Category Types
Attack Vulnerabilities
Direct security threats that can be actively exploited by attackers. These represent code that allows unauthorized actions when malicious input is provided. Examples: SQL Injection, XSS, Command Injection, SSRF View all Attack Vulnerabilities →Compliance Issues
Security weaknesses, misconfigurations, and violations of security best practices. These may not be directly exploitable but weaken your security posture. Examples: Hardcoded Secrets, Weak Cryptography, Insecure Transport View all Compliance Issues →Severity Levels
Each issue is assigned a severity based on potential impact and exploitability:| Severity | Description | Response |
|---|---|---|
| Critical | Immediately exploitable, high impact | Fix immediately |
| High | Easily exploitable, significant impact | Fix soon |
| Medium | Exploitable with conditions, moderate impact | Plan to fix |
| Low | Difficult to exploit, limited impact | Fix when convenient |
| Informative | Best practice suggestion | Consider improving |
Attack Vulnerabilities Summary
| Category | Description | Typical Severity |
|---|---|---|
| SQL Injection | User input in SQL queries | Critical |
| XSS | Unsanitized output to browsers | High |
| Command Injection | User input in system commands | Critical |
| RCE | Remote code execution | Critical |
| SSRF | Server-side request forgery | High |
| Path Traversal | File access with user input | High |
| IDOR | Direct object reference | High |
| CSRF | Cross-site request forgery | Medium |
| XXE | XML external entity injection | High |
| Open Redirect | Redirect to untrusted URLs | Medium |
Compliance Issues Summary
| Category | Description | Typical Severity |
|---|---|---|
| Hardcoded Secrets | Credentials in source code | High |
| Weak Cryptography | Insecure algorithms | Medium |
| Weak Randomness | Predictable random values | Medium |
| Insecure Transport | Missing HTTPS/TLS | Medium |
| Information Disclosure | Sensitive data exposure | Medium |
| Misconfiguration | Insecure settings | Varies |
| Supply Chain Risk | Vulnerable dependencies | Varies |
Detection Confidence
Vidoc uses AI to validate findings, resulting in confidence levels:| Confidence | Meaning |
|---|---|
| Confirmed | AI validated the vulnerability exists |
| Likely | Strong indicators, needs manual review |
| Possible | Potential issue, investigate further |