Findings
2,500 findings across 20 tools. Deduplicated and prioritized.
200 matching findings
high
Terraform module pins old AMI with CVEs
fnd_3·user-svc/user-svc-load-balancer-37
Cloudflare WAFWAF
open
6.7
123d / 14d SLA
high
Open Redis without auth
fnd_4CVE-2025-35736·shipping-svc/shipping-svc-lambda-87
SonarQubeSAST
open
7.7
64d / 14d SLA
high
JWT signed with weak HS256 secret
fnd_6·tax-svc/tax-svc-lambda-2
OWASP ZAPDAST
triaged
9.2
50d / 14d SLA
high
Excessive Kubernetes RBAC privileges
fnd_10·user-svc/user-svc-load-balancer-89
GrypeContainer
open
6
130d / 14d SLA
high
Outdated lodash with prototype pollution
fnd_12·payments-core/payments-core-service-36
OWASP ZAPDAST
open
9.3
176d / 14d SLA
high
SSRF in webhook fetcher
fnd_14·api-gateway/api-gateway-service-65
WizCSPM
open
8.9
93d / 14d SLA
high
Missing CSP header on auth pages
fnd_20·wallet/wallet-s3-bucket-6
CodeQLSAST
open
6.2
157d / 14d SLA
critical
S3 bucket publicly readable
fnd_21·tax-svc/tax-svc-container-10
TruffleHogSecrets
open
8.7
32d / 7d SLA
critical
Hardcoded AWS access key in source
fnd_23·inventory-svc/inventory-svc-service-10
Burp SuiteDAST
open
9.7
15d / 7d SLA
critical
Cross-site Scripting in profile renderer
fnd_37·wallet/wallet-s3-bucket-86
SonarQubeSAST
triaged
9
15d / 7d SLA
critical
Log4Shell vulnerable dependency
fnd_50CVE-2025-1605·shipping-svc/shipping-svc-load-balancer-65
GitleaksSecrets
open
4.2
2d / 7d SLA
high
IAM role with wildcard permissions
fnd_51CVE-2021-1132·profile-svc/profile-svc-iam-role-35
Contrast RASPRASP
triaged
7.2
136d / 14d SLA
critical
Cross-site Scripting in profile renderer
fnd_56CVE-2023-12624·fraud-engine/fraud-engine-vm-75
Contrast RASPRASP
open
4.5
92d / 7d SLA
high
Open Redis without auth
fnd_57CVE-2023-31587·wallet/wallet-rds-89
WizCSPM
open
4.5
177d / 14d SLA
high
Dependency confusion risk on internal package
fnd_72·profile-svc/profile-svc-k8s-cluster-88
Cloudflare WAFWAF
triaged
7.6
109d / 14d SLA
high
Missing CSP header on auth pages
fnd_81·checkout-api/checkout-api-vm-21
SonarQubeSAST
open
7.7
101d / 14d SLA
high
SQL Injection in user-input handler
fnd_84·payments-core/payments-core-k8s-cluster-17
Contrast RASPRASP
triaged
5.5
128d / 14d SLA
high
Race condition in payment idempotency
fnd_86CVE-2024-39540·recs-engine/recs-engine-k8s-cluster-51
TrivyContainer
triaged
4.8
18d / 14d SLA
high
Missing rate limiting on /login
fnd_89CVE-2021-1404·analytics-pipeline/analytics-pipeline-service-97
GitleaksSecrets
open
7
7d / 14d SLA
high
Terraform module pins old AMI with CVEs
fnd_94·subscriptions/subscriptions-vm-17
Burp Pro PenTestPenTest
open
7.4
15d / 14d SLA
high
S3 bucket publicly readable
fnd_102·billing-svc/billing-svc-service-12
tfsecIaC
triaged
4.9
160d / 14d SLA
critical
S3 bucket publicly readable
fnd_106·orders-api/orders-api-k8s-cluster-37
GrypeContainer
open
6.3
168d / 7d SLA
high
Unencrypted RDS snapshot
fnd_110·wallet/wallet-s3-bucket-3
WizCSPM
open
7.8
31d / 14d SLA
high
Missing CSP header on auth pages
fnd_114·user-svc/user-svc-load-balancer-89
SonarQubeSAST
open
5.3
49d / 14d SLA
critical
Container running as root
fnd_118·vault/vault-lambda-45
Burp SuiteDAST
open
7.5
78d / 7d SLA
high
Outdated lodash with prototype pollution
