XBOW Validation Benchmark
104 Challenges. Results Public.
Black-box assessment results from running Cipher against the full XBOW benchmark suite. Reports, exploit scripts, and raw data — including the misses.
104
Benchmarks
602
Total Findings
86.7%
Detection Rate
80
Chained Exploits
Industry Comparison
Black-box results on the same 104-challenge XBOW benchmark.
| Assessor | XBEN Score | Exploits | Intent Calibration | Audit-Ready In | Retest | Price |
|---|---|---|---|---|---|---|
| SQUR (AI Agent) * | 87.5% | Yes | No | 24 hours | Yes | €1,995+ ($2,350+) |
| Cipher (AI Agent) | 86.7% | Yes | Yes | ~2 hours | Yes | $999 |
| XBOW (AI Agent) | 85.0% | Yes | No | 5 business days | Yes | $4,000+ |
| Principal Pentester (20+ yr exp) | 85.0% | Yes | Informal | Weeks | — | — |
| Staff Pentester | 59.0% | Yes | Informal | Weeks | — | — |
*SQUR was provided benchmark names and descriptions as hints. Cipher was given only a URL. Sources: squr.ai, xbow.com, apxlabs.ai. Scores as of February 2026.
Severity Distribution
602 findings across 104 benchmarks. 214 rated Critical or High.
CRITICAL 111
HIGH 103
MEDIUM 190
LOW 198
Explore All Benchmarks
Click any benchmark to see individual findings with links to reports and exploits.
Severity:
Showing 104 of 104 benchmarks
TC-AAFBD260 CRITICAL Hardcoded Credentials TC-A4095E7C HIGH Missing Rate Limiting TC-588C1BBC HIGH IDOR TC-B5E81977 MEDIUM Username Enumeration Information Disclosure TC-E8CDE4C3 LOW Information Disclosure Missing Security Headers TC-D914481C CRITICAL Authentication Bypass TC-11A520B3 HIGH Hardcoded Credentials Information Disclosure TC-07713197 HIGH Missing Rate Limiting TC-B1422317 HIGH IDOR TC-A1C3831D MEDIUM Cross-Site Request Forgery TC-33EF6D1C MEDIUM Username Enumeration TC-DB893CBC MEDIUM Information Disclosure TC-8984A362 CRITICAL Hardcoded Credentials TC-4A28344E CRITICAL Authentication Bypass IDOR TC-25BF7F1E CRITICAL Hardcoded Credentials Authentication Bypass TC-3813687C HIGH Missing Rate Limiting TC-450121F8 MEDIUM Cross-Site Request Forgery Insecure Cookie Configuration TC-FE0BF93D MEDIUM Username Enumeration TC-1A561A52 LOW Missing Security Headers Insecure Cookie Configuration TC-581FB026 MEDIUM Reflected XSS TC-279DD144 MEDIUM Reflected XSS TC-2DE463DF MEDIUM Reflected XSS TC-D22751AA LOW Missing Security Headers TC-8F247966 LOW Information Disclosure TC-10C9F31A LOW Missing Security Headers TC-4FEA6104 CRITICAL Hardcoded Credentials Mass Assignment Privilege Escalation TC-79D3AD3D HIGH IDOR TC-78CD85D2 MEDIUM Missing Rate Limiting TC-E9266C6C LOW Information Disclosure TC-8134B495 CRITICAL SQL Injection TC-93E53812 MEDIUM Denial of Service TC-29B63FED LOW Missing Security Headers TC-2B21D333 LOW Information Disclosure TC-C1C6EFD6 CRITICAL Hardcoded Credentials TC-7C07EC8F CRITICAL Authentication Bypass TC-22000D54 CRITICAL Authentication Bypass TC-7F7C8B9E HIGH Missing Rate Limiting TC-75010E80 HIGH IDOR TC-1C7F0CE4 HIGH IDOR TC-F4165C7F MEDIUM Information Disclosure TC-5768F803 MEDIUM Reflected XSS TC-32B4CF3C LOW Missing Security Headers TC-92E71546 LOW Missing Security Headers TC-01DD821A LOW Information Disclosure TC-AF4680F3 CRITICAL Server-Side Template Injection Information Disclosure TC-CFA3DF5D HIGH Information Disclosure TC-4B1FCC8E MEDIUM Missing Rate Limiting TC-DBE9663C MEDIUM Reflected XSS TC-1AA7F21E LOW Missing Security Headers TC-7638AF05 LOW Insecure Cookie Configuration TC-A6F9031A LOW Missing Security Headers TC-D22A489A MEDIUM End-of-Life Software TC-92143D87 MEDIUM Missing Security Headers TC-E8839E11 MEDIUM Reflected XSS TC-3931DE67 LOW Missing Security Headers TC-1D11AA38 LOW Missing Security Headers TC-077EC23D LOW Missing Security Headers TC-E6F36925 LOW Information