Scan: CV-2025-8X92K
Security Score
82/100
Critical
3
High
7
Medium
12
Low
24
Informational
45
| Severity | Vulnerability | CVE / Reference | Asset | Status | Remediation Priority |
|---|---|---|---|---|---|
| ● Critical | SQL Injection in Auth Endpoint | CWE-89 / CVSS:9.8 | /api/v2/auth/login | Open | Immediate |
| ● Critical | Remote Code Execution (Log4Shell Variant) | CVE-2021-44228 / CVSS:10.0 | logs-prod-01.internal | Open | Immediate |
| ● High | Insecure Direct Object Reference (IDOR) | CWE-639 / CVSS:8.1 | /api/v1/users/:id | Open | 24h |
| ● High | Missing TLS Certificate Validation | CWE-295 / CVSS:7.5 | payments-gateway.cybervault.io | Fixed | 24h |
| ● Medium | Cross-Site Scripting (Reflected) | CWE-79 / CVSS:6.1 | /search?q= | Open | 7d |
| ● Low | Outdated HTTP Headers (X-Content-Type-Options) | CWE-693 / CVSS:3.1 | *.cybervault.io | Accepted Risk | 30d |
| ● Info | Server Banner Disclosure (Nginx/1.18) | CWE-200 / CVSS:0.0 | api-gateway-01 | Fixed | N/A |