Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Web Application Vulnerabilities

This page lists 24342 vulnerabilities in 62 categories.

Critical: 1593 High: 13071 Medium: 8734 Low: 875 Information: 69
Vulnerability Name
CVE
CWE
Severity
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1963)
CVE-2013-1963
CWE-264
Medium
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2043)
CVE-2013-2043
CWE-264
Medium
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2047)
CVE-2013-2047
CWE-264
Low
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2048)
CVE-2013-2048
CWE-264
Medium
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-6403)
CVE-2013-6403
CWE-264
Medium
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-2049)
CVE-2014-2049
CWE-264
Medium
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3834)
CVE-2014-3834
CWE-264
High
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3835)
CVE-2014-3835
CWE-264
Medium
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3837)
CVE-2014-3837
CWE-264
Medium
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3838)
CVE-2014-3838
CWE-264
Medium
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3963)
CVE-2014-3963
CWE-264
Medium
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-9048)
CVE-2014-9048
CWE-264
Medium
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-5876)
CVE-2016-5876
CWE-264
Medium
OwnCloud phpinfo Information Disclosure (CVE-2023-49103)
CVE-2023-49103
CWE-200
Critical
ownCloud Resource Management Errors Vulnerability (CVE-2015-4717)
CVE-2015-4717
-
High
ownCloud Resource Management Errors Vulnerability (CVE-2015-6500)
CVE-2015-6500
-
High
ownCloud Server-Side Request Forgery (SSRF) Vulnerability (CVE-2020-10252)
CVE-2020-10252
CWE-918
High
ownCloud Session Fixation Vulnerability (CVE-2021-35948)
CVE-2021-35948
CWE-384
Medium
ownCloud Uncontrolled Resource Consumption Vulnerability (CVE-2017-5867)
CVE-2017-5867
CWE-400
Medium
Padding oracle attack
-
CWE-209
High
Palo Alto PAN-OS Management Interface Auth Bypass (CVE-2024-0012/CVE-2024-9474)
CVE-2024-9474
CWE-306
Critical
PaloAlto Networks Expedition RCE (CVE-2024-9463)
CVE-2024-9465
CWE-918
Critical
PAN-OS GlobalProtect XSS (CVE-2025-0133)
CVE-2025-0133
CWE-79
Medium
PAN-OS Management Interface Authentication Bypass (CVE-2025-0108)
CVE-2025-0108
CWE-287
Critical
Paperclip gem SSRF (Server side request forgery)
CVE-2017-0889
CWE-918
High
PaperCut NG/MF Path Traversal (CVE-2023-39143)
CVE-2023-39143
CWE-22
Critical
Parallels Plesk SQL injection vulnerability
CVE-2012-1557
CWE-89
High
Parallels Plesk SSO XML External Entity and Cross-site scripting
-
CWE-611
High
Passive Mixed Content over HTTPS
-
CWE-1428
Low
Password found in server response
-
CWE-312
Medium
Password transmitted over HTTP
-
CWE-523
Medium
Path Traversal in Next.js up to 9.3.1
CVE-2020-5284
CWE-22
Medium
Path Traversal in Oracle GlassFish server open source edition
-
CWE-22
High
Path traversal via misconfigured NGINX alias
-
CWE-22
High
Payara Files or Directories Accessible to External Parties Vulnerability (CVE-2022-45129)
CVE-2022-45129
CWE-552
High
Payara Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-37422)
CVE-2022-37422
CWE-22
High
Payara Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-8215)
CVE-2024-8215
CWE-707
High
Payara Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-1534)
CVE-2025-1534
CWE-707
Medium
Payara Micro File Read (CVE-2021-41381)
CVE-2021-41381
CWE-22
Medium
Payara URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2023-41699)
CVE-2023-41699
CWE-601
Medium
Payara URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2024-7312)
CVE-2024-7312
CWE-601
Medium
Pega Infinity Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-9559)
CVE-2025-9559
CWE-639
Medium
Pega Infinity Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-35656)
CVE-2022-35656
CWE-352
Medium
Pega Infinity CVE-2021-27653 Vulnerability (CVE-2021-27653)
CVE-2021-27653
-
Medium
Pega Infinity Deserialization of Untrusted Data Vulnerability (CVE-2022-24082)
CVE-2022-24082
CWE-502
Critical
Pega Infinity Direct Request ('Forced Browsing') Vulnerability (CVE-2019-16386)
CVE-2019-16386
CWE-425
Medium
Pega Infinity Direct Request ('Forced Browsing') Vulnerability (CVE-2019-16388)
CVE-2019-16388
CWE-425
Medium
Pega Infinity Exposure of Resource to Wrong Sphere Vulnerability (CVE-2019-16387)
CVE-2019-16387
CWE-668
High
Pega Infinity Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-11356)
CVE-2017-11356
CWE-200
Medium
Pega Infinity Improper Authentication Vulnerability (CVE-2021-27651)
CVE-2021-27651
CWE-287
Critical
Pega Infinity Improper Authentication Vulnerability (CVE-2023-32090)
CVE-2023-32090
CWE-287
Critical
Pega Infinity Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-10094)
CVE-2024-10094
CWE-94
Critical
Pega Infinity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-11355)
CVE-2017-11355
CWE-707
Medium
Pega Infinity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-17478)
CVE-2017-17478
CWE-707
Medium
Pega Infinity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-23957)
CVE-2020-23957
CWE-707
Medium
Pega Infinity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-24353)
CVE-2020-24353
CWE-707
Medium
Pega Infinity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-8774)
CVE-2020-8774
CWE-707
High
Pega Infinity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-35654)
CVE-2022-35654
CWE-707
Medium
Pega Infinity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-35655)
CVE-2022-35655
CWE-707
Medium
Pega Infinity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-26465)
CVE-2023-26465
CWE-707
Medium
Pega Infinity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-4843)
CVE-2023-4843
CWE-707
Medium
Pega Infinity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-50167)
CVE-2023-50167
CWE-707
Medium
Pega Infinity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-10716)
CVE-2024-10716
CWE-707
Medium
Pega Infinity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-6700)
CVE-2024-6700
CWE-707
Medium
Pega Infinity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-6701)
CVE-2024-6701
CWE-707
Medium
Pega Infinity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-6702)
CVE-2024-6702
CWE-707
Medium
Pega Infinity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-62184)
CVE-2025-62184
CWE-707
Low
Pega Infinity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-1711)
CVE-2026-1711
CWE-707
Medium
Pega Infinity Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) Vulnerability (CVE-2026-1564)
CVE-2026-1564
CWE-707
Medium
Pega Infinity Improper Privilege Management Vulnerability (CVE-2020-15390)
CVE-2020-15390
CWE-269
Critical
Pega Infinity Improper Restriction of XML External Entity Reference Vulnerability (CVE-2023-50168)
CVE-2023-50168
CWE-611
High
Pega Infinity Other Vulnerability (CVE-2022-24083)
CVE-2022-24083
-
Critical
Pega Infinity Other Vulnerability (CVE-2023-28094)
CVE-2023-28094
-
Critical
Pega Infinity Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2021-27654)
CVE-2021-27654
CWE-640
High
Pentaho API Auth bypass (CVE-2021-31602)
CVE-2021-31602
CWE-863
High