Posture
critical
5
high
2
medium
3
low
6
Ownership
Findings (17)
critical
Cross-site Scripting in profile renderer
Burp SuiteDAST
open
4.8
low
Hardcoded AWS access key in source
ProwlerCSPM
triaged
9.4
low
Path traversal in file download endpoint
Cloudflare WAFWAF
false positive
9
medium
Path traversal in file download endpoint
TruffleHogSecrets
open
5.6
low
Missing CSP header on auth pages
TrivyContainer
triaged
5.9
critical
Insecure deserialization in message queue consumer
TrivyContainer
open
7.2
info
Unencrypted RDS snapshot
tfsecIaC
triaged
4.5
low
Missing rate limiting on /login
SemgrepSAST
accepted
7.7
medium
SQL Injection in user-input handler
ProwlerCSPM
false positive
6.2
high
Path traversal in file download endpoint
GrypeContainer
open
4.9
high
Open Redis without auth
tfsecIaC
open
5.2