Vidoc detects security vulnerabilities across two main categories: Attack Vulnerabilities and Compliance Issues.Documentation Index
Fetch the complete documentation index at: https://docs.vidocsecurity.com/llms.txt
Use this file to discover all available pages before exploring further.
Category Types
Attack Vulnerabilities
Direct security threats that can be actively exploited by attackers. These represent code that allows unauthorized actions when malicious input is provided. Examples: SQL Injection, XSS, Command Injection, SSRF View all Attack Vulnerabilities →Compliance Issues
Security weaknesses, misconfigurations, and violations of security best practices. These may not be directly exploitable but weaken your security posture. Examples: Hardcoded Secrets, Weak Cryptography, Insecure Transport View all Compliance Issues →Severity Levels
Each issue is assigned a severity based on potential impact and exploitability:| Severity | Description | Response |
|---|---|---|
| Critical | Immediately exploitable, high impact | Fix immediately |
| High | Easily exploitable, significant impact | Fix soon |
| Medium | Exploitable with conditions, moderate impact | Plan to fix |
| Low | Difficult to exploit, limited impact | Fix when convenient |
| Informative | Best practice suggestion | Consider improving |
Attack Vulnerabilities Summary
| Category | Description | Typical Severity |
|---|---|---|
| SQL Injection | User input in SQL queries | Critical |
| XSS | Unsanitized output to browsers | High |
| Command Injection | User input in system commands | Critical |
| RCE | Remote code execution | Critical |
| SSRF | Server-side request forgery | High |
| Path Traversal | File access with user input | High |
| IDOR | Direct object reference | High |
| CSRF | Cross-site request forgery | Medium |
| XXE | XML external entity injection | High |
| Open Redirect | Redirect to untrusted URLs | Medium |
Compliance Issues Summary
| Category | Description | Typical Severity |
|---|---|---|
| Hardcoded Secrets | Credentials in source code | High |
| Weak Cryptography | Insecure algorithms | Medium |
| Weak Randomness | Predictable random values | Medium |
| Insecure Transport | Missing HTTPS/TLS | Medium |
| Information Disclosure | Sensitive data exposure | Medium |
| Misconfiguration | Insecure settings | Varies |
| Supply Chain Risk | Vulnerable dependencies | Varies |
Detection Confidence
Vidoc uses AI to validate findings, resulting in confidence levels:| Confidence | Meaning |
|---|---|
| Confirmed | AI validated the vulnerability exists |
| Likely | Strong indicators, needs manual review |
| Possible | Potential issue, investigate further |
How Categories Are Assigned
Related Pages
Attack Vulnerabilities
Exploitable security threats
Compliance Issues
Security weaknesses
Issues
View findings in dashboard
How It Works
AI detection explained