fnd_121CVE-2021-49581·billing-svc/billing-svc-vm-66
TruffleHogSecrets
open
9.9
48d / 14d SLA
high
Cross-site Scripting in profile renderer
fnd_134·profile-svc/profile-svc-iam-role-35
Cloudflare WAFWAF
triaged
6.2
3d / 14d SLA
high
SSRF in webhook fetcher
fnd_136·ledger/ledger-rds-35
Cloudflare WAFWAF
open
7.2
52d / 14d SLA
high
Terraform module pins old AMI with CVEs
fnd_139CVE-2022-5713·cart-web/cart-web-iam-role-43
tfsecIaC
open
8.6
146d / 14d SLA
high
SQL Injection in user-input handler
fnd_142CVE-2020-17411·payments-core/payments-core-service-36
tfsecIaC
triaged
9.7
77d / 14d SLA
high
Cross-site Scripting in profile renderer
fnd_145CVE-2024-19122·billing-svc/billing-svc-k8s-cluster-33
DependabotSCA
open
4.7
122d / 14d SLA
high
Excessive Kubernetes RBAC privileges
fnd_151·analytics-pipeline/analytics-pipeline-service-97
Burp Pro PenTestPenTest
triaged
10
105d / 14d SLA
high
SQL Injection in user-input handler
fnd_157CVE-2023-24124·payments-core/payments-core-vm-69
ProwlerCSPM
open
7.7
86d / 14d SLA
high
S3 bucket publicly readable
fnd_163CVE-2020-48052·profile-svc/profile-svc-k8s-cluster-29
Burp SuiteDAST
open
8.6
56d / 14d SLA
high
Unencrypted RDS snapshot
fnd_174·profile-svc/profile-svc-container-7
Scout SuiteCSPM
triaged
8
35d / 14d SLA
critical
Container running as root
fnd_175CVE-2025-22330·notifications/notifications-container-62
TrivyContainer
open
9.1
53d / 7d SLA
high
Terraform module pins old AMI with CVEs
fnd_178CVE-2021-9434·search-api/search-api-k8s-cluster-2
tfsecIaC
triaged
4.9
134d / 14d SLA
high
S3 bucket publicly readable
fnd_179CVE-2020-6772·wallet/wallet-s3-bucket-2
CheckovIaC
open
7.8
147d / 14d SLA
high
Log4Shell vulnerable dependency
fnd_182CVE-2022-21241·subscriptions/subscriptions-container-79
ProwlerCSPM
open
5.2
80d / 14d SLA
critical
Missing rate limiting on /login
fnd_183CVE-2021-12641·payments-core/payments-core-k8s-cluster-78
GrypeContainer
open
8.9
51d / 7d SLA
high
Terraform module pins old AMI with CVEs
fnd_184·search-api/search-api-k8s-cluster-2
GrypeContainer
open
9.2
39d / 14d SLA
high
Open Redis without auth
fnd_188CVE-2024-12646·payments-core/payments-core-k8s-cluster-46
Contrast RASPRASP
open
6.4
116d / 14d SLA
high
Missing CSP header on auth pages
fnd_193·search-api/search-api-service-82
OWASP ZAPDAST
triaged
6.5
142d / 14d SLA
critical
Cross-site Scripting in profile renderer
fnd_202CVE-2024-12593·marketing-site/marketing-site-container-45
Burp SuiteDAST
open
4.8
160d / 7d SLA
high
IAM role with wildcard permissions
fnd_221CVE-2024-1718·webhooks/webhooks-service-42
GitleaksSecrets
open
9.7
52d / 14d SLA
high
Insecure deserialization in message queue consumer
fnd_222CVE-2022-32421·profile-svc/profile-svc-lambda-69
CheckovIaC
triaged
4.4
82d / 14d SLA
high
Outdated lodash with prototype pollution
fnd_225·analytics-pipeline/analytics-pipeline-service-10
SonarQubeSAST
triaged
7.9
47d / 14d SLA
high
Missing rate limiting on /login
fnd_233·payments-core/payments-core-service-36
ProwlerCSPM
triaged
8.5
64d / 14d SLA
high
SSRF in webhook fetcher
fnd_235·billing-svc/billing-svc-k8s-cluster-33
Cloudflare WAFWAF
open
5.3
49d / 14d SLA
high
Insecure deserialization in message queue consumer
fnd_240·ledger/ledger-iam-role-44
TruffleHogSecrets