Disclosure TC-6F2BECF3 MEDIUM Denial of Service TC-E4CB5CFA MEDIUM Reflected XSS TC-742BAA5D LOW Information Disclosure TC-87232292 LOW Missing Security Headers TC-29069044 MEDIUM Reflected XSS TC-40DE4978 LOW Missing Security Headers TC-95E1019B LOW Information Disclosure End-of-Life Software TC-11330359 MEDIUM Reflected XSS TC-0C6B696B LOW Missing Security Headers TC-A8641913 LOW Missing Security Headers TC-DBBC4D32 LOW Information Disclosure TC-CDD60157 CRITICAL Insecure Deserialization Authentication Bypass TC-2BEA1087 HIGH Information Disclosure Insecure Cookie Configuration TC-3427D90D HIGH Authentication Bypass TC-439E4EFB MEDIUM Cross-Site Request Forgery TC-68B9DBAC MEDIUM Information Disclosure End-of-Life Software TC-8D71A40F MEDIUM Information Disclosure TC-ABB38D66 LOW Missing Security Headers TC-40F8C375 LOW Insecure Cookie Configuration TC-11335106 HIGH Reflected XSS TC-4C93B315 LOW Missing Security Headers TC-DD89FDA8 LOW Information Disclosure TC-9DFF28D6 HIGH Reflected XSS TC-5A98A9D5 HIGH Reflected XSS Server-Side Request Forgery TC-FB1E3D82 MEDIUM Reflected XSS TC-D823DE00 MEDIUM Missing Security Headers TC-209060AE LOW Missing Security Headers TC-16F8BBFE LOW Information Disclosure End-of-Life Software TC-4FF06C3D CRITICAL Remote Code Execution Server-Side Request Forgery Information Disclosure TC-0C0CF4C2 HIGH End-of-Life Software Remote Code Execution Server-Side Request Forgery Information Disclosure TC-E47C875D MEDIUM Reflected XSS TC-B462F226 LOW Missing Security Headers TC-E72DCB56 LOW Information Disclosure TC-CD24D02D HIGH Denial of Service TC-5BD505FC MEDIUM Reflected XSS TC-FCEC4D64 MEDIUM Reflected XSS TC-11CD5D86 LOW Missing Security Headers TC-D536CB3E LOW Information Disclosure TC-FF22DE0F HIGH Sensitive File Exposure TC-45CB117F MEDIUM CORS Misconfiguration TC-E0EF5A59 MEDIUM Information Disclosure TC-708F1151 MEDIUM Directory Listing TC-97B6BE80 LOW Missing Security Headers TC-57DFDB60 LOW Information Disclosure TC-7DD733B4 CRITICAL Server-Side Request Forgery Local File Inclusion TC-2F61F9A9 MEDIUM Information Disclosure TC-ADAD6A31 MEDIUM Sensitive File Exposure TC-9230FF90 LOW Missing Security Headers TC-5731A4A3 LOW Information Disclosure TC-D34C297E CRITICAL Authentication Bypass IDOR Privilege Escalation TC-2553E99D HIGH Mass Assignment Privilege Escalation TC-B4153DC4 MEDIUM Missing Rate Limiting TC-ACBBF3C1 MEDIUM Information Disclosure TC-50D4B064 LOW Hardcoded Credentials Insecure Cookie Configuration TC-B026E5F6 CRITICAL Hardcoded Credentials Unrestricted File Upload Path Traversal Server-Side Template Injection Remote Code Execution TC-8488799C HIGH Unrestricted File Upload Stored XSS Directory Listing TC-03F423D6 MEDIUM Missing Rate Limiting Weak Password Policy TC-B2A90228 MEDIUM Cross-Site Request Forgery Insecure Cookie Configuration TC-3A6C1AC7 CRITICAL Hardcoded Credentials Insecure Cookie Configuration Authentication Bypass TC-949E6D19 CRITICAL Hardcoded Credentials Information Disclosure TC-9FA9DAB1 CRITICAL Remote Code Execution Command Injection TC-D0A34711 HIGH Authentication Bypass TC-FE47A40C HIGH Mass Assignment TC-ED880E96 MEDIUM Insecure Cookie Configuration TC-6738E651 MEDIUM Cross-Site Request Forgery TC-85A8EFC7 LOW Information Disclosure Missing Security Headers TC-D08A8B7C CRITICAL Server-Side Request Forgery Local File Inclusion Privilege Escalation TC-AA5ADD5E CRITICAL Hardcoded Credentials Authentication Bypass TC-286B72E1 CRITICAL Hardcoded Credentials TC-81C4EDBB HIGH Information Disclosure Source Code Exposure TC-32E54366 MEDIUM Information Disclosure TC-F3778E97 MEDIUM Missing Rate Limiting Weak Password Policy TC-C95202B5 MEDIUM Cross-Site Request Forgery Insecure Cookie Configuration TC-46BCC93C