE-2023-35082 | Identify critical remote vulnerabilities | Critical | Source |
| MobileIron Sentry Panel - Detect | Identify web-based control panels | Info | Source | |
| Mobotix - Default Login | Identify default logins in web-based control panels | High | Source | |
| Modoboa < 2.1.0 - Improper Authorization | CVE-2023-2227 | Identify critical remote vulnerabilities | Critical | Source |
| Modoboa Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Molgenis - Default Login | Identify default logins in web-based control panels | High | Source | |
| MongoDB Ops Manager Login Panel - Detect | Identify web-based control panels | Info | Source | |
| MongoDB Server - Information Disclosure (MongoBleed) | Identify critical remote vulnerabilities | High | Source | |
| Mongoose - NoSQL Injection | CVE-2025-23061 | Identify critical remote vulnerabilities | Critical | Source |
| Monitorr Panel - Detect | Identify web-based control panels | Info | Source | |
| Monsta FTP - Detect | Identify web-based control panels | Info | Source | |
| Monstra Admin Panel - Detect | Identify web-based control panels | Info | Source | |
| Moodle Workplace Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Movable Type Pro Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Multiple Shipping Address Woocommerce < 2.0 - SQL Injection | CVE-2022-0783 | Identify critical remote vulnerabilities | Critical | Source |
| Munin Monitoring Dashboard - Exposure | Identify critical remote vulnerabilities | Medium | Source | |
| MyBB - Full Path Disclosure | Identify critical remote vulnerabilities | Low | Source | |
| MyBB Installation Panel - Detect | Identify web-based control panels | High | Source | |
| MyBB Login Panel - Detect | Identify web-based control panels | Info | Source | |
| MyQ Print Server Panel - Detect | Identify web-based control panels | Info | Source | |
| MyStrom Panel - Detect | Identify web-based control panels | Info | Source | |
| Mystic Stealer Panel - Detect | Identify web-based control panels | Info | Source | |
| N-able N-central < 2024.2 - Authentication Bypass Detection | CVE-2024-28200 | Identify critical remote vulnerabilities | Critical | Source |
| N-central - Authentication Bypass | Identify critical remote vulnerabilities | Medium | Source | |
| N-central Login Panel - Detect | Identify web-based control panels | Info | Source | |
| N8n - Config | Identify critical remote vulnerabilities | Medium | Source | |
| NAKIVO Backup and Replication Solution - Unauthenticated Arbitrary File Read | CVE-2024-48248 | Identify critical remote vulnerabilities | High | Source |
| NConf Login Panel - Detect | Identify web-based control panels | Info | Source | |
| NETGEAR Routers - Authentication Bypass | CVE-2017-5521 | Identify critical remote vulnerabilities | High | Source |
| NETGEAR Routers - Remote Code Execution | CVE-2016-6277 | Identify critical remote vulnerabilities | High | Source |
| NI Web-based Configuration & Monitoring - Detect | Identify web-based control panels | Info | Source | |
| NP Data Cache Panel - Detect | Identify web-based control panels | Info | Source | |
| NPS - Authentication Bypass | Identify critical remote vulnerabilities | High | Source | |
| NPort Web Console Login Panel - Detect | Identify web-based control panels | Info | Source | |
| NS-ASG Application Security Gateway 6.3 - Sql Injection | CVE-2024-2330 | Identify critical remote vulnerabilities | Medium | Source |
| NSQ Admin Panel - Detect | Identify web-based control panels | Medium | Source | |
| NUUO NVRmini - Remote Command Execution | CVE-2018-14933 | Identify critical remote vulnerabilities | Critical | Source |
| NZBGet Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Nacos - Information Disclosure | Identify critical remote vulnerabilities | High | Source | |
| NagVis Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Nagios Default Login | Identify default logins in web-based control panels | High | Source | |
| Nagios Log Server - Detect | Identify web-based control panels | Info | Source | |
| Nagios Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Nagios XI Default Admin Login - Detect | Identify default logins in web-based control panels | Critical | Source | |
| Nagios XI Login Panel - Detect | Identify web-based control panels | Info | Source | |
| NagiosXI <= 5.4.12 - SQL injection | CVE-2018-10736 | Identify critical remote vulnerabilities | High | Source |
| NagiosXI <= 5.4.12 `commandline.php` SQL injection | CVE-2018-10735 | Identify critical remote vulnerabilities | High | Source |
| NagiosXI <= 5.4.12 logbook.php SQL injection | CVE-2018-10737 | Identify critical remote vulnerabilities | High | Source |
| NagiosXI <= 5.4.12 menuaccess.php - SQL injection | CVE-2018-10738 | Identify critical remote vulnerabilities | High | Source |
| Navicat On-Prem Server Panel - Detect | Identify web-based control panels | Info | Source | |
| Navidrome <=0.54.5 - Authentication Bypass in Subsonic API | CVE-2025-27112 | Identify critical remote vulnerabilities | Medium | Source |
| Ncast busiFacade - Remote Command Execution | CVE-2024-0305 | Identify critical remote vulnerabilities | Medium | Source |
| Neo4j Browser - Detect | Identify web-based control panels | Info | Source | |
| Neobox Web Server Login Panel - Detect | Identify web-based control panels | Info | Source | |
| NetAlert X - Arbitrary File Read | CVE-2024-48766 | Identify critical remote vulnerabilities | Critical | Source |
| NetMRI < 7.6.1 - Authentication Bypass via Hardcoded Credentials | CVE-2025-32815 | Identify critical remote vulnerabilities | Medium | Source |
| NetMRI Unauthenticated SQL Injection via skipjackUsername | CVE-2025-32814 | Identify critical remote vulnerabilities | Critical | Source |
| NetMizer LogManagement System Data - Directory Exposure | Identify critical remote vulnerabilities | High | Source | |
| NetMizer LogManagement System cmd.php - Remote Code Execution | Identify critical remote vulnerabilities | Critical | Source | |
| NetSUS Server Default Login | Identify default logins in web-based control panels | High | Source | |
| NetSUS Server Login Panel - Detect | Identify web-based control panels | Info | Source | |
| NetScaler Console - Panel | Identify web-based control panels | Info | Source | |
| NetScaler Console - Sensitive Information Disclosure | CVE-2024-6235 | Identify critical remote vulnerabilities | High | Source |
| Netdata Dashboard Panel - Detect | Identify web-based control panels | Info | Source | |
| Netdata Panel - Detect | Identify web-based control panels | Info | Source | |
| Netdisco Admin - Default Login | Identify default logins in web-based control panels | Critical | Source | |
| Netentsec NS-ICG - Default Login | Identify default logins in web-based control panels | High | Source | |
| Netflix Conductor UI Panel - Detect | Identify web-based control panels | Info | Source | |
| Netflow Analyzer - Default Login | Identify default logins in web-based control panels | High | Source | |
| Netflow Analyzer Login - Panel | Identify web-based control panels | Info | Source | |
| Netgear DGN2200 - Improper Authentication | CVE-2024-57046 | Identify critical remote vulnerabilities | High | Source |
| Netgear WNR614 - Improper Authentication | Identify critical remote vulnerabilities | High | Source | |
| Netgear-WN604 downloadFile.php - Information Disclosure | CVE-2024-6646 | Identify critical remote vulnerabilities | Medium | Source |
| Netmaker - Hardcoded DNS Secret Key | CVE-2023-32077 | Identify critical remote vulnerabilities | High | Source |
| Netris Dashboard Panel - Detect | Identify web-based control panels | Info | Source | |
| Netsparker Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Network Technologies Inc ENVIROMUX - Default Login | Identify default logins in web-based control panels | High | Source | |
| Newspaper Theme 6.4–6.7.1 - Privilege Escalation | CVE-2016-10972 | Identify critical remote vulnerabilities | Critical | Source |
| Next Terminal - Default Login | Identify default logins in web-based control panels | High | Source | |
| Next.js Cache Poisoning | Identify critical remote vulnerabilities | High | Source | |
| NextGEN Gallery <= 3.59 - Missing Authorization to Unauthenticated Information Disclosure | CVE-2024-3097 | Identify critical remote vulnerabilities | Medium | Source |
| Nextcloud Server - Detection | Identify web-based control panels | Info | Source | |
| NextcloudPi Login - Panel | Identify web-based control panels | Info | Source | |
| Nexus Default Login | Identify default logins in web-based control panels | High | Source | |
| Nexus Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Nexus Repository Manager - Anonymous Access Enabled | Identify critical remote vulnerabilities | Medium | Source | |
| Nginx Admin Manager Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Nginx End-of-Life - Detect | Identify web-based control panels | Info | Source | |
| Nginx Proxy Manager - Default Login | Identify default logins in web-based control panels | High | Source | |
| Nginx Proxy Manager Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Nginx UI Panel - Detect | Identify web-based control panels | Info | Source | |
| Ninja Tables <4.1.9 - Unauthenticated Arbitrary File Read | Identify critical remote vulnerabilities | High | Source | |
| NoEscape Login Panel - Detect | Identify web-based control panels | Info | Source | |
| NocoBase - Default Login | Identify default logins in web-based control panels | High | Source | |
| NocoDB Panel - Detect | Identify web-based control panels | Info | Source | |
| NocoDB version <= 0.106.1 - Arbitrary File Read | CVE-2023-35843 | Identify critical remote vulnerabilities | High | Source |
| Node-Red - Default Login | Identify default logins in web-based control panels | Critical | Source | |
| Node.js REPL History Disclosure | Identify critical remote vulnerabilities | Low | Source | |
| NodeBB XML-RPC Request xmlrpc.php - XML Injection | CVE-2023-43187 | Identify critical remote vulnerabilities | Critical | Source |
| Nodogsplash - Directory Traversal | CVE-2023-39120 | Identify critical remote vulnerabilities | High | Source |
| Nordex Control Wind Farm Portal Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Normhost Backup Server Manager Panel - Detect | Identify web-based control panels | Info | Source | |
| Nortek Linear eMerge E3-Series - SQL Injection | CVE-2022-38627 | Identify critical remote vulnerabilities | Critical | Source |
| Nortek Linear eMerge E3-Series <0.32-08f - Remote Command Injection | CVE-2022-31499 | Identify critical remote vulnerabilities | Critical | Source |
| Nortek Linear eMerge Panel - Detect | Identify web-based control panels | Info | Source | |
| NotificationX <= 2.8.2 - SQL Injection | CVE-2024-1698 | Identify critical remote vulnerabilities | Critical | Source |
| NotificationX Dropshipping < 4.4 - SQL Injection | CVE-2018-25031 | Identify critical remote vulnerabilities | Critical | Source |
| Nozomi Guardian Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Nsfocus - Arbitrary User Login | Identify critical remote vulnerabilities | High | Source | |
| Nuxeo Platform Login Panel - Detect | Identify web-based control panels | Info | Source | |
| O2 Router Setup Panel - Detect | Identify web-based control panels | Info | Source | |
| O2OA - Default Login | Identify default logins in web-based control panels | High | Source | |
| OCS Inventory Login Panel - Detect | Identify web-based control panels | Info | Source | |
| OKIOK S-Filer Portal Login Panel - Detect | Identify web-based control panels | Info | Source | |
| OLT Web Management Interface Login Panel - Detect | Identify web-based control panels | Info | Source | |
| OLYMPIC Banking System Login Panel - Detect | Identify web-based control panels | Info | Source | |
| OPNsense Panel - Detect | Identify web-based control panels | Info | Source | |
| OSASI Login - Panel | Identify web-based control panels | Info | Source | |
| OSASI PLC - Default Login | Identify default logins in web-based control panels | High | Source | |
| OSNEXUS QuantaStor Manager Panel - Detect | Identify web-based control panels | Info | Source | |
| OTOBO Login Panel - Detect | Identify web-based control panels | Info | Source | |
| OcoMon Login Panel - Detect | Identify web-based control panels | Info | Source | |
| OctoberCMS - Default Admin Discovery | Identify default logins in web-based control panels | High | Source | |
| Odoo - Database Manager Discovery | Identify web-based control panels | Low | Source | |
| Odoo - Panel Detect | Identify web-based control panels | Info | Source | |
| Odoo Apps - Cross-Site Scripting via Prototype Pollution | CVE-2021-20086 | Identify critical remote vulnerabilities | High | Source |
| Odoo OpenERP Database Selector Panel - Detect | Identify web-based control panels | Info | Source | |
| Office Web Apps Server Panel - Detect | Identify web-based control panels | Info | Source | |
| OfficeKeeper Admin Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Okta Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Omnia MPX Node Login Panel - Detect | Identify web-based control panels | Info | Source | |
| OneDev Panel - Detect | Identify web-based control panels | Info | Source | |
| OneDev.io < 11.0.9 - Arbitrary File Read | CVE-2024-45309 | Identify critical remote vulnerabilities | High | Source |
| Open Game Panel Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Open Virtualization Userportal & Webadmin Panel Detection | Identify web-based control panels | Info | Source | |
| Open Web Analytics Login - Detect | Identify web-based control panels | Info | Source | |
| Open WebUI - Default Login | Identify default logins in web-based control panels | Critical | Source | |
| OpenAM Login Panel - Detect | Identify web-based control panels | Info | Source | |
| OpenBullet 2 - Panel | Identify web-based control panels | Info | Source | |
| OpenCATS - Default Login | Identify default logins in web-based control panels | High | Source | |
| OpenCATS Login Panel - Detect | Identify web-based control panels | Info | Source | |
| OpenCMS 14 & 15 - Cross Site Scripting | CVE-2023-6379 | Identify critical remote vulnerabilities | Medium | Source |
| OpenCart Core 4.0.2.3 'search' - SQL Injection | Identify critical remote vulnerabilities | High | Source | |
| OpenCart Login Panel - Detect | Identify web-based control panels | Info | Source | |
| OpenEMR - Default Admin Discovery | Identify default logins in web-based control panels | High | Source | |
| OpenEMR Product Registration Panel - Detect | Identify web-based control panels | Info | Source | |