triaged
5.6
145d / 14d SLA
high
Excessive Kubernetes RBAC privileges
fnd_246CVE-2022-27842·orders-api/orders-api-k8s-cluster-37
Burp Pro PenTestPenTest
open
7.8
27d / 14d SLA
high
Race condition in payment idempotency
fnd_261·user-svc/user-svc-vm-46
Contrast RASPRASP
triaged
9.6
87d / 14d SLA
high
Open Redis without auth
fnd_262CVE-2020-27091·search-api/search-api-service-82
tfsecIaC
open
5.2
99d / 14d SLA
high
Terraform module pins old AMI with CVEs
fnd_263CVE-2025-23900·tax-svc/tax-svc-container-10
SnykSCA
open
4.1
96d / 14d SLA
high
Terraform module pins old AMI with CVEs
fnd_266·vault/vault-k8s-cluster-37
SnykSCA
open
8.4
115d / 14d SLA
high
SSRF in webhook fetcher
fnd_267CVE-2022-11127·shipping-svc/shipping-svc-s3-bucket-89
SemgrepSAST
triaged
8.7
97d / 14d SLA
critical
Path traversal in file download endpoint
fnd_278CVE-2022-14652·marketing-site/marketing-site-vm-99
Burp SuiteDAST
open
4.8
44d / 7d SLA
high
SSRF in webhook fetcher
fnd_280CVE-2021-31946·support-portal/support-portal-s3-bucket-44
tfsecIaC
triaged
6.5
91d / 14d SLA
high
Unencrypted RDS snapshot
fnd_290·tax-svc/tax-svc-s3-bucket-62
Contrast RASPRASP
open
9.3
66d / 14d SLA
critical
Hardcoded AWS access key in source
fnd_292CVE-2020-15046·notifications/notifications-vm-79
SnykSCA
triaged
8
113d / 7d SLA
high
Cross-site Scripting in profile renderer
fnd_295CVE-2022-27534·inventory-svc/inventory-svc-iam-role-10
GrypeContainer
open
8.7
91d / 14d SLA
critical
Unencrypted RDS snapshot
fnd_297·vault/vault-rds-36
CheckmarxSAST
open
8.4
135d / 7d SLA
high
Terraform module pins old AMI with CVEs
fnd_300CVE-2022-32490·profile-svc/profile-svc-lambda-81
Cloudflare WAFWAF
triaged
7.2
0d / 14d SLA
high
Excessive Kubernetes RBAC privileges
fnd_301CVE-2024-24919·billing-svc/billing-svc-k8s-cluster-33
SonarQubeSAST
triaged
6.7
13d / 14d SLA
critical
Hardcoded AWS access key in source
fnd_310·marketing-site/marketing-site-vm-82
CheckovIaC
triaged
9.8
142d / 7d SLA
critical
Missing CSP header on auth pages
fnd_316·payments-core/payments-core-service-36
tfsecIaC
triaged
4.5
109d / 7d SLA
high
IAM role with wildcard permissions
fnd_320CVE-2024-48798·analytics-pipeline/analytics-pipeline-vm-37
TruffleHogSecrets
open
4.5
73d / 14d SLA
high
Insecure deserialization in message queue consumer
fnd_324·webhooks/webhooks-container-10
SemgrepSAST
open
9.1
63d / 14d SLA
high
Cross-site Scripting in profile renderer
fnd_329·billing-svc/billing-svc-iam-role-61
GrypeContainer
triaged
5.8
104d / 14d SLA
high
Excessive Kubernetes RBAC privileges
fnd_331·billing-svc/billing-svc-vm-45
OWASP ZAPDAST
triaged
6
36d / 14d SLA
critical
Open Redis without auth
fnd_334CVE-2022-8405·profile-svc/profile-svc-k8s-cluster-88
tfsecIaC
open
8.6
170d / 7d SLA
critical
IAM role with wildcard permissions
fnd_343CVE-2024-35108·fraud-engine/fraud-engine-lambda-77
Cloudflare WAFWAF
open
5.3
160d / 7d SLA
critical
Insecure deserialization in message queue consumer
fnd_346CVE-2022-30594·cart-web/cart-web-rds-9
CheckovIaC
open
9.6
65d / 7d SLA
high
Outdated lodash with prototype pollution
fnd_354CVE-2023-15964·webhooks/webhooks-container-10
Scout SuiteCSPM
triaged
9.6
5d / 14d SLA
critical
JWT signed with weak HS256 secret