CRITICAL Server-Side Template Injection Information Disclosure TC-E432BED5 HIGH Missing Rate Limiting TC-FAFDE77E HIGH Stored XSS TC-74F9B50E MEDIUM Insecure Cookie Configuration TC-F12072C7 MEDIUM Weak Password Policy TC-5466B390 MEDIUM Information Disclosure TC-A7F34BBC MEDIUM Missing Security Headers TC-F494E474 MEDIUM Missing Security Headers TC-A98B284F MEDIUM Missing Security Headers Information Disclosure TC-3BEDC164 LOW Missing Security Headers Information Disclosure TC-E833A006 LOW Information Disclosure TC-6E37689F LOW Missing Security Headers TC-19FB4BC5 LOW Information Disclosure TC-C67CBD7F CRITICAL Weak Password Policy Authentication Bypass TC-7D7FFC68 CRITICAL Hardcoded Credentials Information Disclosure TC-5C3B3CD3 CRITICAL Authentication Bypass Privilege Escalation TC-08A08570 HIGH Missing Rate Limiting Weak Password Policy TC-CC01294E MEDIUM Insecure Cookie Configuration TC-53DF4F29 MEDIUM Cross-Site Request Forgery TC-2FCBDB04 MEDIUM Username Enumeration TC-D6D5098D CRITICAL Unrestricted File Upload Remote Code Execution TC-5F6BF86B CRITICAL Unrestricted File Upload Local File Inclusion Remote Code Execution TC-58947221 MEDIUM Reflected XSS TC-CA6130E6 LOW Information Disclosure Missing Security Headers TC-0064D448 CRITICAL SQL Injection Information Disclosure TC-CB190F89 HIGH Missing Rate Limiting TC-C1766EF2 MEDIUM Session Fixation TC-50BFC98F MEDIUM Username Enumeration TC-74846C07 LOW Missing Security Headers TC-15BAD422 LOW Information Disclosure Directory Listing TC-57FCC2FC LOW Insecure Cookie Configuration TC-171FC264 CRITICAL Remote Code Execution End-of-Life Software TC-109F2D05 HIGH Missing Rate Limiting Weak Password Policy TC-DCFD28F6 HIGH Authentication Bypass Information Disclosure TC-C588F769 MEDIUM Username Enumeration TC-9261ECA9 MEDIUM Sensitive File Exposure TC-4BDE1762 LOW Missing Security Headers TC-A2A8EDC0 LOW Information Disclosure TC-9290F008 CRITICAL Path Traversal Remote Code Execution End-of-Life Software TC-77B99B0C MEDIUM Information Disclosure TC-75F227DC MEDIUM Information Disclosure Missing Security Headers TC-5E6B680E LOW Missing Security Headers TC-DAE6AA2A CRITICAL Information Disclosure Source Code Exposure TC-57F865BE CRITICAL Hardcoded Credentials Authentication Bypass TC-B1A65AA5 CRITICAL XML External Entity Injection TC-0171199B HIGH Hardcoded Credentials Weak Password Policy TC-E9415560 HIGH IDOR TC-7140077B MEDIUM Missing Rate Limiting TC-1F349088 LOW Insecure Cookie Configuration Missing Security Headers TC-3A3BE518 LOW Information Disclosure TC-A9920C44 CRITICAL Server-Side Request Forgery Local File Inclusion Information Disclosure Source Code Exposure Hardcoded Credentials TC-C78FF58B MEDIUM Denial of Service TC-04D786A9 MEDIUM Reflected XSS TC-6AF016A7 LOW Missing Security Headers TC-856FC6F0 LOW Information Disclosure TC-A9F66CF8 CRITICAL Local File Inclusion Remote Code Execution TC-B11201AA HIGH Missing Rate Limiting TC-97912411 MEDIUM Directory Listing Sensitive File Exposure TC-52F3714F MEDIUM Username Enumeration TC-82A5A32D LOW Missing Security Headers Insecure Cookie Configuration TC-62B5B638 LOW Information Disclosure Sensitive File Exposure TC-D52CD405 LOW Authentication Bypass TC-0ABDAD49 CRITICAL Remote Code Execution Command Injection TC-B826A6C8 MEDIUM Reflected XSS TC-6560853A LOW Missing Security Headers TC-5D8140E7 LOW Information Disclosure TC-74795DA8 LOW Insecure Cookie Configuration TC-0E9784AD CRITICAL Insecure Deserialization Remote Code Execution TC-18E6CFB9 HIGH Insecure Deserialization Unrestricted File Upload Denial of Service TC-A73C6D6B HIGH Authentication Bypass Insecure Deserialization TC-181A8F36 MEDIUM Information Disclosure TC-40021EE0 LOW Missing Security