| OpenEdge Login Panel - Detect | Identify web-based control panels | Info | Source | |
| OpenMediaVault - Default Login | Identify default logins in web-based control panels | High | Source | |
| OpenMetadata - Admin User Enumeration | Identify critical remote vulnerabilities | Medium | Source | |
| OpenObserve Login Panel - Detect | Identify web-based control panels | Info | Source | |
| OpenPLC Webserver v3 - Default Login | Identify default logins in web-based control panels | High | Source | |
| OpenSIS 7.3 - SQL Injection | CVE-2020-6637 | Identify critical remote vulnerabilities | Critical | Source |
| OpenSIS Login Panel - Detect | Identify web-based control panels | Info | Source | |
| OpenSearch Dashboard Panel - Detect | Identify web-based control panels | Info | Source | |
| OpenSign Login Panel - Detect | Identify web-based control panels | Info | Source | |
| OpenText Content Server Login Panel - Detect | Identify web-based control panels | Info | Source | |
| OpenVPN Admin Login Panel - Detect | Identify web-based control panels | Info | Source | |
| OpenVPN Connect Panel - Detect | Identify web-based control panels | Info | Source | |
| OpenVPN Server Router Management Panel - Detect | Identify web-based control panels | Info | Source | |
| OpenVZ Web Panel Login Panel - Detect | Identify web-based control panels | Info | Source | |
| OpenVas Login Panel - Detect | Identify web-based control panels | Info | Source | |
| OpenX/Revive Adserver Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Openfire Admin Console Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Openfire Administration Console - Authentication Bypass | CVE-2023-32315 | Identify critical remote vulnerabilities | High | Source |
| Opentwrt Login / Configuration Interface | Identify web-based control panels | Info | Source | |
| Opentwrt luCI - Admin Login Page | Identify web-based control panels | Info | Source | |
| Openweb UI Panel - Detect | Identify web-based control panels | Info | Source | |
| Opinio Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Oracle ADF Faces Deserialization of Untrusted Data Vulnerability | CVE-2022-21445 | Identify critical remote vulnerabilities | Critical | Source |
| Oracle Access Management Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Oracle Access Manager - Remote Code Execution | CVE-2021-35587 | Identify critical remote vulnerabilities | Critical | Source |
| Oracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulnerability | CVE-2024-21287 | Identify critical remote vulnerabilities | High | Source |
| Oracle Application Server Panel - Detect | Identify web-based control panels | Info | Source | |
| Oracle Business Intelligence Default Login | Identify default logins in web-based control panels | High | Source | |
| Oracle Business Intelligence Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Oracle Commerce Business Control Center Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Oracle E-Business Suite 12.2.3–12.2.14 – Remote Code Execution | CVE-2025-61882 | Identify critical remote vulnerabilities | Critical | Source |
| Oracle E-Business Suite <=12.2 - Authentication Bypass | CVE-2022-21500 | Identify critical remote vulnerabilities | High | Source |
| Oracle E-Business Suite Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Oracle Forms & Reports RCE (CVE-2012-3152 & CVE-2012-3153) | CVE-2012-3153 | Identify critical remote vulnerabilities | Medium | Source |
| Oracle Fusion - Directory Traversal/Local File Inclusion | CVE-2020-14864 | Identify critical remote vulnerabilities | High | Source |
| Oracle Fusion Middleware WebLogic Server Administration Console - Remote Code Execution | CVE-2020-14883 | Identify critical remote vulnerabilities | High | Source |
| Oracle Identity Manager REST WebServices - Authentication Bypass | CVE-2025-61757 | Identify critical remote vulnerabilities | Critical | Source |
| Oracle Integrated Lights Out Manager Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Oracle Opera Login - Detect | Identify web-based control panels | Info | Source | |
| Oracle PeopleSoft - Default Login | Identify default logins in web-based control panels | High | Source | |
| Oracle PeopleSoft Enterprise Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Oracle PeopleSoft Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Oracle Peoplesoft - Unauthenticated File Read | CVE-2023-22047 | Identify critical remote vulnerabilities | High | Source |
| Oracle Retail Xstore Suite - Pre-authenticated Path Traversal | CVE-2024-21136 | Identify critical remote vulnerabilities | High | Source |
| Oracle WebLogic Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Oracle WebLogic Server - Remote Code Execution | CVE-2020-2551 | Identify critical remote vulnerabilities | Critical | Source |
| Oracle WebLogic Server - Remote Command Execution | CVE-2019-2725 | Identify critical remote vulnerabilities | Critical | Source |
| Oracle WebLogic UDDI Explorer Panel - Detect | Identify web-based control panels | Info | Source | |
| Orchid Core VMS Panel - Detect | Identify web-based control panels | Info | Source | |
| OurMGMT3 Admin Login Panel - Detect | Identify web-based control panels | Info | Source | |
| OutSystems Service Center Login Panel - Detect | Identify web-based control panels | Info | Source | |
| OwnCloud - Phpinfo Configuration | CVE-2023-49103 | Identify critical remote vulnerabilities | Critical | Source |
| PAHTool Login Panel - Detect | Identify web-based control panels | Info | Source | |
| PAN-OS Management Interface - Path Confusion to Authentication Bypass | CVE-2025-0108 | Identify critical remote vulnerabilities | Critical | Source |
| PAN-OS Management Panel - Detect | Identify web-based control panels | Info | Source | |
| PAN-OS Management Web Interface - Authentication Bypass | CVE-2024-0012 | Identify critical remote vulnerabilities | Critical | Source |
| PDF Generator Addon for Elementor Page Builder <= 1.7.5 - Arbitrary File Download | CVE-2024-9935 | Identify critical remote vulnerabilities | High | Source |
| PDI Intellifuel - Device Page | Identify web-based control panels | Low | Source | |
| PHP CGI - Argument Injection | CVE-2024-4577 | Identify critical remote vulnerabilities | Critical | Source |
| PHP LDAP Admin Panel - Detect | Identify web-based control panels | Info | Source | |
| PHP Login System 2.0.1 - Cross-Site Scripting | CVE-2023-38875 | Identify critical remote vulnerabilities | Medium | Source |
| PHPCI Configuration Exposure "phpci.yml" Exposure | Identify critical remote vulnerabilities | Info | Source | |
| PHPGurukul Hospital Management System 4.0 - SQL Injection | CVE-2020-22165 | Identify critical remote vulnerabilities | High | Source |
PHPIPAM | CVE-2023-0678 | Identify critical remote vulnerabilities | Medium | Source | |
| PHPJabbers Food Delivery Script - SQL Injection | CVE-2023-40748 | Identify critical remote vulnerabilities | Critical | Source |
| PHPJabbers Food Delivery Script v3.0 - SQL Injection | CVE-2023-40749 | Identify critical remote vulnerabilities | Critical | Source |
| PHPJabbers Shuttle Booking Software 1.0 - Cross Site Scripting | CVE-2023-4112 | Identify critical remote vulnerabilities | Medium | Source |
| PHPJabbers Taxi Booking 2.0 - Cross Site Scripting | CVE-2023-4116 | Identify critical remote vulnerabilities | Medium | Source |
| PHPMailer Panel - Detect | Identify web-based control panels | Info | Source | |
| PRONOTE Login Panel - Detect | Identify web-based control panels | Info | Source | |
| PRTG Network Monitor - Hardcoded Credentials | Identify default logins in web-based control panels | High | Source | |
| Pair Drop Panel - Detect | Identify web-based control panels | Info | Source | |
| Palo Alto Expedition - Admin Account Takeover | CVE-2024-5910 | Identify critical remote vulnerabilities | Critical | Source |
| Palo Alto Expedition - SQL Injection | CVE-2024-9465 | Identify critical remote vulnerabilities | Critical | Source |
| Palo Alto Expedition Project Login - Detect | Identify web-based control panels | Info | Source | |
| Palo Alto Network PAN-OS - Remote Code Execution | CVE-2017-15944 | Identify critical remote vulnerabilities | Critical | Source |
| Palo Alto Networks PAN-OS Default Login | Identify default logins in web-based control panels | High | Source | |
| Pandora FMS Mobile Console Login Panel - Detect | Identify web-based control panels | Info | Source | |
| PaperCut < 22.1.3 - Path Traversal | CVE-2023-39143 | Identify critical remote vulnerabilities | Critical | Source |
| PaperCut NG Unauthenticated XMLRPC Functionality | CVE-2023-4568 | Identify critical remote vulnerabilities | Medium | Source |
| Parallels H-Sphere Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Parse Dashboard Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Passbolt Login Panel | Identify web-based control panels | Info | Source | |
| Payroll Management System Web Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Pega Infinity Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Pelco Sarix - Default Login | Identify default logins in web-based control panels | High | Source | |
| Pentaho Default Login | Identify default logins in web-based control panels | High | Source | |
| Persis Panel - Detect | Identify web-based control panels | Info | Source | |
| Personal Weather Station Dashboard 12 - Directory Traversal | CVE-2025-47423 | Identify critical remote vulnerabilities | Medium | Source |
| Phabricator Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Phoenix Contact CHARX SEC-3XXX AC Charging Controller Panel - Detect | Identify web-based control panels | Info | Source | |
| Phoenix Contact CHARX SEC-3XXX AC Charging Controller REST API - Detect | Identify critical remote vulnerabilities | Info | Source | |
| Phoenix Contact CHARX SEC-3XXX AC Controller < 1.7.3 - Multiple Vulnerabilities | Identify critical remote vulnerabilities | Critical | Source | |
| Phoronix Test Suite Panel - Detect | Identify web-based control panels | Info | Source | |
| Photo Gallery by 10Web < 1.6.0 - SQL Injection | CVE-2022-0169 | Identify critical remote vulnerabilities | Critical | Source |
| PhotoPrism Panel - Detect | Identify web-based control panels | Info | Source | |
| PhpMyAdmin - Unauthenticated Access | Identify critical remote vulnerabilities | High | Source | |
| PhpMyAdmin Scripts - Remote Code Execution | CVE-2009-1151 | Identify critical remote vulnerabilities | Critical | Source |
| Pichome 2.1.0 - Arbitrary File Read | CVE-2025-1743 | Identify critical remote vulnerabilities | Medium | Source |
| Pichome Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Piwigo Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Planet eStream Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Plausible Panel - Detect | Identify web-based control panels | Info | Source | |
| Plesk Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Plesk Obsidian Login Panel - Detect | Identify web-based control panels | Info | Source | |
| PocketBase Panel - Detect | Identify web-based control panels | Info | Source | |
| Polarion Siemens Login - Panel | Identify web-based control panels | Info | Source | |
| Popup-Maker < 1.8.12 - Broken Authentication | CVE-2019-17574 | Identify critical remote vulnerabilities | Critical | Source |
| Portainer - Init Deploy Discovery | Identify critical remote vulnerabilities | Medium | Source | |
| Portainer Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Post Grid <= 2.2.50 - Information Exposure via REST API | CVE-2023-40211 | Identify critical remote vulnerabilities | High | Source |
| PostHog Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Poste.io Admin Panel - Detect | Identify web-based control panels | Info | Source | |
| PowerChute Network Shutdown Panel - Detect | Identify web-based control panels | Info | Source | |
| PowerCom Network Manager | Identify web-based control panels | Info | Source | |
| PowerJob - Default Login | Identify default logins in web-based control panels | High | Source | |
| PowerJob <=4.3.2 - Unauthenticated Access | CVE-2023-29923 | Identify critical remote vulnerabilities | Medium | Source |
| PowerJob Login Panel - Detect | Identify web-based control panels | Info | Source | |
| PowerShell Universal - Default Login | Identify default logins in web-based control panels | High | Source | |
| Powertek Firmware <3.30.30 - Authorization Bypass | CVE-2022-33174 | Identify critical remote vulnerabilities | Critical | Source |
| PrestaShop Theme Volty CMS Blog - SQL Injection | CVE-2023-39650 | Identify critical remote vulnerabilities | Critical | Source |
| PrestaShop `tshirtecommerce` Module - SQL Injection | CVE-2023-27637 | Identify critical remote vulnerabilities | Critical | Source |
| PrestaShop fieldpopupnewsletter Module - Cross Site Scripting | CVE-2023-39676 | Identify critical remote vulnerabilities | Medium | Source |
| PrestaShop productsalert - SQL Injection | CVE-2024-36683 | Identify critical remote vulnerabilities | High | Source |
| PrestaShop xipblog - SQL Injection | CVE-2023-27847 | Identify critical remote vulnerabilities | Critical | Source |
| Prestashop posstaticfooter <= 1.0.0 - SQL Injection | CVE-2023-30194 | Identify critical remote vulnerabilities | Critical | Source |
| Prettier - Ignore File Disclosure | Identify critical remote vulnerabilities | Info | Source | |
| Prime Mover < 1.9.3 - Sensitive Data Exposure | CVE-2023-6505 | Identify critical remote vulnerabilities | High | Source |
| Primetek Primefaces 5.x - Remote Code Execution | CVE-2017-1000486 | Identify critical remote vulnerabilities | Critical | Source |
| Prison Management System - SQL Injection Authentication Bypass | CVE-2024-33288 | Identify critical remote vulnerabilities | High | Source |
| Pritunl - Panel | Identify web-based control panels | Info | Source | |
| PrivateGPT - Detect | Identify web-based control panels | Info | Source | |
| ProcessWire Login - Panel Detect | Identify web-based control panels | Info | Source | |
| Procore Login - Panel | Identify web-based control panels | Info | Source | |
| Progress Kemp LoadMaster - Command Injection | CVE-2024-1212 | Identify critical remote vulnerabilities | Critical | Source |
| Progress Kemp LoadMaster Panel - Detect | Identify web-based control panels | Info | Source | |
| Project Insight Login Panel - Detect | Identify web-based control panels | Info | Source | |
| ProjectSend Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Proofpoint Protection Server Panel - Detect | Identify web-based control panels | Info | Source | |
| Protect WP Admin < 4.0 - Unauthenticated Protection Bypass | CVE-2023-3139 | Identify critical remote vulnerabilities | Medium | Source |