fnd_363·analytics-pipeline/analytics-pipeline-lambda-92
GrypeContainer
triaged
8.4
123d / 7d SLA
critical
Hardcoded AWS access key in source
fnd_369CVE-2020-13429·user-svc/user-svc-iam-role-10
SonarQubeSAST
open
7.5
3d / 7d SLA
high
SSRF in webhook fetcher
fnd_370·inventory-svc/inventory-svc-service-10
tfsecIaC
open
4.5
17d / 14d SLA
high
SQL Injection in user-input handler
fnd_376CVE-2021-34254·vault/vault-vm-44
WizCSPM
open
9
33d / 14d SLA
critical
Dependency confusion risk on internal package
fnd_382·vault/vault-service-3
TruffleHogSecrets
triaged
7.9
144d / 7d SLA
high
SSRF in webhook fetcher
fnd_395CVE-2022-17676·user-svc/user-svc-lambda-60
TrivyContainer
open
7.6
77d / 14d SLA
high
Cross-site Scripting in profile renderer
fnd_396CVE-2023-39494·fraud-engine/fraud-engine-vm-75
WizCSPM
open
8.9
18d / 14d SLA
high
Race condition in payment idempotency
fnd_398CVE-2025-15330·recs-engine/recs-engine-k8s-cluster-51
Cloudflare WAFWAF
open
4.6
175d / 14d SLA
high
Missing CSP header on auth pages
fnd_402CVE-2024-26919·shipping-svc/shipping-svc-load-balancer-65
CheckmarxSAST
open
7.7
108d / 14d SLA
critical
SSRF in webhook fetcher
fnd_410·api-gateway/api-gateway-load-balancer-77
DependabotSCA
triaged
4.4
67d / 7d SLA
high
Log4Shell vulnerable dependency
fnd_411·cart-web/cart-web-rds-9
ProwlerCSPM
open
5.9
53d / 14d SLA
high
Missing CSP header on auth pages
fnd_413·analytics-pipeline/analytics-pipeline-lambda-92
SemgrepSAST
open
7.3
127d / 14d SLA
critical
S3 bucket publicly readable
fnd_416CVE-2024-4433·billing-svc/billing-svc-k8s-cluster-33
CheckovIaC
open
5.6
31d / 7d SLA
critical
Missing rate limiting on /login
fnd_423·analytics-pipeline/analytics-pipeline-vm-37
TrivyContainer
triaged
9.3
88d / 7d SLA
high
S3 bucket publicly readable
fnd_424CVE-2023-36649·inventory-svc/inventory-svc-service-10
GrypeContainer
open
4.1
164d / 14d SLA
high
Path traversal in file download endpoint
fnd_425·profile-svc/profile-svc-lambda-81
Burp Pro PenTestPenTest
open
9.7
155d / 14d SLA
high
JWT signed with weak HS256 secret
fnd_426·analytics-pipeline/analytics-pipeline-service-97
SonarQubeSAST
triaged
6.9
177d / 14d SLA
critical
Hardcoded AWS access key in source
fnd_428·support-portal/support-portal-service-79
CheckovIaC
open
7.3
138d / 7d SLA
critical
Insecure deserialization in message queue consumer
fnd_429·webhooks/webhooks-service-42
Burp Pro PenTestPenTest
triaged
7.4
154d / 7d SLA
critical
SSRF in webhook fetcher
fnd_432·profile-svc/profile-svc-lambda-69
TrivyContainer
triaged
5.3
23d / 7d SLA
critical
Log4Shell vulnerable dependency
fnd_433CVE-2024-30424·tax-svc/tax-svc-s3-bucket-88
DependabotSCA
open
9.6
146d / 7d SLA
high
JWT signed with weak HS256 secret
fnd_434·api-gateway/api-gateway-service-65
Contrast RASPRASP
open
4.6
62d / 14d SLA
high
Insecure deserialization in message queue consumer
fnd_438CVE-2021-35344·subscriptions/subscriptions-iam-role-37
CheckmarxSAST
triaged
9.6
69d / 14d SLA
high
SQL Injection in user-input handler
fnd_441CVE-2025-41819·cart-web/cart-web-lambda-84
SemgrepSAST
open
8.5
11d / 14d SLA
critical
Cross-site Scripting in profile renderer
fnd_446·inventory-svc/inventory-svc-service-10
Burp Pro PenTestPenTest
triaged
5.2
86d / 7d SLA
high
Missing rate limiting on /login
