diff --git a/alerttags/hipaa/index.xml b/alerttags/hipaa/index.xml
index 541fc8b907..6507dd7c6d 100644
--- a/alerttags/hipaa/index.xml
+++ b/alerttags/hipaa/index.xml
@@ -77,6 +77,13 @@
/docs/alerts/20019-4/<p>URL redirectors represent common functionality employed by web sites to forward an incoming request to an alternate resource. This can be done for a variety of reasons and is often done to allow resources to be moved within the directory structure and to avoid breaking functionality for users that request the resource at its previous location. URL redirectors may also be used to implement load balancing, leveraging abbreviated URLs or recording outgoing links. It is this last implementation which is often used in phishing attacks as described in the example below. URL redirectors do not necessarily represent a direct security vulnerability but can be abused by attackers trying to social engineer victims into believing that they are navigating to a site other than the true destination.</p>
+
+ LDAP Injection
+ /docs/alerts/40015/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40015/
+ <p>LDAP Injection may be possible. It may be possible for an attacker to bypass authentication controls, and to view and modify arbitrary data in the LDAP directory.</p>
+ Log4Shell (CVE-2021-44228)
/docs/alerts/40043-1/
@@ -91,6 +98,20 @@
/docs/alerts/40043-2/<p>It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allow attackers to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments.</p>
+
+ NoSQL Injection - MongoDB
+ /docs/alerts/40033/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40033/
+ <p>MongoDB query injection may be possible.</p>
+
+
+ NoSQL Injection - MongoDB (Time Based)
+ /docs/alerts/90039/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90039/
+ <p>MongoDB query injection may be possible.</p>
+ Out of Band XSS
/docs/alerts/40031/
@@ -231,6 +252,13 @@
/docs/alerts/40047/<p>Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults.Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded.The application has been shown to initial contact with remote servers via variable interpolation and may well be vulnerable to Remote Code Execution (RCE).</p>
+
+ Web Cache Deception
+ /docs/alerts/40039/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40039/
+ <p>Web cache deception may be possible. It may be possible for unauthorised user to view sensitive data on this page.</p>
+ XML External Entity Attack
/docs/alerts/90023/
diff --git a/alerttags/pci_dss/index.html b/alerttags/pci_dss/index.html
index 7dd290ca69..31677c57a7 100644
--- a/alerttags/pci_dss/index.html
+++ b/alerttags/pci_dss/index.html
@@ -187,6 +187,12 @@
diff --git a/alerttags/pci_dss/index.xml b/alerttags/pci_dss/index.xml
index 5fa7b1f1dd..f06352dd56 100644
--- a/alerttags/pci_dss/index.xml
+++ b/alerttags/pci_dss/index.xml
@@ -56,6 +56,13 @@
/docs/alerts/90025/<p>The software constructs all or part of an expression language (EL) statement in a Java Server Page (JSP) using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended EL statement before it is executed. In certain versions of Spring 3.0.5 and earlier, there was a vulnerability (CVE-2011-2730) in which Expression Language tags would be evaluated twice, which effectively exposed any application to EL injection. However, even for later versions, this weakness is still possible depending on configuration.</p>
+
+ LDAP Injection
+ /docs/alerts/40015/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40015/
+ <p>LDAP Injection may be possible. It may be possible for an attacker to bypass authentication controls, and to view and modify arbitrary data in the LDAP directory.</p>
+ Log4Shell (CVE-2021-44228)
/docs/alerts/40043-1/
@@ -70,6 +77,20 @@
/docs/alerts/40043-2/<p>It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allow attackers to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments.</p>
+
+ NoSQL Injection - MongoDB
+ /docs/alerts/40033/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40033/
+ <p>MongoDB query injection may be possible.</p>
+
+
+ NoSQL Injection - MongoDB (Time Based)
+ /docs/alerts/90039/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/90039/
+ <p>MongoDB query injection may be possible.</p>
+ Out of Band XSS
/docs/alerts/40031/
@@ -210,6 +231,13 @@
/docs/alerts/40047/<p>Apache Commons Text prior to 1.10.0 allows RCE when applied to untrusted input due to insecure interpolation defaults.Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded.The application has been shown to initial contact with remote servers via variable interpolation and may well be vulnerable to Remote Code Execution (RCE).</p>
+
+ Web Cache Deception
+ /docs/alerts/40039/
+ Mon, 01 Jan 0001 00:00:00 +0000
+ /docs/alerts/40039/
+ <p>Web cache deception may be possible. It may be possible for unauthorised user to view sensitive data on this page.</p>
+ XML External Entity Attack
/docs/alerts/90023/
diff --git a/docs/alerts/40015/index.html b/docs/alerts/40015/index.html
index 701363f05c..ba57f2d6eb 100644
--- a/docs/alerts/40015/index.html
+++ b/docs/alerts/40015/index.html
@@ -190,10 +190,14 @@