Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

Web Application Vulnerabilities

This page lists 23441 vulnerabilities in 68 categories.

Critical: 1499 High: 12791 Medium: 8230 Low: 857 Information: 64
Vulnerability Name
CVE
CWE
Severity
(Possible) Cross site scripting
-
CWE-79
Information
.htaccess File Detected
-
CWE-443
Information
.NET HTTP Remoting publicly exposed
-
CWE-502
High
.NET JSON.NET Deserialization RCE
-
CWE-502
High
AbanteCart Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2025-50971)
CVE-2025-50971
CWE-22
High
AbanteCart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-20141)
CVE-2018-20141
CWE-707
Medium
AbanteCart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-42050)
CVE-2021-42050
CWE-707
Medium
AbanteCart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-42051)
CVE-2021-42051
CWE-707
Medium
AbanteCart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-10755)
CVE-2016-10755
CWE-138
High
AbanteCart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-50801)
CVE-2024-50801
CWE-138
Medium
AbanteCart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-50802)
CVE-2024-50802
CWE-138
Medium
AbanteCart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-50972)
CVE-2025-50972
CWE-138
Critical
AbanteCart Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-26521)
CVE-2022-26521
CWE-434
High
Access-Control-Allow-Origin header with wildcard (*) value
-
CWE-284
Information
ACME mini_httpd arbitrary file read
CVE-2018-18778
CWE-23
High
Active Mixed Content over HTTPS
-
CWE-284
Medium
ActiveMQ OpenWire RCE (CVE-2023-46604)
CVE-2023-46604
CWE-502
Critical
Adminer 4.6.2 file disclosure vulnerability
-
CWE-22
High
Adminer Server Side Request Forgery (SSRF)
CVE-2021-21311
CWE-918
Medium
Adobe Coldfusion 8 multiple linked XSS vulnerabilies
CVE-2009-1872
CWE-79
High
Adobe ColdFusion 9 administrative login bypass
CVE-2013-0632
CWE-287
High
Adobe ColdFusion directory traversal
CVE-2013-3336
CWE-22
High
Adobe Commerce/Magento "CosmicSting" XXE (CVE-2024-34102)
CVE-2024-34102
CWE-611
Critical
Adobe Experience Manager Information Disclosure via Apache Sling v2.3.6 vulnerability
CVE-2016-0956
CWE-668
Medium
Adobe Experience Manager Misconfiguration
CVE-2016-0957
CWE-693
High
Adobe Flex 3 DOM-based XSS vulnerability
CVE-2008-2640
CWE-79
High
Agentejo Cockpit CMS resetpassword NoSQLi (CVE-2020-35847)
CVE-2020-35847
CWE-89
High
AjaxControlToolkit directory traversal
CVE-2015-4670
CWE-434
High
AjaxPro.NET Professional Deserialization RCE (CVE-2021-23758)
CVE-2021-23758
CWE-502
High
Akeeba backup access control bypass
-
CWE-287
High
Alibaba Nacos Authentication Bypass (CVE-2021-29441)
CVE-2021-29441
CWE-287
High
Amazon S3 public bucket
-
CWE-264
Medium
Amazon S3 publicly writable bucket
-
CWE-264
High
Ampache Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-47828)
CVE-2024-47828
CWE-352
Medium
Ampache Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-51484)
CVE-2024-51484
CWE-352
High
Ampache Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-51485)
CVE-2024-51485
CWE-352
High
Ampache Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-51487)
CVE-2024-51487
CWE-352
High
Ampache Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-51488)
CVE-2024-51488
CWE-352
Medium
Ampache Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-51489)
CVE-2024-51489
CWE-352
Medium
Ampache Deserialization of Untrusted Data Vulnerability (CVE-2017-18375)
CVE-2017-18375
CWE-502
High
Ampache Improper Access Control Vulnerability (CVE-2021-21399)
CVE-2021-21399
CWE-284
High
Ampache Improper Authentication Vulnerability (CVE-2007-4438)
CVE-2007-4438
CWE-287
Medium
Ampache Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2008-3929)
CVE-2008-3929
CWE-59
High
Ampache Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-12386)
CVE-2019-12386
CWE-707
Medium
Ampache Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-32644)
CVE-2021-32644
CWE-707
Medium
Ampache Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-0606)
CVE-2023-0606
CWE-707
Medium
Ampache Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-28852)
CVE-2024-28852
CWE-707
Medium
Ampache Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-28853)
CVE-2024-28853
CWE-707
Medium
Ampache Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-41665)
CVE-2024-41665
CWE-707
Medium
Ampache Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-47184)
CVE-2024-47184
CWE-707
Medium
Ampache Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-51486)
CVE-2024-51486
CWE-707
High
Ampache Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-51490)
CVE-2024-51490
CWE-707
Critical
Ampache Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-12385)
CVE-2019-12385
CWE-138
High
Ampache Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-15153)
CVE-2020-15153
CWE-138
Critical
Ampache Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-0771)
CVE-2023-0771
CWE-138
High
Ampache Other Vulnerability (CVE-2006-5668)
CVE-2006-5668
-
High
Ampache Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-4665)
CVE-2022-4665
CWE-434
High
An Unsafe Content Security Policy (CSP) Directive in Use
-
CWE-16
Information
Angular Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-4231)
CVE-2021-4231
CWE-707
Medium
Angular Inefficient Regular Expression Complexity Vulnerability (CVE-2024-21490)
CVE-2024-21490
CWE-1333
High
AngularJS client-side template injection
-
CWE-79
High
AngularJS Improper Input Validation Vulnerability (CVE-2019-10768)
CVE-2019-10768
CWE-20
High
AngularJS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14863)
CVE-2019-14863
CWE-707
Medium
AngularJS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-7676)
CVE-2020-7676
CWE-707
Medium
AngularJS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-25869)
CVE-2022-25869
CWE-707
Medium
AngularJS Inefficient Regular Expression Complexity Vulnerability (CVE-2022-25844)
CVE-2022-25844
CWE-1333
High
AngularJS Inefficient Regular Expression Complexity Vulnerability (CVE-2023-26116)
CVE-2023-26116
CWE-1333
Medium
AngularJS Inefficient Regular Expression Complexity Vulnerability (CVE-2023-26117)
CVE-2023-26117
CWE-1333
Medium
AngularJS Inefficient Regular Expression Complexity Vulnerability (CVE-2023-26118)
CVE-2023-26118
CWE-1333
Medium
AngularJS Inefficient Regular Expression Complexity Vulnerability (CVE-2024-21490)
CVE-2024-21490
CWE-1333
High
AngularJS Other Vulnerability (CVE-2024-8372)
CVE-2024-8372
-
Medium
AngularJS Other Vulnerability (CVE-2024-8373)
CVE-2024-8373
-
Medium
Apache ActiveMQ default administrative credentials
-
-
High
Apache Airflow default credentials
-
CWE-798
High
Apache Airflow Experimental API Auth Bypass CVE-2020-13927
CVE-2020-13927
CWE-200
High