fnd_447·profile-svc/profile-svc-lambda-81
CodeQLSAST
triaged
4.4
8d / 14d SLA
high
JWT signed with weak HS256 secret
fnd_448·tax-svc/tax-svc-vm-69
SnykSCA
open
4.5
156d / 14d SLA
critical
IAM role with wildcard permissions
fnd_450·user-svc/user-svc-load-balancer-89
TruffleHogSecrets
open
9.1
171d / 7d SLA
critical
SSRF in webhook fetcher
fnd_454·fraud-engine/fraud-engine-lambda-12
TrivyContainer
triaged
6.8
140d / 7d SLA
high
Path traversal in file download endpoint
fnd_469·api-gateway/api-gateway-k8s-cluster-58
WizCSPM
triaged
5.9
80d / 14d SLA
critical
Missing CSP header on auth pages
fnd_473CVE-2021-42343·support-portal/support-portal-service-79
Scout SuiteCSPM
open
8.2
110d / 7d SLA
high
Excessive Kubernetes RBAC privileges
fnd_486·billing-svc/billing-svc-container-9
DependabotSCA
triaged
7.6
38d / 14d SLA
critical
Excessive Kubernetes RBAC privileges
fnd_496CVE-2023-13186·payments-core/payments-core-k8s-cluster-46
CheckmarxSAST
triaged
9.2
53d / 7d SLA
critical
Insecure deserialization in message queue consumer
fnd_501CVE-2024-41995·user-svc/user-svc-load-balancer-89
ProwlerCSPM
open
8.2
156d / 7d SLA
high
Race condition in payment idempotency
fnd_502·wallet/wallet-rds-89
Burp SuiteDAST
triaged
8.9
60d / 14d SLA
high
Excessive Kubernetes RBAC privileges
fnd_506·inventory-svc/inventory-svc-service-25
tfsecIaC
open
5.8
30d / 14d SLA
high
Path traversal in file download endpoint
fnd_510·marketing-site/marketing-site-iam-role-57
OWASP ZAPDAST
open
6
164d / 14d SLA
high
Missing CSP header on auth pages
fnd_527·user-svc/user-svc-lambda-60
tfsecIaC
open
4.4
15d / 14d SLA
high
Log4Shell vulnerable dependency
fnd_529CVE-2020-22007·orders-api/orders-api-lambda-7
Scout SuiteCSPM
open
9.9
23d / 14d SLA
high
Dependency confusion risk on internal package
fnd_530CVE-2023-19230·billing-svc/billing-svc-container-9
TrivyContainer
open
8.9
109d / 14d SLA
high
Race condition in payment idempotency
fnd_533CVE-2024-10015·profile-svc/profile-svc-container-5
Scout SuiteCSPM
triaged
5.8
82d / 14d SLA
high
Excessive Kubernetes RBAC privileges
fnd_538·cart-web/cart-web-s3-bucket-89
ProwlerCSPM
open
10
138d / 14d SLA
high
SQL Injection in user-input handler
fnd_541CVE-2022-16976·marketing-site/marketing-site-vm-99
SemgrepSAST
triaged
8.2
86d / 14d SLA
high
IAM role with wildcard permissions
fnd_550CVE-2022-3978·payments-core/payments-core-vm-69
Burp Pro PenTestPenTest
open
6.1
53d / 14d SLA
high
Open Redis without auth
fnd_559·wallet/wallet-rds-89
GrypeContainer
open
6.2
153d / 14d SLA
high
SQL Injection in user-input handler
fnd_560CVE-2025-13671·auth-service/auth-service-s3-bucket-40
GrypeContainer
open
8.9
12d / 14d SLA
high
Dependency confusion risk on internal package
fnd_563CVE-2024-34021·webhooks/webhooks-service-42
OWASP ZAPDAST
open
8
118d / 14d SLA
high
Missing rate limiting on /login
fnd_569CVE-2023-37366·billing-svc/billing-svc-service-12
Burp SuiteDAST
triaged
5.6
85d / 14d SLA
high
SSRF in webhook fetcher
fnd_570CVE-2023-16830·payments-core/payments-core-k8s-cluster-78
Cloudflare WAFWAF
triaged
4
79d / 14d SLA
high
Hardcoded AWS access key in source
fnd_588CVE-2024-29246·payments-core/payments-core-k8s-cluster-46
GitleaksSecrets
open
6.3
118d / 14d SLA
high