| Proxmox Virtual Environment Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Pterodactyl Panel - Remote Code Execution | CVE-2025-49132 | Identify critical remote vulnerabilities | Critical | Source |
| Pterodactyl game server - Panel | Identify web-based control panels | Info | Source | |
| Pulsar Admin Console Panel - Detect | Identify web-based control panels | Info | Source | |
| Pulsar Admin UI Panel - Detect | Identify web-based control panels | Info | Source | |
| Pulsar360 Admin Panel - Detect | Identify web-based control panels | Info | Source | |
| Pulse Connect Secure SSL VPN Arbitrary File Read | CVE-2019-11510 | Identify critical remote vulnerabilities | Critical | Source |
| Puppetboard Panel - Detect | Identify web-based control panels | Info | Source | |
| Pure Storage Login Panel - Detect | Identify web-based control panels | Info | Source | |
| PyLoad Default Login | Identify default logins in web-based control panels | High | Source | |
| PyLoad Login - Panel | Identify web-based control panels | Info | Source | |
| Python Requirements File Disclosure | Identify critical remote vulnerabilities | Low | Source | |
| Python Setup Configuration - Exposure | Identify critical remote vulnerabilities | Low | Source | |
| QNAP HBS 3 - Broken Access Control | CVE-2021-28799 | Identify critical remote vulnerabilities | Critical | Source |
| QNAP Music Station < 5.4.0 - Authentication Bypass | CVE-2023-45038 | Identify critical remote vulnerabilities | Medium | Source |
| QNAP Photo Station - Path Traversal | CVE-2019-7195 | Identify critical remote vulnerabilities | Critical | Source |
| QNAP Photo Station Panel - Detect | Identify web-based control panels | Info | Source | |
| QNAP QTS Photo Station External Reference - Local File Inclusion | CVE-2022-27593 | Identify critical remote vulnerabilities | Critical | Source |
| QNAP QTS and Photo Station 6.0.3 - Remote Command Execution | CVE-2019-7192 | Identify critical remote vulnerabilities | Critical | Source |
| QNAP Turbo NAS Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Qlik Sense Enterprise - HTTP Request Smuggling | CVE-2023-41265 | Identify critical remote vulnerabilities | Critical | Source |
| Qlik Sense Enterprise - Path Traversal | CVE-2023-41266 | Identify critical remote vulnerabilities | High | Source |
| Qlik Sense Server Panel - Detect | Identify web-based control panels | Info | Source | |
| QlikView AccessPoint Login Panel - Detect | Identify web-based control panels | Info | Source | |
| QloApps 1.6.0 - SQL Injection | CVE-2023-36284 | Identify critical remote vulnerabilities | High | Source |
| QmailAdmin Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Qualitor ITSM - Detect | Identify web-based control panels | Info | Source | |
| Quest KACE System Management Appliance 8.0.318 - Remote Code Execution | CVE-2018-11138 | Identify critical remote vulnerabilities | Critical | Source |
| Quest Modem Configuration Login - Panel | Identify web-based control panels | Info | Source | |
| Quick.CMS v6.7 - SQL Injection | Identify critical remote vulnerabilities | High | Source | |
| Quilium Panel - Detect | Identify web-based control panels | Info | Source | |
| RCDevs WebADM Panel - Detect | Identify web-based control panels | Info | Source | |
| RD Web Access Panel - Detect | Identify web-based control panels | Info | Source | |
| RDWeb RemoteApp and Desktop Connections - Web Access | Identify web-based control panels | Info | Source | |
| RG-UAC Ruijie - Password Hashes Leak | Identify critical remote vulnerabilities | High | Source | |
| RStudio Sign In Panel - Detect | Identify web-based control panels | Info | Source | |
| RWS WorldServer - Authentication Bypass | CVE-2022-34267 | Identify critical remote vulnerabilities | Critical | Source |
| RabbitMQ Default Login | Identify default logins in web-based control panels | High | Source | |
| Racksnet Login Panel - Detect | Identify web-based control panels | Info | Source | |
| RaidenMAILD Mail Server v.4.9.4 - Path Traversal | CVE-2024-32399 | Identify critical remote vulnerabilities | High | Source |
| Rainloop WebMail - Default Admin Login | Identify default logins in web-based control panels | High | Source | |
| Rancher Dashboard Panel - Detect | Identify web-based control panels | Info | Source | |
| Rancher Default Login | Identify default logins in web-based control panels | High | Source | |
| Rancher Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Rapid7 Nexpose VM Security Console - Detect | Identify web-based control panels | Info | Source | |
| RaspAP 2.8.7 - Unauthenticated Command Injection | CVE-2022-39986 | Identify critical remote vulnerabilities | Critical | Source |
| RaspberryMatic Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Ray API - Local File Inclusion | CVE-2023-6021 | Identify critical remote vulnerabilities | High | Source |
| Ray Static File - Local File Inclusion | CVE-2023-6020 | Identify critical remote vulnerabilities | High | Source |
| ReCrystallize Server - Authentication Bypass | CVE-2024-26331 | Identify critical remote vulnerabilities | High | Source |
| React Server Components - Remote Code Execution | CVE-2025-55182 | Identify critical remote vulnerabilities | Critical | Source |
| Really Simple Security < 9.1.2 - Authentication Bypass | CVE-2024-10924 | Identify critical remote vulnerabilities | Critical | Source |
| Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure | CVE-2010-1429 | Identify critical remote vulnerabilities | Medium | Source |
| Red Hat Satellite Panel - Detect | Identify web-based control panels | Info | Source | |
| Redash Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Redash Setup Configuration - Default Secrets Disclosure | CVE-2021-41192 | Identify critical remote vulnerabilities | High | Source |
| Redis Commander - Default Login | Identify default logins in web-based control panels | High | Source | |
| Redis Enterprise - Detect | Identify web-based control panels | Info | Source | |
| Redis Sandbox Escape - Remote Code Execution | CVE-2022-0543 | Identify critical remote vulnerabilities | Critical | Source |
| Redmine Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Regify Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Registrations for the Events Calendar < 2.7.6 - SQL Injection | CVE-2021-24943 | Identify critical remote vulnerabilities | Critical | Source |
| RemKon Device Manager Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Remedy Axis Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Reolink E1 Zoom Camera <=3.0.0.716 - Information Disclosure | CVE-2021-40150 | Identify critical remote vulnerabilities | High | Source |
| Reolink E1 Zoom Camera <=3.0.0.716 - Private Key Disclosure | CVE-2021-40149 | Identify critical remote vulnerabilities | Medium | Source |
| Reolink Panel - Detect | Identify web-based control panels | Info | Source | |
| Repetier Server - Directory Traversal | CVE-2023-31059 | Identify critical remote vulnerabilities | High | Source |
| Repetier Server Panel - Detect | Identify web-based control panels | Info | Source | |
| Reportico Administration Page - Detect | Identify web-based control panels | Info | Source | |
| Reposilite >= 3.3.0, < 3.5.12 - Arbitrary File Read | CVE-2024-36117 | Identify critical remote vulnerabilities | High | Source |
| Reposilite Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Reprise License Manager 14.2 - Authentication Bypass | CVE-2021-44152 | Identify critical remote vulnerabilities | Critical | Source |
| Reprise License Manager 14.2 - Information Disclosure | CVE-2022-28365 | Identify critical remote vulnerabilities | Medium | Source |
| Request Tracker - Panel | Identify web-based control panels | Info | Source | |
| Residential Gateway Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Retool Login Panel - Detect | Identify web-based control panels | Info | Source | |
| RevPi Webstatus <= v2.4.5 - Authentication Bypass | CVE-2025-41646 | Identify critical remote vulnerabilities | Critical | Source |
| Revive Adserver 4.2 - Remote Code Execution | CVE-2019-5434 | Identify critical remote vulnerabilities | Critical | Source |
| Ricoh Web Image Monitor - Detect | Identify web-based control panels | Info | Source | |
| Ricoh Web Image Monitor - Reflected XSS | CVE-2025-41393 | Identify critical remote vulnerabilities | Medium | Source |
| Riello Netman 204 - SQL Injection | CVE-2024-8877 | Identify critical remote vulnerabilities | Critical | Source |
| Riello UPS NetMan 204 Network Card - Default Login | Identify default logins in web-based control panels | High | Source | |
| Riello UPS NetMan 204 Panel - Detect | Identify web-based control panels | Info | Source | |
| RiteCMS - Default Login | Identify default logins in web-based control panels | High | Source | |
| Rocket.Chat <=3.13 - NoSQL Injection | CVE-2021-22911 | Identify critical remote vulnerabilities | Critical | Source |
| RocketChat Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Rockmongo Default Login | Identify default logins in web-based control panels | High | Source | |
| Roxy File Manager - Panel Detect | Identify web-based control panels | Info | Source | |
| Roxy-WI - Remote Code Execution | CVE-2022-31126 | Identify critical remote vulnerabilities | Critical | Source |
| Roxy-WI < 6.1.1.0 - Remote Code Execution | CVE-2022-31137 | Identify critical remote vulnerabilities | Critical | Source |
| Ruckus Wireless - Default Login | Identify default logins in web-based control panels | Critical | Source | |
| Ruckus Wireless Admin Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Ruckus Wireless Unleashed Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Ruijie NBR Series Routers - Default Login | Identify default logins in web-based control panels | High | Source | |
| Ruijie RG-EG - Remote Code Execution | Identify critical remote vulnerabilities | Critical | Source | |
| Ruijie RG-EW1200G Router Background - Login Bypass | CVE-2023-4415 | Identify critical remote vulnerabilities | High | Source |
| Ruijie RG-NBS2009G-P - Improper Authentication | CVE-2024-24116 | Identify critical remote vulnerabilities | Critical | Source |
| Ruijie RG-UAC Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Rundeck - Default Login | Identify default logins in web-based control panels | High | Source | |
| Rundeck Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Rustici Content Controller Panel - Detect | Identify web-based control panels | Info | Source | |
| SAP Analytics Cloud Panel - Detect | Identify web-based control panels | Info | Source | |
| SAP Memory Pipes (MPI) Desynchronization | CVE-2022-22536 | Identify critical remote vulnerabilities | Critical | Source |
| SAP NetWeaver - Backdoor Detection | Identify critical remote vulnerabilities | Critical | Source | |
| SAP NetWeaver Application Server Java 7.5 - Local File Inclusion | CVE-2017-12637 | Identify critical remote vulnerabilities | High | Source |
| SAP NetWeaver Composition Environment Tools - Detect | Identify web-based control panels | Info | Source | |
| SAP NetWeaver SQL Injection Vulnerability | CVE-2016-2386 | Identify critical remote vulnerabilities | Critical | Source |
| SAP Solution Manager 7.2 - Remote Command Execution | CVE-2020-6207 | Identify critical remote vulnerabilities | Critical | Source |
| SAP SuccessFactors Login Panel - Detect | Identify web-based control panels | Info | Source | |
| SAS Login Panel - Detect | Identify web-based control panels | Info | Source | |
| SAUTER moduWeb Vision Panel - Detect | Identify web-based control panels | Info | Source | |
| SEH utnserver Pro/ProMAX/INU-100 20.1.22 - Cross-Site Scripting | CVE-2024-5420 | Identify critical remote vulnerabilities | High | Source |
| SGP Login Panel - Detect | Identify web-based control panels | Info | Source | |
| SHOUTcast Server Panel - Detect | Identify web-based control panels | Info | Source | |
| SKYSEA Client View Panel - Detect | Identify web-based control panels | Info | Source | |
| SOPlanning - Default Login | Identify default logins in web-based control panels | High | Source | |
| SOUND4 IMPACT/FIRST/PULSE/Eco <= 2.x - Authentication Bypass | Identify critical remote vulnerabilities | High | Source | |
| SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x (PHPTail) Unauthenticated File Disclosure | Identify critical remote vulnerabilities | Medium | Source | |
| SPIP - Remote Command Execution | CVE-2023-27372 | Identify critical remote vulnerabilities | Critical | Source |
| SQL Buddy Login Panel - Detect | Identify web-based control panels | Info | Source | |
| SQL Monitor - Discovery | Identify web-based control panels | Info | Source | |
| SSH PrivX Login Panel - Detect | Identify web-based control panels | Info | Source | |
| STAGIL Navigation for Jira Menu & Themes <2.0.52 - Local File Inclusion | CVE-2023-26256 | Identify critical remote vulnerabilities | High | Source |
| STAGIL Navigation for Jira Menu & Themes <2.0.52 - Local File Inclusion | CVE-2023-26255 | Identify critical remote vulnerabilities | High | Source |
| SUNGROW Logger1000 Panel - Detect | Identify web-based control panels | Info | Source | |
| SUSE Manager Server - Panel | Identify web-based control panels | Info | Source | |
| SafeNet Authentication Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Sage X3 Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Saia PCD Web Server Panel - Detect | Identify web-based control panels | Info | Source | |
| SaltStack <=3002 - Shell Injection | CVE-2020-16846 | Identify critical remote vulnerabilities | Critical | Source |
| SaltStack Config Panel - Detect | Identify web-based control panels | Info | Source | |
| Samsung MagicINFO Panel - Detect | Identify web-based control panels | Info | Source | |
| Samsung Printer - Default Login | Identify default logins in web-based control panels | High | Source | |
| Sanity Studio Panel - Detect | Identify web-based control panels | Info | Source | |
| Sante PACS Server.exe - Path Traversal Information Disclosure | CVE-2025-2264 | Identify critical remote vulnerabilities | High | Source |
| Satellian Intellian Aptus Web <= 1.24 - Remote Command Execution | CVE-2020-7980 | Identify critical remote vulnerabilities | Critical | Source |
| Satis Composer Repository - Detect | Identify web-based control panels | Info | Source | |
| Sato - Default Login | Identify default logins in web-based control panels | High | Source | |
| SawtoothSoftware Lighthouse Studio < 9.16.14 - Pre-Auth Remote Code Execution | CVE-2025-34300 | Identify critical remote vulnerabilities | Critical | Source |
| Scan2Net - Panel | Identify web-based control panels | Info | Source | |
