Vulnerability Database

A practical reference to the vulnerability classes that matter most in modern application and network security. Each entry covers the technical mechanics, real-world impact, detection methodology, and remediation guidance — with specific detail on how Revaizor's autonomous AI agents discover and validate each vulnerability type during penetration testing missions. Built for security engineers, AppSec teams, and anyone evaluating how well their testing covers the vulnerabilities that attackers actually exploit.

11 vulnerability types

critical CWE-94 A03:2021 Injection

Remote Code Execution (RCE)

Remote Code Execution enables attackers to execute arbitrary commands or code on a target server, representing the most severe class of vulnerability that leads to complete system compromise.

web api code network
critical CWE-287 A07:2021 Identification and Authentication Failures

Broken Authentication

Broken Authentication encompasses flaws in identity verification mechanisms that allow attackers to compromise passwords, session tokens, or authentication flows to impersonate legitimate users.

web api mobile
critical CWE-502 A08:2021 Software and Data Integrity Failures

Insecure Deserialization

Insecure Deserialization allows attackers to manipulate serialized objects to achieve remote code execution, privilege escalation, or data tampering by exploiting an application's trust in serialized data.

web api code
critical CWE-89 A03:2021 Injection

SQL Injection

SQL Injection allows attackers to manipulate database queries by injecting malicious SQL code through unsanitized user input, leading to data theft, authentication bypass, and full database compromise.

web api code
high CWE-639 A01:2021 Broken Access Control

Insecure Direct Object References (IDOR)

Insecure Direct Object References allow attackers to access or modify resources belonging to other users by manipulating object identifiers such as database IDs, filenames, or keys in API requests.

web api mobile
high CWE-918 A10:2021 Server-Side Request Forgery

Server-Side Request Forgery (SSRF)

Server-Side Request Forgery allows attackers to coerce a server into making HTTP requests to arbitrary destinations, enabling access to internal services, cloud metadata endpoints, and protected networks.

web api code
high CWE-269 A01:2021 Broken Access Control

Privilege Escalation

Privilege Escalation vulnerabilities allow attackers to gain elevated access rights beyond their authorized level, moving from low-privilege users to administrators or from application access to system-level control.

web api network
high CWE-79 A03:2021 Injection

Cross-Site Scripting (XSS)

Cross-Site Scripting enables attackers to inject malicious scripts into web pages viewed by other users, leading to session hijacking, credential theft, and full account takeover.

web api mobile
high CWE-22 A01:2021 Broken Access Control

Path Traversal

Path Traversal vulnerabilities allow attackers to access files and directories outside the intended scope by manipulating file path references with directory traversal sequences like ../ in application requests.

web api code
high CWE-611 A05:2021 Security Misconfiguration

XML External Entity (XXE)

XML External Entity injection exploits misconfigured XML parsers to read local files, perform server-side request forgery, execute denial of service attacks, and in some cases achieve remote code execution.

web api code
medium CWE-352 A01:2021 Broken Access Control

Cross-Site Request Forgery (CSRF)

Cross-Site Request Forgery forces authenticated users to execute unintended actions on web applications by exploiting the browser's automatic inclusion of credentials in cross-origin requests.

web

Ready to try autonomous pentesting?

See how Revaizor can transform your security testing.

Request Early Access