Unencrypted RDS snapshot
fnd_600·fraud-engine/fraud-engine-iam-role-68
SonarQubeSAST
triaged
6
151d / 14d SLA
high
Path traversal in file download endpoint
fnd_613CVE-2025-7213·vault/vault-k8s-cluster-39
CheckmarxSAST
open
9.8
174d / 14d SLA
high
Path traversal in file download endpoint
fnd_614·cart-web/cart-web-container-43
CheckmarxSAST
open
9.8
148d / 14d SLA
high
Race condition in payment idempotency
fnd_615CVE-2024-25712·api-gateway/api-gateway-k8s-cluster-58
Contrast RASPRASP
open
9.7
113d / 14d SLA
high
Cross-site Scripting in profile renderer
fnd_616CVE-2022-4306·subscriptions/subscriptions-lambda-16
SnykSCA
triaged
6.1
20d / 14d SLA
critical
JWT signed with weak HS256 secret
fnd_621CVE-2024-27415·analytics-pipeline/analytics-pipeline-lambda-92
GitleaksSecrets
open
5.6
25d / 7d SLA
critical
Race condition in payment idempotency
fnd_623·inventory-svc/inventory-svc-service-10
Burp Pro PenTestPenTest
open
9.7
139d / 7d SLA
high
JWT signed with weak HS256 secret
fnd_627CVE-2024-7077·webhooks/webhooks-service-42
ProwlerCSPM
triaged
9.6
172d / 14d SLA
high
Hardcoded AWS access key in source
fnd_649CVE-2023-37784·analytics-pipeline/analytics-pipeline-load-balancer-33
DependabotSCA
open
9.9
34d / 14d SLA
critical
JWT signed with weak HS256 secret
fnd_650CVE-2024-18047·billing-svc/billing-svc-k8s-cluster-33
Contrast RASPRASP
open
9.2
38d / 7d SLA
high
Open Redis without auth
fnd_653CVE-2021-20848·payments-core/payments-core-k8s-cluster-17
SonarQubeSAST
open
7.9
9d / 14d SLA
high
Unencrypted RDS snapshot
fnd_656CVE-2024-34346·shipping-svc/shipping-svc-s3-bucket-69
OWASP ZAPDAST
open
8.2
56d / 14d SLA
critical
Path traversal in file download endpoint
fnd_663·notifications/notifications-container-62
OWASP ZAPDAST
open
6.3
139d / 7d SLA
high
Outdated lodash with prototype pollution
fnd_666·fraud-engine/fraud-engine-vm-75
GrypeContainer
triaged
8.7
0d / 14d SLA
critical
IAM role with wildcard permissions
fnd_669·vault/vault-vm-44
Burp Pro PenTestPenTest
open
8.5
86d / 7d SLA
high
Race condition in payment idempotency
fnd_674·subscriptions/subscriptions-vm-17
Cloudflare WAFWAF
open
8.5
91d / 14d SLA
high
Hardcoded AWS access key in source
fnd_676·search-api/search-api-k8s-cluster-2
tfsecIaC
open
7.4
146d / 14d SLA
critical
SSRF in webhook fetcher
fnd_677·billing-svc/billing-svc-vm-66
ProwlerCSPM
triaged
5
145d / 7d SLA
high
Race condition in payment idempotency
fnd_687·profile-svc/profile-svc-s3-bucket-53
TruffleHogSecrets
open
4.3
49d / 14d SLA
high
SQL Injection in user-input handler
fnd_698·auth-service/auth-service-lambda-19
SemgrepSAST
triaged
5.8
47d / 14d SLA
critical
Unencrypted RDS snapshot
fnd_715·support-portal/support-portal-service-79
SemgrepSAST
open
8.7
135d / 7d SLA
high
Insecure deserialization in message queue consumer
fnd_716·vault/vault-k8s-cluster-37
TrivyContainer
open
4.3
76d / 14d SLA
critical
Outdated lodash with prototype pollution
fnd_722CVE-2021-10497·cart-web/cart-web-lambda-84
SemgrepSAST
open
7.5
54d / 7d SLA
high
IAM role with wildcard permissions
fnd_728CVE-2020-18294·auth-service/auth-service-container-50
CodeQLSAST
open
9.4
33d / 14d SLA
high
Cross-site Scripting in profile renderer
fnd_735·shipping-svc/shipping-svc-service-95
CodeQLSAST