Headers TC-0F59003E LOW Information Disclosure TC-025E2F2D CRITICAL Command Injection Remote Code Execution TC-83ABBB44 HIGH Server-Side Request Forgery TC-E845A604 MEDIUM Cross-Site Request Forgery TC-130EE3B6 LOW Missing Security Headers TC-C6BB1B66 LOW Information Disclosure TC-76B8DBF7 CRITICAL SQL Injection GraphQL Injection TC-1E9BDB06 HIGH GraphQL Injection TC-535C6B14 MEDIUM Information Disclosure SQL Injection TC-E886224C MEDIUM Cross-Site Request Forgery TC-9372A8DA MEDIUM Reflected XSS GraphQL Injection TC-43138563 MEDIUM Denial of Service TC-88A7A997 LOW Missing Security Headers TC-9CA7DD1B LOW Information Disclosure TC-236A7E75 LOW Information Disclosure TC-0C4EF36C CRITICAL SQL Injection Authentication Bypass Privilege Escalation TC-CD1B2C85 HIGH Missing Rate Limiting TC-5A6924FB MEDIUM Insecure Cookie Configuration TC-8C8C172F MEDIUM Cross-Site Request Forgery TC-EF096F56 MEDIUM Information Disclosure TC-9C09E753 LOW Missing Security Headers TC-C3DC56A2 LOW Directory Listing TC-00647797 CRITICAL SQL Injection TC-FAA741BB CRITICAL SQL Injection Hardcoded Credentials Weak Password Policy TC-0EE89690 HIGH Missing Rate Limiting TC-D11E87A1 MEDIUM Insecure Cookie Configuration TC-31E277BA MEDIUM Information Disclosure TC-0FDC16C0 LOW Missing Security Headers TC-4558B820 LOW Information Disclosure TC-72718E65 LOW Directory Listing TC-B6A5EF84 CRITICAL Unrestricted File Upload Remote Code Execution TC-1D0938B0 CRITICAL Unrestricted File Upload Remote Code Execution TC-42B9A65F HIGH Reflected XSS TC-AFF2BC6C HIGH Unrestricted File Upload Stored XSS TC-26558AFB MEDIUM Missing Rate Limiting Denial of Service TC-CE5834A4 LOW Missing Security Headers TC-85C90B44 LOW Information Disclosure TC-0302A8BE CRITICAL Source Code Exposure Hardcoded Credentials TC-C672D978 HIGH Privilege Escalation TC-309F0D31 HIGH Information Disclosure TC-91D9D8AB LOW Information Disclosure TC-A3EB0788 LOW Missing Security Headers TC-5D1F19C7 CRITICAL Hardcoded Credentials Authentication Bypass IDOR TC-88BADE0B CRITICAL Hardcoded Credentials Information Disclosure TC-A2505EC8 CRITICAL Mass Assignment Authentication Bypass IDOR TC-E93F6484 HIGH Missing Rate Limiting TC-1046DD6D MEDIUM Insecure Cookie Configuration TC-8ACF5FED MEDIUM Username Enumeration Information Disclosure TC-67FA5E79 LOW Information Disclosure TC-257A83E2 CRITICAL Server-Side Template Injection Remote Code Execution End-of-Life Software TC-DEACE3D9 HIGH Sensitive File Exposure TC-8570AD37 MEDIUM Information Disclosure TC-9B0ED7A1 MEDIUM Sensitive File Exposure TC-C7B7A246 MEDIUM Sensitive File Exposure TC-714AD156 LOW Missing Security Headers TC-5F67B227 LOW Information Disclosure TC-1A31E8A7 CRITICAL Command Injection Sensitive File Exposure Source Code Exposure TC-843C9D7B HIGH Server-Side Request Forgery TC-DB26E2AB MEDIUM Command Injection Denial of Service TC-22BFB305 LOW Information Disclosure TC-28F9D1B8 LOW Missing Security Headers TC-9BD60A25 CRITICAL Reflected XSS TC-D37B47B6 MEDIUM Missing Security Headers TC-D20447CA LOW Missing Security Headers TC-053D9894 LOW End-of-Life Software Information Disclosure TC-F2050F29 LOW Information Disclosure TC-51EAA03F HIGH Server-Side Request Forgery Information Disclosure TC-8169BAAA LOW Missing Security Headers TC-6F736CF2 LOW Information Disclosure TC-16B1A5E4 MEDIUM End-of-Life Software Information Disclosure Missing Security Headers Reflected XSS TC-C79714FD MEDIUM Missing Security Headers TC-5D00FE04 LOW Missing Security Headers TC-DD809B02 LOW Missing Security Headers TC-2179E072 LOW Information Disclosure End-of-Life Software TC-7DB13FC6 CRITICAL Reflected XSS Remote Code Execution Information Disclosure End-of-Life Software TC-DEEB5304 MEDIUM Missing Security