| Schneider Electric Pelco VideoXpert Enterprise 2.0 - Path Traversal | CVE-2017-9965 | Identify critical remote vulnerabilities | Medium | Source |
| Scribble Diffusion Panel - Detect | Identify web-based control panels | Info | Source | |
| ScriptCase Panel Detect | Identify web-based control panels | Info | Source | |
| ScriptCase Production Environment Login | Identify web-based control panels | Info | Source | |
| Seafile Panel - Detect | Identify web-based control panels | Info | Source | |
| Seagate NAS Login - Detect | Identify web-based control panels | Info | Source | |
| Seagate NAS OS 4.3.15.1 - Server Information Disclosure | CVE-2018-12296 | Identify critical remote vulnerabilities | High | Source |
| SecurEnvoy Login Panel - Detect | Identify web-based control panels | Info | Source | |
| SecurEnvoy Two Factor Authentication - LDAP Injection | CVE-2024-37393 | Identify critical remote vulnerabilities | High | Source |
| Secure Login Service Login Panel - Detect | Identify web-based control panels | Info | Source | |
| SecurePoint UTM 12.x Session ID Leak | CVE-2023-22620 | Identify critical remote vulnerabilities | High | Source |
| Securepoint UTM - Leaking Remote Memory Contents | CVE-2023-22897 | Identify critical remote vulnerabilities | Medium | Source |
| Security Onion Panel - Detect | Identify web-based control panels | Info | Source | |
| SecuritySpy Camera Panel - Detect | Identify web-based control panels | Info | Source | |
| SeedDMS - Default Login | Identify default logins in web-based control panels | High | Source | |
| SeedDMS Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Seeyon OA A6 setextno.jsp - SQL Injection | Identify critical remote vulnerabilities | High | Source | |
| Selenium Grid Panel - Detect | Identify web-based control panels | Info | Source | |
| SelfCheck System Manager - Panel | Identify web-based control panels | Info | Source | |
| Sensei LMS < 4.24.2 - Email Template Leak | CVE-2024-7786 | Identify critical remote vulnerabilities | Medium | Source |
| Sensu by Sumo Logic Login Panel - Detect | Identify web-based control panels | Info | Source | |
| SentinelOne Management Console Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Sentry Login Panel | Identify web-based control panels | Info | Source | |
| SequoiaDB Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Server Backup Manager SE Panel - Detect | Identify web-based control panels | Info | Source | |
| ServiceNow - Incomplete Input Validation | CVE-2024-5217 | Identify critical remote vulnerabilities | Critical | Source |
| ServiceNow Login Panel - Detect | Identify web-based control panels | Info | Source | |
| ServiceNow UI Macros - Template Injection | CVE-2024-4879 | Identify critical remote vulnerabilities | Critical | Source |
| SevOne NMS Network Manager | Identify web-based control panels | Info | Source | |
| ShardingSphere ElasticJob UI Panel | Identify web-based control panels | Info | Source | |
| Sharefile Login - Panel | Identify web-based control panels | Info | Source | |
| Shell In A Box - Detect | Identify web-based control panels | Info | Source | |
| Shield Security WP Plugin <= 18.5.9 - Local File Inclusion | CVE-2023-6989 | Identify critical remote vulnerabilities | Critical | Source |
| Shiziyu CMS Api Controller - SQL Injection | Identify critical remote vulnerabilities | High | Source | |
| ShokoServer System - Local File Inclusion (LFI) | CVE-2023-43662 | Identify critical remote vulnerabilities | High | Source |
| ShortPixel Adaptive Images < 3.6.3 - Cross Site Scripting | CVE-2023-0334 | Identify critical remote vulnerabilities | Medium | Source |
| Sidekiq < 7.0.8 - Cross-Site Scripting | CVE-2023-1892 | Identify critical remote vulnerabilities | Critical | Source |
| Sidekiq Dashboard Panel - Detect | Identify web-based control panels | Medium | Source | |
| Siemens SIMATIC HMI Miniweb - Default Login | Identify default logins in web-based control panels | High | Source | |
| Signet Explorer Dashboard - Detect | Identify web-based control panels | Info | Source | |
| SimpleHelp <= 5.5.7 - Unauthenticated Path Traversal | CVE-2024-57727 | Identify critical remote vulnerabilities | High | Source |
| Sitecore - Remote Code Execution | CVE-2023-35813 | Identify critical remote vulnerabilities | Critical | Source |
| Sitecore CMS - Cross-Site Scripting | CVE-2014-100004 | Identify critical remote vulnerabilities | Medium | Source |
| Sitecore Experience Manager (XM) and Experience Platform (XP) - Hardcoded Credentials | CVE-2025-34509 | Identify critical remote vulnerabilities | High | Source |
| Sitecore Experience Platform <= 10.4 - Arbitrary File Read | CVE-2024-46938 | Identify critical remote vulnerabilities | High | Source |
| Sitecore Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Skeepers Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Smart s200 Management Platform v.S200 - SQL Injection | CVE-2024-27718 | Identify critical remote vulnerabilities | High | Source |
| SmartPing Dashboard Panel - Detect | Identify web-based control panels | Info | Source | |
| SmartSearchWP < 2.4.6 - OpenAI Key Disclosure | Identify critical remote vulnerabilities | Medium | Source | |
| Social Auto Poster <= 5.3.14 - Stored Cross-Site Scripting | CVE-2024-6753 | Identify critical remote vulnerabilities | High | Source |
| SoftEther VPN Admin Console - Default Login | Identify default logins in web-based control panels | High | Source | |
| SoftEther VPN Panel - Detect | Identify web-based control panels | Info | Source | |
| SolarView 6.00 - Remote Command Execution | CVE-2022-40881 | Identify critical remote vulnerabilities | Critical | Source |
| SolarView Compact 6.00 - OS Command Injection | CVE-2022-29303 | Identify critical remote vulnerabilities | Critical | Source |
| SolarView Compact 6.00 - OS Command Injection | CVE-2023-23333 | Identify critical remote vulnerabilities | Critical | Source |
| SolarView Compact <= 6.00 - Local File Inclusion | CVE-2023-29919 | Identify critical remote vulnerabilities | Critical | Source |
| SolarView Compact Panel - Detect | Identify web-based control panels | Info | Source | |
| SolarWinds ARM (Access Rights Manager) - Detect | Identify web-based control panels | Info | Source | |
| SolarWinds Orion - Default Login | Identify default logins in web-based control panels | High | Source | |
| SolarWinds Orion API - Auth Bypass | CVE-2020-10148 | Identify critical remote vulnerabilities | Critical | Source |
| SolarWinds Security Event Manager - Unauthenticated RCE | CVE-2024-0692 | Identify critical remote vulnerabilities | High | Source |
| SolarWinds Serv-U - Directory Traversal | CVE-2024-28995 | Identify critical remote vulnerabilities | High | Source |
| SolarWinds Web Help Desk - Hardcoded Credential | CVE-2024-28987 | Identify critical remote vulnerabilities | Critical | Source |
| SolarWinds Web Help Desk < 12.8.3 - Insecure Deserialization | CVE-2024-28986 | Identify critical remote vulnerabilities | Critical | Source |
| Solara <1.35.1 - Local File Inclusion | CVE-2024-39903 | Identify critical remote vulnerabilities | High | Source |
| Somansa DLP Login Panel - Detect | Identify web-based control panels | Info | Source | |
| SonarQube - Default Login | Identify default logins in web-based control panels | High | Source | |
| Sonatype Nexus Repository Manager <3.15.0 - Remote Code Execution | CVE-2019-7238 | Identify critical remote vulnerabilities | Critical | Source |
| Sonatype Nexus Repository Manager 3 - Local File Inclusion | CVE-2024-4956 | Identify critical remote vulnerabilities | High | Source |
| Sonatype Nexus Repository Manager 3 - Remote Code Execution | CVE-2020-10199 | Identify critical remote vulnerabilities | High | Source |
| SonicOS SSLVPN Authentication Bypass Vulnerability | CVE-2024-53704 | Identify critical remote vulnerabilities | Critical | Source |
| SonicWall Analyzer Login Panel - Detect | Identify web-based control panels | Info | Source | |
| SonicWall Appliance Management Console Login Panel - Detect | Identify web-based control panels | Info | Source | |
| SonicWall GMS and Analytics - SQL Injection | CVE-2023-34133 | Identify critical remote vulnerabilities | High | Source |
| SonicWall Network Security Login - Detect | Identify web-based control panels | Info | Source | |
| SonicWall SMA1000 LFI | CVE-2023-0126 | Identify critical remote vulnerabilities | High | Source |
| Sonicwall - Pre-Authentication Arbitrary File Read | CVE-2024-38475 | Identify critical remote vulnerabilities | Critical | Source |
| Sophos Firewall <=18.5 MR3 - Remote Code Execution | CVE-2022-1040 | Identify critical remote vulnerabilities | Critical | Source |
| Sophos Firewall Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Sophos Mobile Panel - Detect | Identify web-based control panels | Info | Source | |
| Sophos Web Appliance | Identify web-based control panels | Info | Source | |
| Sound4 IMPACT/FIRST/PULSE/Eco <=2.x - Authentication Bypass | Identify critical remote vulnerabilities | High | Source | |
| SpaceLogic C-Bus Home Panel - Detect | Identify web-based control panels | Info | Source | |
| Spam protection, AntiSpam, FireWall by CleanTalk < 5.153.4 - Unauthenticated Blind SQL Injection | CVE-2021-24295 | Identify critical remote vulnerabilities | High | Source |
| Speedtest Panel - Detection | Identify web-based control panels | Info | Source | |
| SphinxOnline Panel - Detect | Identify web-based control panels | Info | Source | |
| Splunk - Default Login | Identify default logins in web-based control panels | High | Source | |
| Splunk Enterprise - Local File Inclusion | CVE-2024-36991 | Identify critical remote vulnerabilities | High | Source |
| Splunk Enterprise Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Splunk SOAR Login Panel - Detect | Identify web-based control panels | Info | Source | |
| SpotWeb Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Spotweb <= 1.5.1 - Cross Site Scripting (Reflected) | CVE-2021-43725 | Identify critical remote vulnerabilities | Medium | Source |
| Spring Cloud Config Server - Local File Inclusion | CVE-2020-5410 | Identify critical remote vulnerabilities | High | Source |
| SqWebMail Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Squidex Headless CMS Panel - Detect | Identify web-based control panels | Info | Source | |
| SquirrelMail Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Stackposts Social Marketing Tool v1.0 - SQL Injection | Identify critical remote vulnerabilities | High | Source | |
| Star Micronics Network Utility Panel - Detect | Identify web-based control panels | Info | Source | |
| Stash < 0.26.0 - SQL Injection | CVE-2024-32231 | Identify critical remote vulnerabilities | Medium | Source |
| SteVe Login Panel - Detect | Identify web-based control panels | Info | Source | |
| SteVe OCPP server - Default Login | Identify default logins in web-based control panels | Info | Source | |
| Stirling PDF Panel - Detect | Identify web-based control panels | Info | Source | |
| Stock Ticker <= 3.23.2 - Cross-Site Scripting | CVE-2023-40208 | Identify critical remote vulnerabilities | High | Source |
| Stop User Enumeration WordPress plugin - Authentication Bypass | CVE-2025-4302 | Identify critical remote vulnerabilities | Medium | Source |
| Storybook Panel - Detect | Identify web-based control panels | Info | Source | |
| Strapi Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Strider CD Panel - Detect | Identify web-based control panels | Info | Source | |
| Structurizr - Default Login | Identify default logins in web-based control panels | High | Source | |
| Structurizr Panel - Detect | Identify web-based control panels | Info | Source | |
| SugarCRM Login Panel - Detect | Identify web-based control panels | Info | Source | |
| SuiteCRM - SQL Injection | CVE-2024-36412 | Identify critical remote vulnerabilities | Critical | Source |
| Sunbird DCIM - Detect | Identify web-based control panels | Info | Source | |
| SuperAdmin Login Panel - Detect | Identify web-based control panels | Info | Source | |
| SuperWebmailer 7.21.0.01526 - Remote Code Execution | CVE-2020-11546 | Identify critical remote vulnerabilities | Critical | Source |
| Supermicro BMC Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Supermicro IPMI - Default Login | Identify default logins in web-based control panels | High | Source | |
| Supershell - Default Login | Identify default logins in web-based control panels | High | Source | |
| Supertokens Login Panel - Detect | Identify web-based control panels | Info | Source | |
| SupportCandy < 2.2.7 - Reflected Cross-Site Scripting | CVE-2021-24878 | Identify critical remote vulnerabilities | Medium | Source |
| Suprema BioStar 2 Panel - Detect | Identify web-based control panels | Info | Source | |
| Swift Performance Lite < 2.3.7.2 - Local PHP File Inclusion | CVE-2024-10516 | Identify critical remote vulnerabilities | High | Source |
| Syfadis Xperience Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Symantec Data Loss Prevention Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Symantec Encryption Server Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Symantec Endpoint Protection Manager Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Symantec PGP Global Directory Panel - Detect | Identify web-based control panels | Info | Source | |
| Symfony Profiler - Remote Access via Injected Arguments | CVE-2024-50340 | Identify critical remote vulnerabilities | High | Source |
| Symmetricom SyncServer Panel - Detect | Identify web-based control panels | Info | Source | |
| Symmetricom SyncServer Unauthenticated - Remote Command Execution | CVE-2022-40022 | Identify critical remote vulnerabilities | Critical | Source |
| Synacor Zimbra Collaboration <8.7.11p10 - XML External Entity Injection | CVE-2019-9670 | Identify critical remote vulnerabilities | Critical | Source |
| Synapse Mobility Login Panel - Detect | Identify web-based control panels | Info | Source | |
| SyncThru Web Service Panel - Detect | Identify web-based control panels | Info | Source | |
| Synopsys Coverity Panel | Identify web-based control panels | Info | Source | |
| SysAid Login Panel - Detect | Identify web-based control panels | Info | Source | |
| T-Up OpenFrame | Identify web-based control panels | Info | Source | |
| TIBCO JasperReports Library - Directory Traversal | CVE-2018-18809 | Identify critical remote vulnerabilities | Medium | Source |
| TIBCO Jaspersoft Login Panel - Detect | Identify web-based control panels | Info | Source | |
| TIBCO Managed File Transfer - Panel | Identify web-based control panels | Info | Source | |
| TOTOLINK A3002RU 1.0.8 - Information Disclosure | CVE-2018-13317 | Identify critical remote vulnerabilities | Medium | Source |