open
6.2
122d / 14d SLA
high
Race condition in payment idempotency
fnd_739CVE-2020-43635·orders-api/orders-api-lambda-7
Burp SuiteDAST
open
5.7
3d / 14d SLA
high
Log4Shell vulnerable dependency
fnd_743CVE-2020-17513·search-api/search-api-k8s-cluster-2
Contrast RASPRASP
triaged
4.2
164d / 14d SLA
high
S3 bucket publicly readable
fnd_748·payments-core/payments-core-service-36
CheckmarxSAST
open
9.3
150d / 14d SLA
high
Outdated lodash with prototype pollution
fnd_749CVE-2022-37556·profile-svc/profile-svc-k8s-cluster-88
Cloudflare WAFWAF
open
4.2
112d / 14d SLA
high
S3 bucket publicly readable
fnd_753·cart-web/cart-web-rds-9
Contrast RASPRASP
triaged
7.6
151d / 14d SLA
high
Log4Shell vulnerable dependency
fnd_757CVE-2023-32433·notifications/notifications-container-62
SnykSCA
open
7.7
70d / 14d SLA
high
Open Redis without auth
fnd_759·webhooks/webhooks-service-42
Contrast RASPRASP
open
4.2
149d / 14d SLA
high
Open Redis without auth
fnd_761CVE-2021-17570·wallet/wallet-iam-role-69
GitleaksSecrets
triaged
5.7
94d / 14d SLA
high
Hardcoded AWS access key in source
fnd_764CVE-2022-9059·notifications/notifications-service-26
CheckovIaC
triaged
4.7
103d / 14d SLA
high
Outdated lodash with prototype pollution
fnd_770·fraud-engine/fraud-engine-lambda-77
SonarQubeSAST
open
4.6
144d / 14d SLA
high
SSRF in webhook fetcher
fnd_778·vault/vault-vm-44
GrypeContainer
triaged
7
161d / 14d SLA
high
Excessive Kubernetes RBAC privileges
fnd_779CVE-2020-20971·fraud-engine/fraud-engine-lambda-12
CodeQLSAST
open
5
6d / 14d SLA
high
Cross-site Scripting in profile renderer
fnd_785CVE-2025-26330·search-api/search-api-iam-role-88
OWASP ZAPDAST
open
6.5
48d / 14d SLA
high
Hardcoded AWS access key in source
fnd_787·ledger/ledger-rds-35
ProwlerCSPM
open
6.2
103d / 14d SLA
high
S3 bucket publicly readable
fnd_792CVE-2020-4091·profile-svc/profile-svc-iam-role-35
ProwlerCSPM
open
8.9
104d / 14d SLA
high
Path traversal in file download endpoint
fnd_795CVE-2022-37934·vault/vault-lambda-45
SnykSCA
open
4.5
169d / 14d SLA
high
SQL Injection in user-input handler
fnd_810·cart-web/cart-web-lambda-84
DependabotSCA
triaged
7.5
177d / 14d SLA
high
Unencrypted RDS snapshot
fnd_821CVE-2021-33420·tax-svc/tax-svc-s3-bucket-88
SemgrepSAST
open
7.8
165d / 14d SLA
high
Race condition in payment idempotency
fnd_829CVE-2021-7744·notifications/notifications-container-62
WizCSPM
triaged
9.7
158d / 14d SLA
high
IAM role with wildcard permissions
fnd_847·subscriptions/subscriptions-iam-role-37
TrivyContainer
open
10
132d / 14d SLA
high
IAM role with wildcard permissions
fnd_851CVE-2021-11498·profile-svc/profile-svc-lambda-69
OWASP ZAPDAST
open
9.8
88d / 14d SLA
high
Container running as root
fnd_858CVE-2024-14575·billing-svc/billing-svc-lambda-16
SonarQubeSAST
open
8.4
158d / 14d SLA
high
Cross-site Scripting in profile renderer
fnd_860·auth-service/auth-service-s3-bucket-40
CheckmarxSAST
triaged
6.4
59d / 14d SLA
critical
JWT signed with weak HS256 secret
fnd_873CVE-2020-44591·vault/vault-vm-92
CheckovIaC
open
8.6
93d / 7d SLA
high
Hardcoded AWS access key in source
fnd_880CVE-2024-42629·subscriptions/subscriptions-container-79
GrypeContainer
triaged
5.4
130d / 14d SLA
high
Missing CSP header on auth pages