Headers TC-A600BF04 MEDIUM Information Disclosure End-of-Life Software TC-AC3EEAFD MEDIUM Missing Security Headers TC-4757DD8C MEDIUM Reflected XSS TC-00079D57 MEDIUM Reflected XSS TC-CEA537F0 LOW Missing Security Headers TC-6EA68F5D LOW Information Disclosure End-of-Life Software TC-E5F4C7E3 LOW Missing Security Headers TC-554DA8C5 MEDIUM Denial of Service TC-E4E46DA1 MEDIUM Reflected XSS TC-0A4710EF LOW Missing Security Headers TC-3956E2AF LOW Information Disclosure TC-66839699 CRITICAL Authentication Bypass Mass Assignment TC-BF7FA284 HIGH Missing Rate Limiting TC-8AB5F3C3 MEDIUM End-of-Life Software Information Disclosure TC-D1EF8D6F MEDIUM Sensitive File Exposure Information Disclosure TC-B4C96524 LOW Cross-Site Request Forgery TC-15C3D58C LOW Missing Security Headers TC-2E689A82 LOW Information Disclosure TC-059C8C71 CRITICAL Server-Side Template Injection Remote Code Execution TC-2B6749F9 MEDIUM Directory Listing TC-91CC7872 MEDIUM Reflected XSS TC-7A6D7A45 LOW Missing Security Headers TC-AEBFDC35 LOW Information Disclosure TC-81E53F83 CRITICAL Authentication Bypass TC-9A3BB9AF MEDIUM Information Disclosure TC-14DF504B LOW Missing Security Headers TC-1FB7FEF3 CRITICAL Authentication Bypass TC-93640F3A HIGH Missing Rate Limiting TC-5ACA7202 MEDIUM End-of-Life Software TC-171D4E3E MEDIUM Information Disclosure TC-44738369 MEDIUM Sensitive File Exposure TC-2C4E139B LOW Missing Security Headers TC-F3EA2577 LOW Information Disclosure TC-D6432D53 CRITICAL Authentication Bypass TC-B893F5A6 CRITICAL Server-Side Template Injection Information Disclosure TC-DC8CE746 HIGH Authentication Bypass Privilege Escalation TC-A7699D50 HIGH Information Disclosure TC-A7877DD8 MEDIUM Missing Rate Limiting TC-7A476C3A LOW Insecure Cookie Configuration TC-9EB34F56 CRITICAL Insecure Deserialization Remote Code Execution TC-E15AD9A6 HIGH Stored XSS TC-E0A09369 MEDIUM Denial of Service TC-62B02A6E MEDIUM Insecure Cookie Configuration TC-0CCA94AE MEDIUM Cross-Site Request Forgery TC-B56BD0EF LOW Information Disclosure TC-D0204AB8 LOW Directory Listing Information Disclosure TC-677C90B9 CRITICAL Authentication Bypass TC-E0AE972B HIGH Missing Rate Limiting TC-DC930255 HIGH IDOR TC-1C891070 MEDIUM Information Disclosure TC-F6062BAA MEDIUM Information Disclosure TC-51B5D628 LOW Missing Security Headers TC-B553D4F4 LOW Insecure Cookie Configuration TC-0DE2620C MEDIUM End-of-Life Software Information Disclosure TC-62DBC619 MEDIUM Missing Security Headers TC-0A92F1E1 MEDIUM Reflected XSS TC-3EBA367D LOW Missing Security Headers TC-F52FD9C6 LOW Missing Security Headers TC-80C5E97A LOW Information Disclosure TC-6CCCA981 CRITICAL Authentication Bypass TC-FF3FECEA HIGH Weak Password Policy Information Disclosure TC-F493613A HIGH Missing Rate Limiting TC-4C088DDA MEDIUM Information Disclosure TC-4DE2E780 LOW Sensitive File Exposure Information Disclosure Source Code Exposure TC-03F9E7F5 LOW Missing Security Headers Information Disclosure TC-6B3A1B5E CRITICAL Path Traversal Local File Inclusion TC-821F8795 MEDIUM Reflected XSS TC-788A956D LOW Missing Security Headers TC-4DF75EB8 LOW Information Disclosure TC-8C951F88 MEDIUM Reflected XSS TC-1BAAF0B3 LOW Missing Security Headers TC-A16D8C8F LOW Missing Security Headers TC-05A3FC48 LOW Missing Security Headers TC-0B098461 LOW Information Disclosure TC-309AEBEA CRITICAL Mass Assignment TC-1BA8D61D CRITICAL Source Code Exposure Hardcoded Credentials TC-68794451 CRITICAL Hardcoded Credentials Authentication Bypass TC-A12A874E MEDIUM Cross-Site Request Forgery TC-FFFA7897 LOW Missing Security Headers TC-A64950B7 LOW Information Disclosure TC-C28A0173 MEDIUM Reflected XSS TC-92A20A7D LOW Missing Security Headers TC-00A9ACFD LOW Information Disclosure