Internet-exposed
Posture
critical
4
high
3
medium
6
low
7
Ownership
Findings (25)
low
Terraform module pins old AMI with CVEs
WizCSPM
open
4.3
low
Insecure deserialization in message queue consumer
CodeQLSAST
open
8.8
high
Excessive Kubernetes RBAC privileges
OWASP ZAPDAST
triaged
6
medium
Outdated lodash with prototype pollution
SemgrepSAST
triaged
5.6
low
Missing rate limiting on /login
CheckmarxSAST
open
6.2
critical
SQL Injection in user-input handler
Burp Pro PenTestPenTest
accepted
8.7
low
Container running as root
Cloudflare WAFWAF
triaged
5.4
info
Terraform module pins old AMI with CVEs
SnykSCA
open
9.7
low
Path traversal in file download endpoint
OWASP ZAPDAST
open
8.1
info
Log4Shell vulnerable dependency
DependabotSCA
triaged
9.2
info
Path traversal in file download endpoint
SnykSCA
accepted
5.3
critical
JWT signed with weak HS256 secret
WizCSPM
open
5.7
medium
Missing rate limiting on /login
TrivyContainer
open
9.1
high
Race condition in payment idempotency
WizCSPM
open
6.9
medium
S3 bucket publicly readable
DependabotSCA
open
9.7
medium
Path traversal in file download endpoint
GitleaksSecrets
open
9.8
low
Dependency confusion risk on internal package
TrivyContainer
triaged
8.8
critical
Hardcoded AWS access key in source
Contrast RASPRASP
false positive
8.6
medium
Outdated lodash with prototype pollution
GrypeContainer
open
7
critical
Container running as root
SonarQubeSAST
open
6.8