| TOTOLINK A3700R - Command Injection | CVE-2023-46574 | Identify critical remote vulnerabilities | Critical | Source |
| TOTOLINK CP450 v4.1.0cu.747_B20191224 - Hard-Coded Password Vulnerability | CVE-2024-7332 | Identify critical remote vulnerabilities | Critical | Source |
| TOTOLINK CX-A3002RU - Remote Code Execution | CVE-2024-51228 | Identify critical remote vulnerabilities | Medium | Source |
| TOTOLINK EX1200T 4.1.2cu.5215 - Authentication Bypass | CVE-2021-42887 | Identify critical remote vulnerabilities | Critical | Source |
| TOTOLINK EX1800T TOTOLINK EX1800T - Command Injection | CVE-2024-34257 | Identify critical remote vulnerabilities | Critical | Source |
| TOTOLINK N150RT - Password Exposure | Identify critical remote vulnerabilities | High | Source | |
| TOTOLINK/Realtek Routers - CAPTCHA Bypass | CVE-2019-19825 | Identify critical remote vulnerabilities | Critical | Source |
| TOTOLINK/Realtek Routers - Information Disclosure | CVE-2019-19822 | Identify critical remote vulnerabilities | High | Source |
| TOTOLINK/Realtek Routers - Information Disclosure | CVE-2019-19823 | Identify critical remote vulnerabilities | High | Source |
| TOTOLink Router - Remote Command Execution | Identify critical remote vulnerabilities | Critical | Source | |
| TP-LINK - Local File Inclusion | CVE-2015-3035 | Identify critical remote vulnerabilities | High | Source |
| TP-LINK WR840N v6 up to 0.9.1 4.16 - Improper Authentication | CVE-2024-57050 | Identify critical remote vulnerabilities | Critical | Source |
| TP-Link Archer AX21 (AX1800) - Unauthenticated Command Injection | CVE-2023-1389 | Identify critical remote vulnerabilities | High | Source |
| TP-Link Archer C20 - Authentication Bypass | CVE-2024-57049 | Identify critical remote vulnerabilities | Critical | Source |
| TP-Link Wireless N Router WR940N - Default Login | Identify default logins in web-based control panels | High | Source | |
| TRENDnet TEW-827DRU Login Panel - Detect | Identify web-based control panels | Info | Source | |
| TRUfusion Enterprise <= 7.10.4.0 - Admin Contact Portal | CVE-2025-27225 | Identify critical remote vulnerabilities | High | Source |
| TRUfusion Enterprise <= 7.10.4.0 - Authentication Bypass | CVE-2025-27223 | Identify critical remote vulnerabilities | Critical | Source |
| TRUfusion Enterprise <= 7.10.4.0 - Path Traversal | CVE-2025-27222 | Identify critical remote vulnerabilities | Critical | Source |
| TVT NVMS 1000 - Local File Inclusion | CVE-2019-20085 | Identify critical remote vulnerabilities | High | Source |
| Tabby Panel - Detect | Identify web-based control panels | Info | Source | |
| Tableau Services Manager Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Tactical RMM Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Tailon Panel - Detect | Identify web-based control panels | Unknown | Source | |
| TamronOS IPTV/VOD - Remote Command Execution | Identify critical remote vulnerabilities | Critical | Source | |
| Tautulli Panel - Detect | Identify web-based control panels | Info | Source | |
| Tautulli Panel - Unauthenticated Access | Identify web-based control panels | Medium | Source | |
| TeamCity < 2023.11.4 - Authentication Bypass | CVE-2024-27198 | Identify critical remote vulnerabilities | Critical | Source |
| TeamCity Login Panel - Detect | Identify web-based control panels | Info | Source | |
| TeamForge Panel - Detection | Identify web-based control panels | Info | Source | |
| TeamPass 2.1.27.36 - Improper Authentication | CVE-2020-12478 | Identify critical remote vulnerabilities | High | Source |
| TeamPass Panel - Detect | Identify web-based control panels | Info | Source | |
| TecConnect OpenMessaging Webservice Detection | Identify web-based control panels | Info | Source | |
| Tekton Dashboard Panel - Detect | Identify web-based control panels | Info | Source | |
| Telecontrol Server Basic Panel - Detect | Identify web-based control panels | Info | Source | |
| Teleport - Authentication Bypass | CVE-2025-49825 | Identify critical remote vulnerabilities | Critical | Source |
| Teleport Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Telerik Report Server Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Telesquare TLR-2005KSH - Remote Command Execution | CVE-2024-29269 | Identify critical remote vulnerabilities | High | Source |
| Telesquare TLR-2005KSH Login Panel - Detect | Identify web-based control panels | Info | Source | |
| TemboSocial Admin Panel - Detect | Identify web-based control panels | Info | Source | |
| Temenos Transact Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Tenable Nessus Panel - Detect | Identify web-based control panels | Info | Source | |
| Tenda 11N - Authentication Bypass | CVE-2022-42233 | Identify critical remote vulnerabilities | Critical | Source |
| Tenda 11n Wireless Router - Admin Panel | Identify web-based control panels | Info | Source | |
| Tenda Web Master Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Tenemos T24 Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Teradek Cube Administrative Console - Panel | Identify web-based control panels | Info | Source | |
| TerraMaster TOS < 4.2.30 Server Information Disclosure | CVE-2022-24990 | Identify critical remote vulnerabilities | High | Source |
| Terraform Enterprise Panel - Detect | Identify web-based control panels | Info | Source | |
| The Events Calendar < 6.4.0.1 - Cross-site Scripting | CVE-2024-4180 | Identify critical remote vulnerabilities | Medium | Source |
| The Events Calendar <= 6.15.2 - Information Disclosure | Identify critical remote vulnerabilities | Medium | Source | |
| The Plus Addons for Elementor Page Builder < 4.1.7 - Authentication Bypass | CVE-2021-24175 | Identify critical remote vulnerabilities | Critical | Source |
| ThemeGrill Demo Importer < 1.6.2 - Database Reset | CVE-2020-36333 | Identify critical remote vulnerabilities | Critical | Source |
| Themes Coder Ecommerce <= 1.3.4 - SQL Injection | CVE-2024-13726 | Identify critical remote vulnerabilities | High | Source |
| ThinVNC - Authentication Bypass | CVE-2022-25226 | Identify critical remote vulnerabilities | Critical | Source |
| Thinfinity VirtualUI Panel - Detect | Identify web-based control panels | Info | Source | |
| Thinfinity VirtualUI User Enumeration | CVE-2021-44848 | Identify critical remote vulnerabilities | Medium | Source |
| ThingsBoard Panel - Detect | Identify web-based control panels | Info | Source | |
| ThinkPHP 5.0.24 - Information Disclosure | CVE-2022-25481 | Identify critical remote vulnerabilities | High | Source |
| ThinkPHP < 3.2.4 - Remote Code Execution | Identify critical remote vulnerabilities | High | Source | |
| Thruk Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Tigase XMPP Server - Exposure | Identify web-based control panels | Info | Source | |
| Tiki Wiki CMS GroupWare - Authentication Bypass | CVE-2020-15906 | Identify critical remote vulnerabilities | Critical | Source |
| Tiki Wiki CMS Groupware Login Panel - Detect | Identify web-based control panels | Info | Source | |
| TileServer API - Cross Site Scripting | CVE-2024-35627 | Identify critical remote vulnerabilities | Medium | Source |
| Time Clock <= 1.2.2 & Time Clock Pro <= 1.1.4 - Remote Code Execution | CVE-2024-9593 | Identify critical remote vulnerabilities | High | Source |
| TimeKeeper - Default Login | Identify default logins in web-based control panels | High | Source | |
| Tiny File Manager - Default Login | Identify default logins in web-based control panels | High | Source | |
| Tiny File Manager Panel - Detect | Identify web-based control panels | Info | Source | |
| Tiny RSS Panel - Detect | Identify web-based control panels | Info | Source | |
| Tixeo Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Tomcat Exposed - Detect | Identify web-based control panels | Info | Source | |
| Tongda OA 11.7 - Authentication Bypass | Identify critical remote vulnerabilities | High | Source | |
| ToolJet - Default Login | Identify default logins in web-based control panels | High | Source | |
| ToolJet Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Tools4Ever Self-Service Reset Password Manager - Panel | Identify web-based control panels | Info | Source | |
| Topsec TopAppLB - Authentication Bypass | Identify critical remote vulnerabilities | High | Source | |
| Toshiba TopAccess - Default Login | Identify default logins in web-based control panels | High | Source | |
| Toshiba TopAccess Panel - Detect | Identify web-based control panels | Info | Source | |
| Total Donations Plugin for WordPress < 2.0.6 - Arbitrary Options Update | CVE-2019-6703 | Identify critical remote vulnerabilities | Critical | Source |
| Totemomail Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Traccar Panel - Detect | Identify web-based control panels | Info | Source | |
| Traccar(Windows) 6.1- 6.8.1 - Local File Inclusion | CVE-2025-61666 | Identify critical remote vulnerabilities | High | Source |
| Traefik Dashboard Panel - Detect | Identify web-based control panels | Info | Source | |
| Traggo Server - Local File Inclusion | CVE-2023-34843 | Identify critical remote vulnerabilities | High | Source |
| Trassir WebView - Default Login | Identify default logins in web-based control panels | High | Source | |
| Trend Micro Apex One Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Trinity Audio <= 5.21.0 - Information Exposure | CVE-2025-9196 | Identify critical remote vulnerabilities | Medium | Source |
| Triofox - Improper Access Control | CVE-2025-12480 | Identify critical remote vulnerabilities | Critical | Source |
| TrueNAS Panel - Detect | Identify web-based control panels | Info | Source | |
| Tufin SecureTrack Login Panel - Detect | Identify web-based control panels | Info | Source | |
| TurboMeeting - Boolean-based SQL Injection | CVE-2024-38289 | Identify critical remote vulnerabilities | Critical | Source |
| TurnKey LAMP Panel - Detect | Identify web-based control panels | Info | Source | |
| TurnKey OpenVPN Panel - Detect | Identify web-based control panels | Info | Source | |
| Tutor LMS <= 2.7.6 - SQL Injection | CVE-2024-10400 | Identify critical remote vulnerabilities | High | Source |
| UFIDA NC - Arbitrary File Read | Identify critical remote vulnerabilities | High | Source | |
| UFIDA U8 CRM cfillbacksetting.php - SQL Injection | Identify critical remote vulnerabilities | High | Source | |
| UFIDA U8 CRM fillbacksetting.php - SQL Injection | Identify critical remote vulnerabilities | High | Source | |
| UNA CMS <= 14.0.0-RC4 - PHP Object Injection | CVE-2025-32101 | Identify critical remote vulnerabilities | Critical | Source |
| UPS Adapter CS141 SNMP Module Default Credentials | Identify default logins in web-based control panels | Medium | Source | |
| Ubigeo de Peru < 3.6.4 - SQL Injection | CVE-2022-0814 | Identify critical remote vulnerabilities | Critical | Source |
| UiPath Orchestrator Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Umami Panel - Detect | Identify web-based control panels | Info | Source | |
| Umbraco Login Panel - Detect | Identify web-based control panels | Info | Source | |
| UnRaid <=6.80 - Remote Code Execution | CVE-2020-5847 | Identify critical remote vulnerabilities | Critical | Source |
| Unauthenticated Remote Code Execution – Bricks <= 1.9.6 | Identify critical remote vulnerabilities | Critical | Source | |
| UniFi - NFC Credentials | Identify critical remote vulnerabilities | High | Source | |
| UniFi Network Login Panel - Detect | Identify web-based control panels | Info | Source | |
| UniFi OS - Panel | Identify web-based control panels | Info | Source | |
| Unibox Panel - Detect | Identify web-based control panels | Info | Source | |
| Unity Plastic SCM Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Universal Media Server v13.2.1 - Cross Site Scripting | Identify critical remote vulnerabilities | Medium | Source | |
| Unleash Panel - Detect | Identify web-based control panels | Info | Source | |
| Unraid Authentication Bypass Vulnerability | CVE-2020-5849 | Identify critical remote vulnerabilities | High | Source |
| Untangle Administrator Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Uptime Kuma - Panel | Identify web-based control panels | Info | Source | |
| UrBackup Panel - Detect | Identify web-based control panels | Info | Source | |
| User Control Panel - Detect | Identify web-based control panels | Info | Source | |
| User Management/Registration & Login v3.0 - SQL Injection | Identify critical remote vulnerabilities | High | Source | |
| User Meta WP Plugin < 3.1 - Sensitive Information Exposure | CVE-2024-33575 | Identify critical remote vulnerabilities | Medium | Source |
| UserPro <= 5.1.1 - Authentication Bypass | CVE-2023-2437 | Identify critical remote vulnerabilities | Critical | Source |
| Usermin 2.100 - Username Enumeration | CVE-2024-44762 | Identify critical remote vulnerabilities | Medium | Source |
| Usermin Panel - Detect | Identify web-based control panels | Info | Source | |
| V2924 Admin Login Panel - Detect | Identify web-based control panels | Info | Source | |
| VICIdial - SQL Injection | CVE-2024-8503 | Identify critical remote vulnerabilities | Critical | Source |
| VMware Aria Operations Login - Detect | Identify web-based control panels | Info | Source | |
| VMware Carbon Black EDR Panel - Detect | Identify web-based control panels | Info | Source | |
| VMware Cloud Director Availability Login Panel - Detect | Identify web-based control panels | Info | Source | |
| VMware Cloud Director Login Panel - Detect | Identify web-based control panels | Info | Source | |
| VMware FTP Server Login Panel - Detect | Identify web-based control panels | Info | Source | |
| VMware HCX Login Panel - Detect | Identify web-based control panels | Info | Source | |
| VMware NSX Login Panel - Detect | Identify web-based control panels | Info | Source | |
| VMware NSX SD-WAN Edge - Command Injection | CVE-2018-6961 | Identify critical remote vulnerabilities | Critical | Source |
| VMware Workspace ONE Access - Server-Side Template Injection | CVE-2022-22954 | Identify critical remote vulnerabilities | Critical | Source |
| VMware Workspace ONE UEM Airwatch Login Panel - Detect | Identify web-based control panels | Info | Source | |
| VMware Workspace ONE UEM Airwatch Self-Service Portal - Detect | Identify web-based control panels | Info | Source | |
| VMware vCenter Converter Panel - Detect | Identify web-based control panels | Info | Source | |
| VMware vCenter Server - Out-of-Bounds Write | CVE-2023-34048 | Identify critical remote vulnerabilities | Critical | Source |
| VMware vCloud Director Panel - Detect | Identify web-based control panels | Info | Source | |