TC-DBC46640 CRITICAL Server-Side Template Injection Remote Code Execution Server-Side Request Forgery TC-C6086042 HIGH Server-Side Request Forgery TC-525C17BB MEDIUM Missing Security Headers TC-5AEEA24D MEDIUM Reflected XSS TC-221902A1 LOW End-of-Life Software TC-8B5EE391 LOW Missing Security Headers TC-8856138A LOW Information Disclosure TC-BA80BF8C CRITICAL Privilege Escalation TC-0CF3ED1B CRITICAL Source Code Exposure Hardcoded Credentials TC-345F8830 HIGH Information Disclosure TC-D06EB4A3 MEDIUM Username Enumeration TC-701FDF97 CRITICAL Unrestricted File Upload Remote Code Execution TC-292C303F HIGH Unrestricted File Upload Missing Rate Limiting Cross-Site Request Forgery TC-B1F01441 HIGH Stored XSS TC-315B24AF MEDIUM Unrestricted File Upload Missing Rate Limiting Denial of Service TC-5DDC0673 MEDIUM Unrestricted File Upload TC-88DE9A3C MEDIUM Information Disclosure IDOR TC-C578FB60 LOW End-of-Life Software TC-FE616C93 CRITICAL Command Injection TC-675614A1 HIGH Command Injection Source Code Exposure TC-58B22087 HIGH Command Injection Privilege Escalation TC-BCAD79DB HIGH Authentication Bypass TC-4ED26D4F MEDIUM Command Injection Denial of Service TC-58EDB1BF LOW Missing Security Headers TC-A48C934D LOW Information Disclosure TC-80491E42 CRITICAL IDOR TC-CFB54A35 HIGH IDOR TC-96AF5025 MEDIUM Username Enumeration TC-73C98DE0 MEDIUM Insecure Cookie Configuration Cross-Site Request Forgery TC-D405E891 MEDIUM Insecure Cookie Configuration TC-219FFA28 MEDIUM Missing Rate Limiting TC-D71388C0 MEDIUM Directory Listing TC-824357E8 LOW Information Disclosure TC-A27C81EC HIGH Server-Side Request Forgery TC-57F04B4C MEDIUM End-of-Life Software TC-ABD8EC25 MEDIUM Denial of Service TC-CBF1EF5F MEDIUM Missing Security Headers TC-87BEF5ED MEDIUM Reflected XSS TC-9DFBA159 MEDIUM Reflected XSS TC-429EBA9B LOW Missing Security Headers TC-028084CD CRITICAL SQL Injection TC-D45577D3 HIGH Stored XSS TC-9CC5AD77 MEDIUM Missing Rate Limiting TC-B881748D MEDIUM Information Disclosure TC-BAC788F1 MEDIUM Sensitive File Exposure TC-20E804AD LOW Missing Security Headers TC-14BB4DAC LOW Information Disclosure TC-F4A4BC67 CRITICAL Hardcoded Credentials Authentication Bypass TC-391BF2A5 MEDIUM Cross-Site Request Forgery TC-A06B9848 MEDIUM Information Disclosure TC-F39A2EE7 MEDIUM Missing Rate Limiting TC-CC20B585 MEDIUM End-of-Life Software TC-C59EA637 LOW Missing Security Headers TC-170786B8 CRITICAL Command Injection TC-CB239376 MEDIUM Cross-Site Request Forgery TC-8049DDA8 MEDIUM Missing Rate Limiting Denial of Service TC-C0DBBBFD LOW Missing Security Headers TC-8CAB3893 LOW Information Disclosure TC-C13AA6AE HIGH Reflected XSS Server-Side Request Forgery TC-55281EBA HIGH Reflected XSS TC-09A91ED8 MEDIUM Missing Security Headers TC-E55CED46 MEDIUM Reflected XSS Information Disclosure TC-012CDEA9 LOW Missing Security Headers TC-9035B2C9 LOW Information Disclosure TC-A51E4AF7 CRITICAL Insecure Deserialization Remote Code Execution TC-088E7979 HIGH Insecure Cookie Configuration TC-A7561B32 HIGH Stored XSS TC-F2CAFEFF MEDIUM Information Disclosure TC-30F9AAFF MEDIUM Stored XSS TC-C92CB811 MEDIUM Cross-Site Request Forgery TC-7FBCB752 LOW Information Disclosure TC-85C42BAE LOW Insecure Cookie Configuration TC-A8176A8B LOW Missing Security Headers TC-5B513355 CRITICAL Server-Side Template Injection Source Code Exposure Remote Code Execution TC-57ECC2B6 HIGH Server-Side Template Injection Denial of Service TC-C91686F6 MEDIUM Reflected XSS TC-E3339368 LOW Missing Security Headers TC-9787B164 LOW Information Disclosure TC-BEA7E548 CRITICAL XML External Entity Injection TC-491C21E9 HIGH Authentication Bypass TC-8EB20B6F HIGH Unrestricted File Upload Stored XSS TC-90644A96 HIGH Unrestricted File Upload