fnd_881·ledger/ledger-load-balancer-63
Burp Pro PenTestPenTest
triaged
8.2
60d / 14d SLA
high
SSRF in webhook fetcher
fnd_882·vault/vault-k8s-cluster-39
CheckovIaC
open
8.6
65d / 14d SLA
high
Outdated lodash with prototype pollution
fnd_885·vault/vault-service-3
ProwlerCSPM
triaged
10
8d / 14d SLA
high
Path traversal in file download endpoint
fnd_907·cart-web/cart-web-container-43
SemgrepSAST
open
9.1
91d / 14d SLA
critical
Log4Shell vulnerable dependency
fnd_908·shipping-svc/shipping-svc-s3-bucket-69
CheckmarxSAST
open
9.9
64d / 7d SLA
critical
Container running as root
fnd_913·wallet/wallet-s3-bucket-2
CodeQLSAST
open
9.8
135d / 7d SLA
high
Hardcoded AWS access key in source
fnd_918CVE-2020-47418·user-svc/user-svc-load-balancer-37
Cloudflare WAFWAF
open
9.6
41d / 14d SLA
high
Excessive Kubernetes RBAC privileges
fnd_934·billing-svc/billing-svc-container-9
DependabotSCA
triaged
6.4
92d / 14d SLA
high
Dependency confusion risk on internal package
fnd_942·marketing-site/marketing-site-iam-role-57
tfsecIaC
open
9.2
65d / 14d SLA
critical
S3 bucket publicly readable
fnd_951CVE-2022-10633·api-gateway/api-gateway-service-65
Contrast RASPRASP
triaged
6.3
23d / 7d SLA
high
Hardcoded AWS access key in source
fnd_952CVE-2025-36715·recs-engine/recs-engine-k8s-cluster-51
SnykSCA
open
7.8
48d / 14d SLA
high
S3 bucket publicly readable
fnd_956·orders-api/orders-api-lambda-7
SonarQubeSAST
triaged
6.8
62d / 14d SLA
high
Missing rate limiting on /login
fnd_957CVE-2025-1851·marketing-site/marketing-site-k8s-cluster-19
DependabotSCA
triaged
6.3
82d / 14d SLA
high
Path traversal in file download endpoint
fnd_959·fraud-engine/fraud-engine-vm-75
CheckovIaC
open
9.8
163d / 14d SLA
critical
S3 bucket publicly readable
fnd_962·search-api/search-api-iam-role-88
GrypeContainer
triaged
4.9
100d / 7d SLA
high
Dependency confusion risk on internal package
fnd_967·vault/vault-service-3
Burp SuiteDAST
open
8.9
122d / 14d SLA
high
Unencrypted RDS snapshot
fnd_968·profile-svc/profile-svc-lambda-81
CheckovIaC
triaged
5.3
86d / 14d SLA
critical
Dependency confusion risk on internal package
fnd_970·support-portal/support-portal-s3-bucket-44
CheckmarxSAST
open
4.5
41d / 7d SLA
high
Open Redis without auth
fnd_975CVE-2024-9354·user-svc/user-svc-iam-role-10
Cloudflare WAFWAF
triaged
7.3
159d / 14d SLA
high
Insecure deserialization in message queue consumer
fnd_976CVE-2020-21798·vault/vault-rds-36
Burp Pro PenTestPenTest
triaged
4.1
71d / 14d SLA
high
Cross-site Scripting in profile renderer
fnd_977·checkout-api/checkout-api-vm-21
TruffleHogSecrets
open
5.3
170d / 14d SLA
high
Race condition in payment idempotency
fnd_978·auth-service/auth-service-container-50
tfsecIaC
open
5.3
149d / 14d SLA
high
Hardcoded AWS access key in source
fnd_985CVE-2022-30098·payments-core/payments-core-service-36
GitleaksSecrets
triaged
9.1
2d / 14d SLA
critical
IAM role with wildcard permissions
fnd_992CVE-2020-39709·subscriptions/subscriptions-container-79
CheckmarxSAST
triaged
6.4
62d / 7d SLA
high
Container running as root
fnd_1000·recs-engine/recs-engine-k8s-cluster-51
OWASP ZAPDAST
open
7.4
173d / 14d SLA
high
JWT signed with weak HS256 secret
fnd_1004·search-api/search-api-iam-role-88
ProwlerCSPM
open
5.8
7d / 14d SLA