| VMware vRealize Log Insight - Improper Access Control to RCE | CVE-2022-31704 | Identify critical remote vulnerabilities | Critical | Source |
| VMware vRealize Log Insight - Path Traversal | CVE-2022-31706 | Identify critical remote vulnerabilities | Critical | Source |
| VMware vRealize Log Insight < v8.10.2 - Information Disclosure | CVE-2022-31711 | Identify critical remote vulnerabilities | Medium | Source |
| Vanna - SQL injection | CVE-2024-5827 | Identify critical remote vulnerabilities | Critical | Source |
| Vault Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Vaultwarden Login Panel - Detect | Identify web-based control panels | Info | Source | |
| VectorAdmin Panel - Detect | Identify web-based control panels | Info | Source | |
| Veeam Backup & Replication - Unauthenticated | CVE-2024-40711 | Identify critical remote vulnerabilities | Critical | Source |
| Veeam Backup Enterprise Manager Login - Detect | Identify web-based control panels | Info | Source | |
| Veeam Backup for Google Cloud Platform Panel - Detect | Identify web-based control panels | Info | Source | |
| Veeam Backup for Microsoft Azure Panel - Detect | Identify web-based control panels | Info | Source | |
| Veeam Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Veracore Login - Detect | Identify web-based control panels | Info | Source | |
| Veritas NetBackup OpsCenter Analytics Login - Detect | Identify web-based control panels | Info | Source | |
| Veriz0wn OSINT - Detect | Identify web-based control panels | Info | Source | |
| Verizon Router Panel - Detect | Identify web-based control panels | Info | Source | |
| Versa Concerto API Path Based - Authentication Bypass | Identify critical remote vulnerabilities | Critical | Source | |
| Versa Concerto Actuator Endpoint - Authentication Bypass | Identify critical remote vulnerabilities | Critical | Source | |
| Versa Director Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Versa FlexVNF - Default Login | Identify default logins in web-based control panels | High | Source | |
| Versa FlexVNF Panel - Detect | Identify web-based control panels | Info | Source | |
| VertaAI ModelDB - Path Traversal | CVE-2023-6023 | Identify critical remote vulnerabilities | High | Source |
| Vertex Tax Installer Panel - Detect | Identify web-based control panels | Info | Source | |
| VictoriaMetrics Panel - Detect | Identify web-based control panels | Info | Source | |
| Vidyo Admin Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Viessmann Vitogate 300 - Hardcoded Password | CVE-2023-5222 | Identify critical remote vulnerabilities | Medium | Source |
| Viessmann Vitogate 300 - Remote Code Execution | CVE-2023-45852 | Identify critical remote vulnerabilities | Critical | Source |
| Vinchin Backup & Recovery Panel - Detect | Identify web-based control panels | Info | Source | |
| Virtua Software Cobranca <12R - Blind SQL Injection | CVE-2021-37589 | Identify critical remote vulnerabilities | High | Source |
| Virtua Software Panel - Detect | Identify web-based control panels | Info | Source | |
| Vite - Arbitrary File Read | CVE-2025-30208 | Identify critical remote vulnerabilities | Medium | Source |
| Vite - Information Disclosure | Identify critical remote vulnerabilities | Medium | Source | |
| Vite Dev Server - Path Traversal | CVE-2025-58751 | Identify critical remote vulnerabilities | Low | Source |
| Vite Development Server - Path Traversal | CVE-2025-31125 | Identify critical remote vulnerabilities | Medium | Source |
| Vite server.fs.deny Bypass - Local File Inclusion | CVE-2025-31486 | Identify critical remote vulnerabilities | Medium | Source |
| VoIPmonitor Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Vodafone Vox UI Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Void Aural Rec Monitor 9.0.0.1 - SQL Injection | CVE-2021-25899 | Identify critical remote vulnerabilities | High | Source |
| VoipMonitor - Pre-Auth SQL Injection | CVE-2022-24260 | Identify critical remote vulnerabilities | Critical | Source |
| VoipMonitor <24.61 - Remote Code Execution | CVE-2021-30461 | Identify critical remote vulnerabilities | Critical | Source |
| Vtiger CRM - Default Login | Identify default logins in web-based control panels | High | Source | |
| Vtiger CRM v7.2.0 - Directory Listing | CVE-2020-19363 | Identify critical remote vulnerabilities | Medium | Source |
| Vue PACS - Panel | Identify web-based control panels | Info | Source | |
| Vue Vben Admin - Default Credentials | CVE-2025-25570 | Identify critical remote vulnerabilities | Critical | Source |
| WAGO - Remote Command Execution | CVE-2023-1698 | Identify critical remote vulnerabilities | Critical | Source |
| WAGO Web-based Management - Default Login | Identify default logins in web-based control panels | High | Source | |
| WAVLINK - Access Control | CVE-2020-10973 | Identify critical remote vulnerabilities | High | Source |
| WAVLINK AC1200 - Information Disclosure | CVE-2021-44260 | Identify critical remote vulnerabilities | High | Source |
| WAVLINK Quantum D4G (WL-WN531G3) - Information Disclosure | CVE-2022-44356 | Identify critical remote vulnerabilities | High | Source |
| WAVLINK WN530H4 M30H4.V5030.190403 - Information Disclosure | CVE-2020-12127 | Identify critical remote vulnerabilities | High | Source |
| WAVLINK WN530H4 live_api.cgi - Command Injection | CVE-2020-12124 | Identify critical remote vulnerabilities | Critical | Source |
| WAVLINK WN530HG4 - Improper Access Control | CVE-2022-34049 | Identify critical remote vulnerabilities | Medium | Source |
| WAVLINK WN530HG4 - Improper Access Control | CVE-2022-34047 | Identify critical remote vulnerabilities | High | Source |
| WAVLINK WN530HG4 - Improper Access Control | CVE-2022-34045 | Identify critical remote vulnerabilities | Critical | Source |
| WAVLINK WN533A8 - Improper Access Control | CVE-2022-34046 | Identify critical remote vulnerabilities | High | Source |
| WAVLINK WN535 G3 - Improper Access Control | CVE-2022-34576 | Identify critical remote vulnerabilities | High | Source |
| WAVLINK WN535 G3 - Information Disclosure | CVE-2022-31845 | Identify critical remote vulnerabilities | High | Source |
| WAVLINK WN535 G3 - Information Disclosure | CVE-2022-31846 | Identify critical remote vulnerabilities | High | Source |
| WAVLINK WN579 X3 M79X3.V5030.180719 - Information Disclosure | CVE-2022-31847 | Identify critical remote vulnerabilities | High | Source |
| WCFM Membership <= 2.10.0 - Broken Access Control | CVE-2022-4940 | Identify critical remote vulnerabilities | High | Source |
| WCFM WooCommerce Multivendor Marketplace < 3.4.12 - SQL Injection | CVE-2021-24849 | Identify critical remote vulnerabilities | Critical | Source |
| WD My Cloud Panel - Detect | Identify web-based control panels | Info | Source | |
| WP Fastest Cache 1.2.2 - SQL Injection | CVE-2023-6063 | Identify critical remote vulnerabilities | High | Source |
| WP Google Maps < 9.0.48 - Cross-Site Scripting | CVE-2025-11307 | Identify critical remote vulnerabilities | High | Source |
| WP Hotel Booking < 1.10.4 - PHP Object Injection | CVE-2020-29047 | Identify critical remote vulnerabilities | Critical | Source |
| WP Popup Builder Popup Forms and Marketing Lead Generation <= 1.3.5 - Arbitrary Shortcode Execution | CVE-2024-9061 | Identify critical remote vulnerabilities | High | Source |
| WP Query Console <= 1.0 - Remote Code Execution | CVE-2024-50498 | Identify critical remote vulnerabilities | Critical | Source |
| WP Umbrella Update Backup Restore & Monitoring <= 2.17.0 - Local File Inclusion | CVE-2024-12209 | Identify critical remote vulnerabilities | Critical | Source |
| WP User <= 7.0 - Unauthenticated SQLi | CVE-2022-4049 | Identify critical remote vulnerabilities | Critical | Source |
| WP Visitor Statistics (Real Time Traffic) < 6.9 - SQL Injection | CVE-2023-0600 | Identify critical remote vulnerabilities | Critical | Source |
| WP-Recall – Plugin <= 16.26.10 - Unauthenticated SQL Injection | CVE-2025-1323 | Identify critical remote vulnerabilities | High | Source |
| WPEngine WPGraphQL 0.2.3 - Unauthenticated Comment Posting | CVE-2019-9881 | Identify critical remote vulnerabilities | Medium | Source |
| WPEngine WPGraphQL 0.2.3 - Unauthenticated User Information Disclosure | CVE-2019-9880 | Identify critical remote vulnerabilities | Critical | Source |
| WPMobile.App <= 11.56 - Open Redirect | CVE-2024-13888 | Identify critical remote vulnerabilities | High | Source |
| WPS Hide Login <= 1.5.2.2 - Login Page Bypass | Identify critical remote vulnerabilities | High | Source | |
| WPS Hide Login <= 1.9.15.2 - Login Page Disclosure | CVE-2024-2473 | Identify critical remote vulnerabilities | Medium | Source |
| WS-FTP Ad Hoc Transfer Panel - Detect | Identify web-based control panels | Info | Source | |
| WSO2 Management Console - Authentication Bypass | CVE-2025-5605 | Identify critical remote vulnerabilities | Medium | Source |
| WSO2 Management Console - Default Login | Identify default logins in web-based control panels | High | Source | |
| WSO2 Management Console Login Panel - Detect | Identify web-based control panels | Info | Source | |
| WS_FTP Server - Insecure Deserialization | CVE-2023-40044 | Identify critical remote vulnerabilities | Critical | Source |
| WS_FTP Server Web Transfer - Panel Detect | Identify web-based control panels | Info | Source | |
| WWBN AVideo 11.6 - Cross-Site Scripting | CVE-2023-48728 | Identify critical remote vulnerabilities | Critical | Source |
| Wagtail Login - Detect | Identify web-based control panels | Info | Source | |
| Wallix Access Manager Panel - Detect | Identify web-based control panels | Info | Source | |
| WampServer Panel - Detect | Identify web-based control panels | Info | Source | |
| Watcher Panel - Detect | Identify web-based control panels | Info | Source | |
| Watershed Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Wavlink - Improper Access Control | CVE-2022-48165 | Identify critical remote vulnerabilities | High | Source |
| Wavlink WL-WN530HG4 M30HG4.V5030.201217 - Information Disclosure | CVE-2022-48166 | Identify critical remote vulnerabilities | High | Source |
| Wavlink WL-WN533A8 M33A8.V5030.190716 - Information Disclosure | CVE-2022-48164 | Identify critical remote vulnerabilities | High | Source |
| Wavlink WN535K2/WN535K3 - OS Command Injection | CVE-2022-2487 | Identify critical remote vulnerabilities | High | Source |
| Wazuh - Default Login | Identify default logins in web-based control panels | High | Source | |
| Wazuh Login Panel | Identify web-based control panels | Info | Source | |
| WeChat agentinfo - Information Exposure | Identify critical remote vulnerabilities | High | Source | |
| WeGIA - Directory Traversal | CVE-2025-55169 | Identify critical remote vulnerabilities | Critical | Source |
| Web File Manager Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Web Transfer Client Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Web Viewer for Samsung DVR - Detect | Identify web-based control panels | Info | Source | |
| WebIQ 2.15.9 - Directory Traversal | CVE-2024-8752 | Identify critical remote vulnerabilities | High | Source |
| WebMethod Integration Server - Default Login | Identify default logins in web-based control panels | High | Source | |
| WebPageTest Login Panel - Detect | Identify web-based control panels | Info | Source | |
| WebShell4 Login Panel - Detect | Identify web-based control panels | Info | Source | |
| WebTitan Cloud Panel - Detect | Identify web-based control panels | Info | Source | |
| WebcomCo - Panel | Identify web-based control panels | Info | Source | |
| Webmin - Default Login | Identify default logins in web-based control panels | High | Source | |
| Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure | CVE-2006-3392 | Identify critical remote vulnerabilities | Medium | Source |
| Webmin < 1.920 - Authenticated Remote Code Execution | CVE-2019-15642 | Identify critical remote vulnerabilities | High | Source |
| Webmin <= 1.920 - Unauthenticated Remote Command Execution | CVE-2019-15107 | Identify critical remote vulnerabilities | Critical | Source |
| Webmin Admin Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Webmodule Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Webroot Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Webuzo Admin Login Panel - Detect | Identify web-based control panels | Info | Source | |
| WeiPHP 5.0 - SQL Injection | CVE-2020-20300 | Identify critical remote vulnerabilities | Critical | Source |
| Weiphp Panel - Detect | Identify web-based control panels | Info | Source | |
| Western Digital MyCloud NAS - Authentication Bypass | CVE-2018-17153 | Identify critical remote vulnerabilities | Critical | Source |
| Whatsup Gold Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Wifisky - Default Login | Identify default logins in web-based control panels | High | Source | |
| Wildfly - Default Login | Identify default logins in web-based control panels | High | Source | |
| Wildix Collaboration Panel - Detect | Identify web-based control panels | Info | Source | |
| Windows Admin Center Panel - Detection | Identify web-based control panels | Info | Source | |
| Wing FTP Server <= 7.4.3 - Path Disclosure via Overlong UID Cookie | CVE-2025-47813 | Identify critical remote vulnerabilities | Medium | Source |
| Wing FTP Server <= 7.4.3 - Remote Code Execution | CVE-2025-47812 | Identify critical remote vulnerabilities | Critical | Source |
| Wiren Board WebUI Panel - Detect | Identify web-based control panels | Medium | Source | |
| Woodpecker CI Panel - Detect | Identify web-based control panels | Info | Source | |
| Woodwing Studio Server Panel - Detect | Identify web-based control panels | Info | Source | |
| WordPress 12 Step Meeting List Plugin <= 3.14.33 - Cross-Site Scripting | CVE-2024-35693 | Identify critical remote vulnerabilities | Medium | Source |
| WordPress <= 5.2.4 - Unauthenticated View Private/Draft Posts | CVE-2019-17671 | Identify critical remote vulnerabilities | Medium | Source |
| WordPress AI Engine Plugin - Token Exposure | CVE-2025-11749 | Identify critical remote vulnerabilities | Critical | Source |
| WordPress AMP - Full Path Disclosure | Identify critical remote vulnerabilities | Low | Source | |
| WordPress AddToAny Share Buttons Plugin - Full Path Disclosure | Identify critical remote vulnerabilities | Low | Source | |
| WordPress Astra - Full Path Disclosure | Identify critical remote vulnerabilities | Low | Source | |
| WordPress Astra Sites - Full Path Disclosure | Identify critical remote vulnerabilities | Low | Source | |
| WordPress BackWPup < 4.0.4 - Backup File Disclosure | CVE-2023-7164 | Identify critical remote vulnerabilities | High | Source |