Stored XSS TC-04E8B7F6 MEDIUM Unrestricted File Upload Stored XSS TC-27D65B80 LOW Information Disclosure TC-FE3AC2F2 LOW Missing Security Headers TC-0E04F3A0 LOW Information Disclosure TC-65A15011 CRITICAL SQL Injection Hardcoded Credentials TC-BB0A6C33 HIGH Missing Rate Limiting TC-829108C2 MEDIUM Information Disclosure Missing Security Headers End-of-Life Software TC-38782F7D MEDIUM Reflected XSS TC-8278732E LOW Insecure Cookie Configuration TC-6CC80E00 LOW Directory Listing TC-D7FF84F9 MEDIUM Reflected XSS TC-2A84B61C LOW Missing Security Headers TC-8B5F0C72 LOW Information Disclosure TC-FAAB7232 CRITICAL Server-Side Template Injection Remote Code Execution TC-79135F9B LOW Missing Security Headers TC-9E6B4D92 LOW Information Disclosure TC-01810D55 HIGH Missing Rate Limiting TC-C41DB309 MEDIUM Insecure Cookie Configuration TC-7B7BF511 MEDIUM Information Disclosure TC-C48F60D0 LOW Missing Security Headers TC-26D246E7 LOW Information Disclosure TC-CBB87ABB CRITICAL Server-Side Request Forgery Information Disclosure TC-47EAA09D CRITICAL Server-Side Request Forgery Remote Code Execution TC-1ACA8852 HIGH Information Disclosure Source Code Exposure TC-99D25984 HIGH Authentication Bypass TC-C5941401 MEDIUM Information Disclosure TC-F4511683 LOW Missing Security Headers TC-CE38C5B4 LOW Information Disclosure TC-E75453A9 CRITICAL SQL Injection TC-82C9E907 HIGH SQL Injection Weak Password Policy TC-025128D1 MEDIUM Information Disclosure TC-573390FF MEDIUM Information Disclosure TC-FEFB73E2 LOW Missing Security Headers TC-2B36FA26 LOW Information Disclosure TC-D58301FC LOW Directory Listing TC-9EAB85E2 HIGH Path Traversal Information Disclosure TC-69BE262E MEDIUM Missing Security Headers TC-D5E3875F MEDIUM Missing Rate Limiting TC-03B89177 LOW Information Disclosure TC-AA65FE2E LOW Information Disclosure TC-7F57C56F HIGH Missing Rate Limiting TC-85679080 HIGH Sensitive File Exposure TC-29964FC2 LOW Cross-Site Request Forgery TC-FAD21201 LOW Missing Security Headers TC-A1D7ED75 LOW Information Disclosure TC-FB1976D3 CRITICAL Server-Side Template Injection Remote Code Execution Information Disclosure TC-13FCD0A9 MEDIUM Denial of Service TC-8924591B MEDIUM Reflected XSS TC-146BF801 LOW Missing Security Headers TC-EA8B0D82 LOW Information Disclosure TC-9BEDC478 MEDIUM Reflected XSS TC-605784EB LOW Missing Security Headers TC-675A3280 LOW Missing Security Headers TC-96EC9FFA LOW Information Disclosure TC-AF054E2F LOW Missing Security Headers TC-617AD3D6 CRITICAL Hardcoded Credentials TC-D1280D2B HIGH Missing Rate Limiting TC-98BA2370 HIGH Information Disclosure TC-4770BF26 MEDIUM Insecure Cookie Configuration TC-1E434EB5 MEDIUM Cross-Site Request Forgery TC-030997B6 MEDIUM Username Enumeration TC-A38E237B LOW Information Disclosure TC-BC02DC07 CRITICAL Hardcoded Credentials Authentication Bypass TC-1174F901 CRITICAL Information Disclosure Source Code Exposure TC-F988EC71 CRITICAL Mass Assignment Privilege Escalation TC-28E6669B HIGH Missing Rate Limiting TC-DBCE0CFE LOW Information Disclosure TC-6AD91692 HIGH Missing Rate Limiting TC-E38D68E2 HIGH IDOR TC-D7E351D0 HIGH IDOR Privilege Escalation TC-4B95A4E3 MEDIUM Username Enumeration TC-5EF2B37E MEDIUM Cross-Site Request Forgery Insecure Cookie Configuration TC-83697E10 LOW Insecure Cookie Configuration TC-772385F4 CRITICAL Authentication Bypass Privilege Escalation TC-8F1FA9E0 HIGH Weak Password Policy TC-3F7BCEBB MEDIUM Insecure Cookie Configuration TC-937D8716 MEDIUM Missing Rate Limiting TC-9E7F0FE2 LOW Missing Security Headers TC-64EA9E5F LOW Information Disclosure TC-7753E2FE CRITICAL Server-Side Request Forgery Information Disclosure Reflected XSS TC-CB04ABB0 HIGH Sensitive File Exposure Source Code Exposure TC-61F0B85A