Platform
Solutions
Pricing
Why Invicti
Resources Library
Get a demo
Home
/
Web Application Vulnerabilities
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
Web Application Vulnerabilities
This page lists
23441 vulnerabilities
in
68 categories
.
Critical: 1499
High: 12791
Medium: 8230
Low: 857
Information: 64
Vulnerability Name
CVE
CWE
Severity
b2evolution Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-7352)
CVE-2013-7352
CWE-352
Medium
b2evolution Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3709)
CVE-2011-3709
CWE-200
Medium
b2evolution Improper Input Validation Vulnerability (CVE-2017-1000423)
CVE-2017-1000423
CWE-20
Critical
b2evolution Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-5480)
CVE-2017-5480
CWE-22
High
b2evolution Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-5539)
CVE-2017-5539
CWE-22
Critical
b2evolution Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-0175)
CVE-2007-0175
CWE-707
Medium
b2evolution Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-5911)
CVE-2012-5911
CWE-707
Medium
b2evolution Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-9599)
CVE-2014-9599
CWE-707
Medium
b2evolution Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-7149)
CVE-2016-7149
CWE-707
Medium
b2evolution Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-7150)
CVE-2016-7150
CWE-707
Medium
b2evolution Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-5494)
CVE-2017-5494
CWE-707
Medium
b2evolution Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-5553)
CVE-2017-5553
CWE-707
Medium
b2evolution Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-22841)
CVE-2020-22841
CWE-707
Medium
b2evolution Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2016-8901)
CVE-2016-8901
CWE-138
Critical
b2evolution Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2021-28242)
CVE-2021-28242
CWE-138
High
b2evolution Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-5910)
CVE-2012-5910
CWE-138
Medium
b2evolution Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-2945)
CVE-2013-2945
CWE-138
Medium
b2evolution Other Vulnerability (CVE-2006-6197)
CVE-2006-6197
-
Medium
b2evolution Other Vulnerability (CVE-2006-6417)
CVE-2006-6417
-
High
b2evolution Other Vulnerability (CVE-2007-2358)
CVE-2007-2358
-
High
b2evolution Other Vulnerability (CVE-2007-2681)
CVE-2007-2681
-
High
b2evolution URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-22840)
CVE-2020-22840
CWE-601
Medium
b2evolution Use of Insufficiently Random Values Vulnerability (CVE-2022-30935)
CVE-2022-30935
CWE-330
Critical
Backbone.js Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-10537)
CVE-2016-10537
CWE-707
Medium
Barracuda networks products multiple directory traversal vulnerabilities
-
CWE-22
High
Bash code injection vulnerability
CVE-2014-6271
CWE-78
Critical
Basic authentication over HTTP
-
CWE-522
High
Bazaar repository found
-
CWE-538
High
Beego Framework CVE-2021-30080 Vulnerability (CVE-2021-30080)
CVE-2021-30080
-
Critical
Beego Framework CVE-2022-31259 Vulnerability (CVE-2022-31259)
CVE-2022-31259
-
Critical
Beego Framework Improper Certificate Validation Vulnerability (CVE-2024-40464)
CVE-2024-40464
CWE-295
High
Beego Framework Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-31836)
CVE-2022-31836
CWE-22
Critical
Beego Framework Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2021-27116)
CVE-2021-27116
CWE-59
High
Beego Framework Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2021-27117)
CVE-2021-27117
CWE-59
High
Beego Framework Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-39391)
CVE-2021-39391
CWE-707
Medium
Beego Framework Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-30223)
CVE-2025-30223
CWE-707
Critical
Beego Framework Incorrect Default Permissions Vulnerability (CVE-2019-16355)
CVE-2019-16355
CWE-276
Medium
Beego Framework Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2019-16354)
CVE-2019-16354
CWE-732
Medium
Beego Framework Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2024-40465)
CVE-2024-40465
CWE-327
High
Beego Framework Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2024-55885)
CVE-2024-55885
CWE-327
High
BeyondTrust Secure Remote Access Base XSS (CVE-2021-31589)
CVE-2021-31589
CWE-79
Medium
BigIP iRule Tcl code injection
-
CWE-78
High
BillQuick Web Suite SQL injection (CVE-2021-42258)
CVE-2021-42258
CWE-89
High
Bitrix galleries_recalc.php XSS
-
CWE-601
Medium
Bitrix open redirect
-
CWE-601
Medium
Bitrix server test script publicly accessible
-
CWE-200
Medium
Blind XSS
-
CWE-80
High
Bonita Authorization Bypass (CVE-2022-25237)
CVE-2022-25237
CWE-863
High
Bootstrap Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-10735)
CVE-2016-10735
CWE-707
Medium
Bootstrap Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-14040)
CVE-2018-14040
CWE-707
Medium
Bootstrap Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-14041)
CVE-2018-14041
CWE-707
Medium
Bootstrap Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-14042)
CVE-2018-14042
CWE-707
Medium
Bootstrap Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-20676)
CVE-2018-20676
CWE-707
Medium
Bootstrap Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-20677)
CVE-2018-20677
CWE-707
Medium
Bootstrap Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8331)
CVE-2019-8331
CWE-707
Medium
Bootstrap Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-6484)
CVE-2024-6484
CWE-707
Medium
Bootstrap Select Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-20921)
CVE-2019-20921
CWE-707
Medium
Bootstrap Table Access of Resource Using Incompatible Type ('Type Confusion') Vulnerability (CVE-2021-23472)
CVE-2021-23472
CWE-843
Medium
Bootstrap Table Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-1726)
CVE-2022-1726
CWE-707
Medium
BottlePy weak secret key
-
CWE-693
High
Broken access control in Confluence Server and Data Center (CVE-2023-22515)
CVE-2023-22515
CWE-284
Critical
Broken Link Hijacking
-
CWE-610
Low
Broken Object Property Level Authorization (Mass Assignment)
-
CWE-285
High
BuddyPress REST API Privilege Escalation
CVE-2021-21389
CWE-269
High
Cacti Unauthenticated Command Injection (CVE-2022-46169)
CVE-2022-46169
CWE-77
Critical
Caddy Web Server Authentication Bypass by Spoofing Vulnerability (CVE-2023-50463)
CVE-2023-50463
CWE-290
Medium
Caddy Web Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-19148)
CVE-2018-19148
CWE-200
Low
Caddy Web Server Improper Authentication Vulnerability (CVE-2018-21246)
CVE-2018-21246
CWE-287
Critical
Caddy Web Server Out-of-bounds Read Vulnerability (CVE-2022-34037)
CVE-2022-34037
CWE-125
High
Caddy Web Server Uncontrolled Resource Consumption Vulnerability (CVE-2023-44487)
CVE-2023-44487
CWE-400
High
Caddy Web Server URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-28923)
CVE-2022-28923
CWE-601
Medium
Caddy Web Server URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-29718)
CVE-2022-29718
CWE-601
Medium
CakePHP 1.3.5 / 1.2.8 unserialize() vulnerability
CVE-2010-4335
CWE-20
High
CakePHP Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-8379)
CVE-2015-8379
CWE-352
High
CakePHP Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-15400)
CVE-2020-15400
CWE-352
Medium
«
1
...
15
16
17
...
313
»