| WordPress Backup Migration <= 1.3.6 - Path Traversal | CVE-2023-6266 | Identify critical remote vulnerabilities | High | Source |
| WordPress CMB2 - Full Path Disclosure | Identify critical remote vulnerabilities | Low | Source | |
| WordPress Coming Soon Page - Full Path Disclosure | Identify critical remote vulnerabilities | Low | Source | |
| WordPress Core - Post Author Email Disclosure | CVE-2023-5561 | Identify critical remote vulnerabilities | Medium | Source |
| WordPress Download Manager - File Password Exposure | CVE-2023-6421 | Identify critical remote vulnerabilities | High | Source |
| WordPress Download Manager < 3.3.07 - Unauthenticated Data Exposure | CVE-2024-13126 | Identify critical remote vulnerabilities | Medium | Source |
| WordPress Duplicator 1.3.24 & 1.3.26 - Local File Inclusion | CVE-2020-11738 | Identify critical remote vulnerabilities | High | Source |
| WordPress Eventin (Themewinter) ≤ 4.0.26 - Arbitrary File Download | CVE-2025-47445 | Identify critical remote vulnerabilities | High | Source |
| WordPress File Upload <= 4.24.11 - Arbitrary File Read | CVE-2024-9047 | Identify critical remote vulnerabilities | Critical | Source |
| WordPress Gift Voucher <4.1.8 - Blind SQL Injection | CVE-2018-16159 | Identify critical remote vulnerabilities | Critical | Source |
| WordPress Grow by Tradedoubler Plugin < 2.0.22 - Unauthenticated Local File Inclusion | CVE-2024-6460 | Identify critical remote vulnerabilities | Critical | Source |
| WordPress HTML5 Video Player - SQL Injection | CVE-2024-1061 | Identify critical remote vulnerabilities | High | Source |
| WordPress Job Portal < 2.0.6 - SQL Injection | CVE-2023-4490 | Identify critical remote vulnerabilities | Critical | Source |
| WordPress ManageWP Worker - Full Path Disclosure | Identify critical remote vulnerabilities | Low | Source | |
| WordPress Members / Membership & User Role Editor Plugin - Error Log Disclosure | Identify critical remote vulnerabilities | Low | Source | |
| WordPress Members Plugin - Debug/Error Log Disclosure | Identify critical remote vulnerabilities | Low | Source | |
| WordPress My Calendar <3.4.22 - SQL Injection | CVE-2023-6360 | Identify critical remote vulnerabilities | High | Source |
| WordPress Newsletter - Log File Exposure | Identify critical remote vulnerabilities | Medium | Source | |
| WordPress NextGEN Gallery Pro - Error Log Disclosure | Identify critical remote vulnerabilities | Medium | Source | |
| WordPress OceanWP - Full Path Disclosure | Identify critical remote vulnerabilities | Low | Source | |
| WordPress PHPMailer < 5.2.18 - Remote Code Execution | CVE-2016-10033 | Identify critical remote vulnerabilities | Critical | Source |
| WordPress Paid Memberships Pro <2.6.7 - Blind SQL Injection | CVE-2021-25114 | Identify critical remote vulnerabilities | Critical | Source |
| WordPress Paid Memberships Pro <2.9.8 - Blind SQL Injection | CVE-2023-23488 | Identify critical remote vulnerabilities | Critical | Source |
| WordPress Passive Detection - Plugins & Themes | Identify web-based control panels | Info | Source | |
| WordPress Plugin GDPR Cookie Consent - Full Path Disclosure | Identify critical remote vulnerabilities | Low | Source | |
| WordPress Plugin Google Tag Manager - Full Path Disclosure | Identify critical remote vulnerabilities | Low | Source | |
| WordPress Plugin Imsanity - Full Path Disclosure | Identify critical remote vulnerabilities | Low | Source | |
| WordPress Plugin InfiniteWP Client - Full Path Disclosure | Identify critical remote vulnerabilities | Low | Source | |
| WordPress Plugin Max Mega Menu (megamenu) - Full Path Disclosure | Identify critical remote vulnerabilities | Low | Source | |
| WordPress Plugin Newsletter - Full Path Disclosure | Identify critical remote vulnerabilities | Low | Source | |
| WordPress Plugin SG Optimizer - Full Path Disclosure | Identify critical remote vulnerabilities | Low | Source | |
| WordPress Plugin SSL Insecure Content Fixer - Full Path Disclosure | Identify critical remote vulnerabilities | Low | Source | |
| WordPress Plugin Safe SVG - Full Path Disclosure | Identify critical remote vulnerabilities | Low | Source | |
| WordPress Plugin Table of Contents Plus - Full Path Disclosure | Identify critical remote vulnerabilities | Low | Source | |
| WordPress Plugin WP Statistics <= 13.1.5 - SQL Injection | CVE-2022-0651 | Identify critical remote vulnerabilities | Critical | Source |
| WordPress Plugin WP Statistics <= 13.1.5 - SQL Injection | CVE-2022-25148 | Identify critical remote vulnerabilities | Critical | Source |
| WordPress Plugin WP Statistics <= 13.1.5 - SQL Injection | CVE-2022-25149 | Identify critical remote vulnerabilities | Critical | Source |
| WordPress Plugin WooCommerce Admin (woocommerce-admin) Full Path Disclosure | Identify critical remote vulnerabilities | Low | Source | |
| WordPress Plugin iThemes Security - Full Path Disclosure | Identify critical remote vulnerabilities | Low | Source | |
| WordPress Plugin reCaptcha by BestWebSoft (google-captcha) - Full Path Disclosure | Identify critical remote vulnerabilities | Low | Source | |
| WordPress Pretty Links - Full Path Disclosure | Identify critical remote vulnerabilities | Low | Source | |
| WordPress SEO Plugin Rank Math - Full Path Disclosure | Identify critical remote vulnerabilities | Low | Source | |
| WordPress SVG Support - Full Path Disclosure | Identify critical remote vulnerabilities | Low | Source | |
| WordPress Simple Job Board - Unauthorized Data Access | CVE-2024-0593 | Identify critical remote vulnerabilities | Medium | Source |
| WordPress Statistics <13.0.8 - Blind SQL Injection | CVE-2021-24340 | Identify critical remote vulnerabilities | High | Source |
| WordPress Storefront Theme - Full Path Disclosure | Identify critical remote vulnerabilities | Low | Source | |
| WordPress Table of Contents Plus - Full Path Disclosure | Identify critical remote vulnerabilities | Low | Source | |
| WordPress The Events Calendar - Full Path Disclosure | Identify critical remote vulnerabilities | Low | Source | |
| WordPress Tourfic Plugin <= 2.11.7 - Cross-Site Scripting | CVE-2024-29137 | Identify critical remote vulnerabilities | High | Source |
| WordPress Ultimate Member 2.1.3 - 2.8.2 – SQL Injection | CVE-2024-1071 | Identify critical remote vulnerabilities | Critical | Source |
| WordPress UpdraftPlus - Full Path Disclosure | Identify critical remote vulnerabilities | Low | Source | |
| WordPress Visitor Statistics <=5.7 - SQL Injection | CVE-2022-33965 | Identify critical remote vulnerabilities | Critical | Source |
| WordPress W3 Total Cache - Cache Files Exposure | Identify critical remote vulnerabilities | High | Source | |
| WordPress WP Mail SMTP - Full Path Disclosure | Identify critical remote vulnerabilities | Low | Source | |
| WordPress WP Maintenance Mode - Full Path Disclosure | Identify critical remote vulnerabilities | Low | Source | |
| WordPress WP Migrate DB - Full Path Disclosure | Identify critical remote vulnerabilities | Low | Source | |
| WordPress WP-Advanced-Search <= 3.3.9 - SQL Injection | CVE-2024-9796 | Identify critical remote vulnerabilities | Critical | Source |
| WordPress WP-PageNavi - Full Path Disclosure | Identify critical remote vulnerabilities | Low | Source | |
| WordPress WPForms - Full Path Disclosure | Identify critical remote vulnerabilities | Low | Source | |
| WordPress Wordfence - Configuration File Disclosure | Identify critical remote vulnerabilities | Medium | Source | |
| WordPress Wordfence - Rules File Disclosure | Identify critical remote vulnerabilities | Medium | Source | |
| WordPress Wordfence - WAF Logs and Data Disclosure | Identify critical remote vulnerabilities | Low | Source | |
| WordPress YITH WooCommerce Wishlist - Full Path Disclosure | Identify critical remote vulnerabilities | Low | Source | |
| WordPress Yoast SEO - Full Path Disclosure | Identify critical remote vulnerabilities | Low | Source | |
| Wordpress Gift Cards <= 4.3.1 - SQL Injection | CVE-2023-28662 | Identify critical remote vulnerabilities | Critical | Source |
| Wordpress Polls Widget < 1.5.3 - SQL Injection | CVE-2021-24442 | Identify critical remote vulnerabilities | Critical | Source |
| Wordpress WPMobile.App >= 11.42 - Cross-Site Scripting | CVE-2024-35694 | Identify critical remote vulnerabilities | High | Source |
| Worpress Backup Migration <= 1.3.7 - Unauthenticated Remote Code Execution | CVE-2023-6553 | Identify critical remote vulnerabilities | Critical | Source |
| Wowza Streaming Engine Manager Panel - Detect | Identify web-based control panels | Info | Source | |
| WpStickyBar <= 2.1.0 - SQL Injection | CVE-2024-5765 | Identify critical remote vulnerabilities | Critical | Source |
| X-UI - Default Login | Identify default logins in web-based control panels | High | Source | |
| XAMPP PHP info Page - Detect | Identify critical remote vulnerabilities | Low | Source | |
| XDS-AMR Status Login Panel - Detect | Identify web-based control panels | Info | Source | |
| XNAT - Default Login | Identify default logins in web-based control panels | High | Source | |
| XNAT Login Panel - Detect | Identify web-based control panels | Info | Source | |
| XSpeeder Login - Detect | Identify web-based control panels | Info | Source | |
| XVR Login Panel - Detect | Identify web-based control panels | Info | Source | |
| XWiki - Cross-Site Scripting | CVE-2023-35155 | Identify critical remote vulnerabilities | High | Source |
| XWiki - Cross-Site Scripting | CVE-2023-35158 | Identify critical remote vulnerabilities | Critical | Source |
| XWiki - HQL Injection | CVE-2025-52472 | Identify critical remote vulnerabilities | High | Source |
| XWiki - Information Disclosure | CVE-2025-55749 | Identify critical remote vulnerabilities | High | Source |
| XWiki < 12.10.11, 13.4.4 & 13.9-rc-1 - Information Disclosure | CVE-2022-24819 | Identify critical remote vulnerabilities | Medium | Source |
| XWiki < 14.10.14 - Cross-Site Scripting | CVE-2023-45136 | Identify critical remote vulnerabilities | Critical | Source |
| XWiki < 14.10.14 - Cross-Site Scripting | CVE-2023-46732 | Identify critical remote vulnerabilities | Critical | Source |
| XWiki < 14.10.5 - Cross-Site Scripting | CVE-2023-35162 | Identify critical remote vulnerabilities | Critical | Source |
| XWiki < 4.10.15 - Email Disclosure | CVE-2023-50720 | Identify critical remote vulnerabilities | Medium | Source |
| XWiki < 4.10.15 - Information Disclosure | CVE-2023-48241 | Identify critical remote vulnerabilities | High | Source |
| XWiki < 4.10.15 - Sensitive Information Disclosure | CVE-2023-50719 | Identify critical remote vulnerabilities | High | Source |
| XWiki < 4.10.20 - Remote code execution | CVE-2024-31982 | Identify critical remote vulnerabilities | Critical | Source |
| XWiki >= 13.10.8 - Cross-Site Scripting | CVE-2023-29506 | Identify critical remote vulnerabilities | Medium | Source |
| XWiki >= 2.5-milestone-2 - Cross-Site Scripting | CVE-2023-35160 | Identify critical remote vulnerabilities | Critical | Source |
| XWiki >= 3.4-milestone-1 - Cross-Site Scripting | CVE-2023-35159 | Identify critical remote vulnerabilities | Critical | Source |
| XWiki >= 6.0-rc-1 - Cross-Site Scripting | CVE-2023-35156 | Identify critical remote vulnerabilities | Critical | Source |
| XWiki >= 6.2-milestone-1 - Cross-Site Scripting | CVE-2023-35161 | Identify critical remote vulnerabilities | Critical | Source |
| XWiki Platform - Cross-Site Scripting | CVE-2025-32430 | Identify critical remote vulnerabilities | Medium | Source |
| XWiki Platform - Information Disclosure | CVE-2025-55747 | Identify critical remote vulnerabilities | High | Source |
| XWiki Platform - Path Traversal | CVE-2025-55748 | Identify critical remote vulnerabilities | High | Source |
| XWiki Platform - Remote Code Execution | CVE-2025-24893 | Identify critical remote vulnerabilities | Critical | Source |
| XWiki Platform - Remote Code Execution | CVE-2023-37462 | Identify critical remote vulnerabilities | Critical | Source |
| XWiki Platform - SQL Injection | CVE-2025-32429 | Identify critical remote vulnerabilities | Critical | Source |
| XWiki Platform - Unauthorized Document History Access | CVE-2024-45591 | Identify critical remote vulnerabilities | Medium | Source |
| XWiki REST API - Attachments Disclosure | CVE-2025-46554 | Identify critical remote vulnerabilities | High | Source |
| XWiki REST API - Private Pages Disclosure | CVE-2025-29925 | Identify critical remote vulnerabilities | High | Source |
| XWiki REST API Query - SQL Injection | CVE-2025-32969 | Identify critical remote vulnerabilities | Critical | Source |
| XXL-JOB - Default Login | Identify default logins in web-based control panels | High | Source | |
| XXLJOB Admin Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Xeams Admin Console Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Xfinity Panel - Detect | Identify web-based control panels | Info | Source | |
| Xiaomi Wireless Router Admin Panel - Detect | Identify web-based control panels | Info | Source | |
| Xibo CMS Login Panel - Detect | Identify web-based control panels | Info | Source | |
| XploitSPY - Default Login | Identify default logins in web-based control panels | High | Source | |
| YARPP <= 5.30.10 - Missing Authorization | CVE-2024-43919 | Identify critical remote vulnerabilities | Medium | Source |
| Yacht - Default Login | Identify default logins in web-based control panels | High | Source | |
| YeaLink DM 3.6.0.20 - Remote Command Injection | CVE-2021-27561 | Identify critical remote vulnerabilities | Critical | Source |
| Yellow Pencil Visual Theme Customizer < 7.2.1 - Privilege Escalation | CVE-2019-11886 | Identify critical remote vulnerabilities | High | Source |
| Yellowfin Information Collaboration - Detect | Identify web-based control panels | Info | Source | |
| YesWiki < 4.5.4 - Cross-Site Scripting | CVE-2025-46550 | Identify critical remote vulnerabilities | Medium | Source |
| YesWiki <2022-07-07 - SQL Injection | Identify critical remote vulnerabilities | Critical | Source | |
| YesWiki Reflected XSS via File Upload | CVE-2025-46349 | Identify critical remote vulnerabilities | High | Source |
| Yeswiki < 4.5.2 - Unauthenticated Path Traversal | CVE-2025-31131 | Identify critical remote vulnerabilities | High | Source |
| Yopass Panel - Detect | Identify web-based control panels | Info | Source | |
| Youzify < 1.2.0 - Unauthenticated SQLi | CVE-2022-1950 | Identify critical remote vulnerabilities | Critical | Source |
| YunoHost Admin Panel - Detect | Identify web-based control panels | Info | Source | |