MEDIUM Authentication Bypass Cross-Site Request Forgery TC-DB5DB1CA LOW Missing Security Headers TC-8FD691C8 LOW Information Disclosure TC-CED19720 CRITICAL Hardcoded Credentials Weak Password Policy TC-3833E884 CRITICAL Source Code Exposure Authentication Bypass TC-DB2C5C94 CRITICAL Hardcoded Credentials Server-Side Template Injection Remote Code Execution TC-BF978242 HIGH Information Disclosure Source Code Exposure TC-E9D2F2FE LOW Information Disclosure TC-75E93E83 CRITICAL Command Injection Remote Code Execution TC-9B0FF1A5 CRITICAL Server-Side Request Forgery TC-4DB9F965 HIGH IDOR TC-CFC1BC17 LOW Information Disclosure TC-9C1C991B HIGH Missing Rate Limiting TC-2EC3C6E7 MEDIUM Insecure Cookie Configuration Session Fixation TC-A1BFFA8A MEDIUM Information Disclosure TC-E312F7F3 MEDIUM Username Enumeration TC-FDFBC71A LOW Cross-Site Request Forgery TC-7E49F77A LOW Missing Security Headers TC-30CB2593 LOW Information Disclosure TC-024AC40A CRITICAL XML External Entity Injection Sensitive File Exposure TC-68B1B44C LOW Missing Security Headers TC-44F6D1D9 LOW Information Disclosure TC-AA47CDD9 CRITICAL Path Traversal Directory Listing Sensitive File Exposure TC-4C1E7D9C CRITICAL Authentication Bypass TC-BAD6F430 HIGH Missing Rate Limiting TC-BB636879 MEDIUM Cross-Site Request Forgery TC-3A2C4CC3 LOW Missing Security Headers TC-7A08ACD7 LOW Information Disclosure TC-B0238528 CRITICAL Local File Inclusion Path Traversal TC-08B2E763 HIGH Directory Listing TC-DA6D6B26 HIGH Authentication Bypass TC-ADB486A3 MEDIUM Missing Rate Limiting TC-CB6653C1 MEDIUM Sensitive File Exposure TC-5E67E98D LOW Information Disclosure TC-74D335F5 CRITICAL SQL Injection Authentication Bypass Denial of Service TC-BB142AB6 CRITICAL Authentication Bypass IDOR TC-445ECA26 CRITICAL Information Disclosure IDOR TC-AADC3F34 HIGH Denial of Service TC-CD81E7D3 HIGH Missing Rate Limiting TC-698BCF66 HIGH Stored XSS TC-37BC4636 MEDIUM Information Disclosure TC-B262E4E9 MEDIUM Authentication Bypass TC-275B2E76 LOW Missing Security Headers TC-38853D37 CRITICAL GraphQL Injection Information Disclosure TC-5C4CE812 CRITICAL Authentication Bypass Information Disclosure TC-71B40BFF HIGH GraphQL Injection Information Disclosure TC-D25280FF MEDIUM Cross-Site Request Forgery TC-150FC519 MEDIUM Information Disclosure TC-52F51160 LOW Information Disclosure TC-9FEAA74F CRITICAL Information Disclosure Authentication Bypass TC-72C973D1 MEDIUM Missing Rate Limiting TC-846092DE MEDIUM Denial of Service TC-CF5A461E LOW Insecure Cookie Configuration TC-2F057EED LOW Information Disclosure TC-85CC88A9 CRITICAL Hardcoded Credentials Authentication Bypass TC-899106E8 HIGH IDOR TC-FF79946F MEDIUM Insecure Cookie Configuration TC-4E919EBB MEDIUM Missing Rate Limiting TC-A08C2B82 MEDIUM Cross-Site Request Forgery TC-6C044C21 LOW Information Disclosure TC-23C88BAF LOW Missing Security Headers TC-FBD8E5CA CRITICAL Authentication Bypass TC-AB2AFE1B CRITICAL Hardcoded Credentials TC-AD132878 CRITICAL IDOR Authentication Bypass Privilege Escalation TC-D2A10949 MEDIUM Missing Rate Limiting TC-6EEDE043 MEDIUM Insecure Cookie Configuration TC-CA72AB78 MEDIUM Information Disclosure TC-7115E4CB LOW Missing Security Headers TC-8270421F LOW Information Disclosure TC-4F06C99D CRITICAL Hardcoded Credentials Information Disclosure TC-7D70E787 CRITICAL Hardcoded Credentials Authentication Bypass TC-4B9614FB HIGH Missing Rate Limiting TC-A675F6B1 HIGH Mass Assignment TC-9D586704 MEDIUM Cross-Site Request Forgery Insecure Cookie Configuration TC-E5A7ADFE MEDIUM Reflected XSS TC-B996EFC7 LOW Information Disclosure TC-8CC6AA85 LOW Insecure Cookie Configuration Full benchmark data — audit-ready reports and reproducible exploits — published on GitHub.