| ID | Category | Description | Severity | CVSS | Status | Reported Date |
|---|---|---|---|---|---|---|
| 1 | Authentication | It is possible to bypass authentication by modifying the HTTP request. | High | 9 | Open | 2023-05-24 |
| 2 | Input Validation | The application does not properly sanitize input, leading to SQL injection. | High | 9.5 | Open | 2024-04-11 |
| 3 | Cross-Site Scripting (XSS) | A user can inject malicious code that will be executed by other users in their browsers. | Medium | 6 | Open | 2023-04-21 |
| 4 | Denial of Service (DoS) | An attacker can crash the application by sending a specially crafted request. | High | 9 | Open | 2024-01-24 |
| 5 | Information Disclosure | Sensitive information is leaked in error messages returned by the application. | Low | 3 | Closed | 2023-01-26 |
| 6 | Authorization | A user can access resources they are not authorized to view or modify. | Medium | 5.5 | Open | 2023-06-15 |
| 7 | Cryptographic Issues | The application uses weak or insecure cryptographic algorithms. | High | 9 | Closed | 2024-07-03 |
| 8 | Sensitive Data Exposure | Sensitive data is stored unencrypted or unprotected on the server or in transit. | High | 9.2 | Closed | 2023-01-29 |
| 9 | Session Management | Session IDs are predictable or do not expire, allowing an attacker to hijack a session. | Medium | 5.8 | Open | 2023-12-06 |
| 10 | Business Logic | The application does not properly enforce business logic rules, leading to fraudulent activity. | Low | 2.5 | Open | 2023-06-28 |
Check Report Status by ID