| YzmCMS Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Z-BlogPHP Admin Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Z-BlogPHP Panel - Detect | Identify web-based control panels | Info | Source | |
| ZEROF Web Server 2.0 - SQL Injection | CVE-2022-25322 | Identify critical remote vulnerabilities | Critical | Source |
| ZKTeco BioTime <= 9.0.1 - Privilege Escalation | CVE-2023-38952 | Identify critical remote vulnerabilities | High | Source |
| ZKTeco BioTime v8.5.5 - Path Traversal | CVE-2023-38950 | Identify critical remote vulnerabilities | High | Source |
| ZOHO ManageEngine ADAudit/ADManager Panel - Detect | Identify web-based control panels | Info | Source | |
| ZOHO ManageEngine ADSelfService Plus - Detect | Identify web-based control panels | Info | Source | |
| ZOHO ManageEngine APEX IT Help-Desk Panel - Detect | Identify web-based control panels | Info | Source | |
| ZOHO ManageEngine Analytics Plus Panel - Detect | Identify web-based control panels | Info | Source | |
| ZOHO ManageEngine AssetExplorer Panel - Detect | Identify web-based control panels | Info | Source | |
| ZOHO ManageEngine Desktop Panel - Detect | Identify web-based control panels | Info | Source | |
| ZOHO ManageEngine Exchange Reporter Plus Panel - Detect | Identify web-based control panels | Info | Source | |
| ZOHO ManageEngine OpManager Panel - Detect | Identify web-based control panels | Info | Source | |
| ZOHO ManageEngine ServiceDesk Panel - Detect | Identify web-based control panels | Info | Source | |
| ZOHO ManageEngine SupportCenter Panel - Detect | Identify web-based control panels | Info | Source | |
| ZTE Panel - Detect | Identify web-based control panels | Info | Source | |
| ZTE ZXHN-F660T/F660A - Default Credentials | CVE-2025-53558 | Identify critical remote vulnerabilities | High | Source |
| Zabbix - Default Login | Identify default logins in web-based control panels | High | Source | |
| Zabbix - SAML SSO Authentication Bypass | CVE-2022-23131 | Identify critical remote vulnerabilities | Critical | Source |
| Zabbix - SQL Injection | CVE-2016-10134 | Identify critical remote vulnerabilities | Critical | Source |
| Zabbix <=4.4 - Authentication Bypass | CVE-2019-17382 | Identify critical remote vulnerabilities | Critical | Source |
| Zabbix Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Zabbix Setup Configuration Authentication Bypass | CVE-2022-23134 | Identify critical remote vulnerabilities | Low | Source |
| Zammad Helpdesk Panel - Detect | Identify web-based control panels | Info | Source | |
| Zebra Printer - Default Login | Identify default logins in web-based control panels | High | Source | |
| ZenML Dashboard Panel - Detect | Identify web-based control panels | Info | Source | |
| ZenML ZenML Server - Improper Authentication | CVE-2024-25723 | Identify critical remote vulnerabilities | Critical | Source |
| ZeroShell <= 1.0beta11 Remote Code Execution | CVE-2009-0545 | Identify critical remote vulnerabilities | Critical | Source |
| ZeroShell Panel - Detect | Identify web-based control panels | Info | Source | |
| Zeroshell 3.9.0 - Remote Command Execution | CVE-2019-12725 | Identify critical remote vulnerabilities | Critical | Source |
| Zeroshell 3.9.3 - Command Injection | CVE-2020-29390 | Identify critical remote vulnerabilities | Critical | Source |
| Zimbra - Cross-Site Scripting via ICS Files | CVE-2025-27915 | Identify critical remote vulnerabilities | Medium | Source |
| Zimbra Collaboration (ZCS) - Cross Site Scripting | CVE-2022-27926 | Identify critical remote vulnerabilities | Medium | Source |
| Zimbra Collaboration - Cross-Site Scripting (XSS) | CVE-2024-27443 | Identify critical remote vulnerabilities | Medium | Source |
| Zimbra Collaboration - Local File Inclusion | CVE-2025-68645 | Identify critical remote vulnerabilities | High | Source |
| Zimbra Collaboration - Unrestricted File Upload | CVE-2022-41352 | Identify critical remote vulnerabilities | Critical | Source |
| Zimbra Collaboration Suite - Memcached Command Injection | CVE-2022-27924 | Identify critical remote vulnerabilities | High | Source |
| Zimbra Collaboration Suite - SSRF | CVE-2019-9621 | Identify critical remote vulnerabilities | High | Source |
| Zimbra Collaboration Suite 8.8.15/9.0 - Remote Code Execution | CVE-2022-37042 | Identify critical remote vulnerabilities | Critical | Source |
| Zimbra Collaboration Suite < 8.8.15 - Improper Encoding | CVE-2022-24682 | Identify critical remote vulnerabilities | Medium | Source |
| Zimbra Collaboration Suite Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Zimbra Panel - Detect | Identify web-based control panels | Info | Source | |
| Zipkin Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Zitadel - User Registration Bypass | CVE-2024-49757 | Identify critical remote vulnerabilities | High | Source |
| Zoho ManageEngine - Access Control Bypass | CVE-2022-29081 | Identify critical remote vulnerabilities | Critical | Source |
| Zoho ManageEngine - Internal Hostname Disclosure | CVE-2022-23779 | Identify critical remote vulnerabilities | Medium | Source |
| Zoho ManageEngine - Remote Code Execution | CVE-2022-35405 | Identify critical remote vulnerabilities | Critical | Source |
| Zoho ManageEngine Desktop Central - Remote Code Execution | CVE-2021-44515 | Identify critical remote vulnerabilities | Critical | Source |
| Zoho ManageEngine Network Configuration Manager Panel - Detect | Identify web-based control panels | Info | Source | |
| Zoho ManageEngine OpManager - SQL Injection | CVE-2018-17283 | Identify critical remote vulnerabilities | High | Source |
| Zoho ManageEngine OpManager < 12.5.329 - Remote Code Execution | CVE-2021-3287 | Identify critical remote vulnerabilities | Critical | Source |
| Zoho ManageEngine ServiceDesk Plus - Authentication Bypass | CVE-2021-37415 | Identify critical remote vulnerabilities | Critical | Source |
| Zoho ManageEngine ServiceDesk Plus - Remote Code Execution | CVE-2021-44077 | Identify critical remote vulnerabilities | Critical | Source |
| ZoneMinder - SQL Injection | CVE-2024-43360 | Identify critical remote vulnerabilities | Critical | Source |
| ZoneMinder Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Zoraxy Login Panel - Detect | Identify web-based control panels | Info | Source | |
| Zuul Panel - Detect | Identify web-based control panels | Info | Source | |
| ZyXel Router Login Panel - Detect | Identify web-based control panels | Info | Source | |
| ZyXel USG - Hardcoded Credentials | CVE-2020-29583 | Identify critical remote vulnerabilities | Critical | Source |
| Zyxel - Authentication Bypass | CVE-2022-0342 | Identify critical remote vulnerabilities | Critical | Source |
| Zyxel Firewall Panel - Detect | Identify web-based control panels | Info | Source | |
| Zyxel NAS Firmware 5.21- Remote Code Execution | CVE-2020-9054 | Identify critical remote vulnerabilities | Critical | Source |
| Zyxel VMG1312-B10D - Login Detection | Identify web-based control panels | Info | Source | |
| Zyxel VSG1432-B101 - Login Detection | Identify web-based control panels | Info | Source | |
| airCube Dashboard Login Panel - Detect | Identify web-based control panels | Info | Source | |
| airCube Login - Detect | Identify web-based control panels | Info | Source | |
| bloofoxCMS Default Credentials | Identify default logins in web-based control panels | High | Source | |
| cPanel API Codes Panel - Detect | Identify web-based control panels | Info | Source | |
| coreBOS Panel - Detect | Identify web-based control panels | Info | Source | |
| dbt Docs Panel - Detect | Identify web-based control panels | Info | Source | |
| dotAdmin Login Panel- Detect | Identify web-based control panels | Info | Source | |
| draw.io Flowchart Maker Panel - Detect | Identify web-based control panels | Info | Source | |
| eArcu Panel - Detect | Identify web-based control panels | Info | Source | |
| eMerge E3 1.00-06 - Remote Code Execution | CVE-2019-7256 | Identify critical remote vulnerabilities | Critical | Source |
| eMessage Login Panel - Detect | Identify web-based control panels | Info | Source | |
| eZ Publish Login Panel - Detect | Identify web-based control panels | Info | Source | |
| iClock Automatic Data Master Server Admin Panel - Detect | Identify web-based control panels | Info | Source | |
| iSAMS Panel - Detect | Identify web-based control panels | Info | Source | |
| iSpy 7.2.2.0 - Authentication Bypass | CVE-2022-29775 | Identify critical remote vulnerabilities | Critical | Source |
| iTop - User Enumeration via REST Endpoint | CVE-2024-51739 | Identify critical remote vulnerabilities | High | Source |
| iTop Hub Connector - Information Disclosure | CVE-2024-32870 | Identify critical remote vulnerabilities | Medium | Source |
| iXBus Login Panel - Detect | Identify web-based control panels | Info | Source | |
| ipTIME A2004 - Unauthorized Access | CVE-2024-54763 | Identify critical remote vulnerabilities | Medium | Source |
| ipTIME A2004 - Unauthorized Access | CVE-2024-54764 | Identify critical remote vulnerabilities | Medium | Source |
| kkFileView Panel - Detect | Identify web-based control panels | Info | Source | |
| mTheme Unus < 2.3 - Directory Traversal | CVE-2015-9406 | Identify critical remote vulnerabilities | High | Source |
| macOS Server Panel - Detect | Identify web-based control panels | Info | Source | |
| mantisbt - Anonymous Login | Identify default logins in web-based control panels | Medium | Source | |
| modoboa 2.0.4 - Admin TakeOver | CVE-2023-0777 | Identify critical remote vulnerabilities | Critical | Source |
| myLittleAdmin Login Panel - Detect | Identify web-based control panels | Info | Source | |
| myLittleBackup Panel - Detect | Identify web-based control panels | Info | Source | |
| n8n Panel - Detect | Identify web-based control panels | Info | Source | |
| n8n Webhooks - Remote Code Execution | CVE-2026-21858 | Identify critical remote vulnerabilities | Critical | Source |
| ngSurvey Login Panel - Detect | Identify web-based control panels | Info | Source | |
| nginxWebUI ≤ 3.5.0 - Remote Command Execution | Identify critical remote vulnerabilities | Critical | Source | |
| nginxWebUI ≤ 3.5.0 runCmd - Remote Command Execution | Identify critical remote vulnerabilities | Critical | Source | |
| noVNC Login Panel - Detect | Identify web-based control panels | Info | Source | |
| nostromo 1.9.6 - Remote Code Execution | CVE-2019-16278 | Identify critical remote vulnerabilities | Critical | Source |
| openSIS Classic v9.1 - SQL Injection | CVE-2024-51211 | Identify critical remote vulnerabilities | Critical | Source |
| openSIS v9.0 - Path Traversal | CVE-2023-38879 | Identify critical remote vulnerabilities | High | Source |
| osTicket Installer Panel - Detect | Identify web-based control panels | Critical | Source | |
| osTicket Login Panel - Detect | Identify web-based control panels | Info | Source | |
| ownCloud Server - Detection | Identify web-based control panels | Info | Source | |
| pCOWeb - Default-Login | Identify default logins in web-based control panels | High | Source | |
| pCOWeb Panel - Detect | Identify web-based control panels | Info | Source | |
| pREST < 1.5.4 - SQL Injection Via Authentication Bypass | Identify critical remote vulnerabilities | Critical | Source | |
| pfSense Login Panel - Detect | Identify web-based control panels | Info | Source | |
| phpCollab Login Panel - Detect | Identify web-based control panels | Info | Source | |
| phpLDAPadmin <= 1.2.3 - Reflected XSS | CVE-2017-11107 | Identify critical remote vulnerabilities | Medium | Source |
| phpMiniAdmin Login Panel - Detect | Identify web-based control panels | Info | Source | |
| phpMyAdmin - Default Login | Identify default logins in web-based control panels | High | Source | |
| phpMyAdmin Full Path Disclosure | Identify critical remote vulnerabilities | Low | Source | |
| phpMyAdmin Panel - Detect | Identify web-based control panels | Info | Source | |
| phpMyFAQ - Configuration Backup Disclosure | CVE-2025-69200 | Identify critical remote vulnerabilities | High | Source |
| phpPgAdmin Login Panel - Detect | Identify web-based control panels | Info | Source | |
| playSMS <1.4.3 - Remote Code Execution | CVE-2020-8644 | Identify critical remote vulnerabilities | Critical | Source |
| pyLoad Flask Config - Access Control | CVE-2024-21644 | Identify critical remote vulnerabilities | High | Source |
| qBittorrent Web UI Panel - Detect | Identify web-based control panels | Info | Source | |
| qdPM 9.2 - Directory Traversal | CVE-2023-45855 | Identify critical remote vulnerabilities | High | Source |
| qdPM Login Panel | Identify web-based control panels | Info | Source | |
| rConfig - Default Login | Identify default logins in web-based control panels | High | Source | |
| rConfig 3.9 - SQL Injection | CVE-2020-10220 | Identify critical remote vulnerabilities | Critical | Source |
| rConfig 3.9.4 - SQL Injection | CVE-2020-10546 | Identify critical remote vulnerabilities | Critical | Source |
| rConfig 3.9.4 - SQL Injection | CVE-2020-10547 | Identify critical remote vulnerabilities | Critical | Source |
| rConfig 3.9.4 - SQL Injection | CVE-2020-10548 | Identify critical remote vulnerabilities | Critical | Source |
| rConfig <=3.9.4 - SQL Injection | CVE-2020-10549 | Identify critical remote vulnerabilities | Critical | Source |
| temBoard Panel - Detect | Identify web-based control panels | Info | Source | |
| tshirtecommerce PrestaShop Module - SQL Injection | CVE-2023-27638 | Identify critical remote vulnerabilities | Critical | Source |
| txAdmin Panel - Detect | Identify web-based control panels | Info | Source | |
| vBulletin 5.0.0-5.5.4 - Remote Command Execution | CVE-2019-16759 | Identify critical remote vulnerabilities | Critical | Source |
| vBulletin 5.5.4 - 5.6.2- Remote Command Execution | CVE-2020-17496 | Identify critical remote vulnerabilities | Critical | Source |
| vBulletin <= 4.2.3 - SQL Injection | CVE-2016-6195 | Identify critical remote vulnerabilities | Critical | Source |
| vBulletin SQL Injection | CVE-2020-12720 | Identify critical remote vulnerabilities | Critical | Source |
| vRealize Hyperic Login Panel - Detect | Identify web-based control panels | Info | Source | |
| vRealize Log Insight - Panel Detect | Identify web-based control panels | Info | Source | |
| webp_server_go 0.4.0 - Path Traversal | CVE-2021-46104 | Identify critical remote vulnerabilities | High | Source |
| wpDiscuz <= 5.3.5 - SQL Injection | CVE-2020-13640 | Identify critical remote vulnerabilities | Critical | Source |
| zhttpd - Local File Inclusion | Identify critical remote vulnerabilities | High | Source | |
| Р7-Office 12.5 - Cross-Site Scripting | Identify critical remote vulnerabilities | Medium | Source |