Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Web Application Vulnerabilities

This page lists 24342 vulnerabilities in 62 categories.

Critical: 1593 High: 13071 Medium: 8734 Low: 875 Information: 69
Vulnerability Name
CVE
CWE
Severity
Question2Answer Improper Input Validation Vulnerability (CVE-2017-12775)
CVE-2017-12775
CWE-20
High
rack-mini-profiler environment variables disclosure
-
CWE-287
Medium
Railo administration panel cross-site scripting
-
CWE-80
High
Rails Asset Pipeline Directory Traversal Vulnerability
CVE-2018-3760
CWE-22
High
Rails controller possible sensitive information disclosure
-
CWE-200
Medium
Rails Devise authentication password reset
CVE-2013-0233
CWE-287
High
Rails mass assignment
-
CWE-915
High
Rails remote code execution using render :inline
CVE-2016-2098
CWE-94
High
Ramda Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2021-42581)
CVE-2021-42581
CWE-1321
Critical
RCE in Ivanti Connect Secure and Policy Secure (CVE-2024-21887)
CVE-2024-21887
CWE-77
Critical
RCE in SQL Server Reporting Services (SSRS)
CVE-2020-0618
CWE-78
High
RCE with Spring Data Commons
CVE-2018-1273
CWE-94
High
Reachable SharePoint interface
-
CWE-200
High
React CVE-2025-55183 Vulnerability (CVE-2025-55183)
CVE-2025-55183
-
Medium
React Deserialization of Untrusted Data Vulnerability (CVE-2025-55182)
CVE-2025-55182
CWE-502
Critical
React Deserialization of Untrusted Data Vulnerability (CVE-2025-55184)
CVE-2025-55184
CWE-502
High
React Deserialization of Untrusted Data Vulnerability (CVE-2025-67779)
CVE-2025-67779
CWE-502
High
React Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-6341)
CVE-2018-6341
CWE-707
Medium
React Uncontrolled Resource Consumption Vulnerability (CVE-2026-23864)
CVE-2026-23864
CWE-400
High
Redis Unauthorized Access Vulnerability
-
CWE-200
Medium
Reflected Cross-Site Scripting (XSS) vulnerability in PAN-OS management web interface
CVE-2020-2036
CWE-79
High
Rejetto HTTP File Server SSTI RCE (CVE-2024-23692)
CVE-2024-23692
CWE-1336
Critical
Remote Code Execution (RCE) in Spring Security OAuth
CVE-2016-4977
CWE-94
High
Remote Code Execution (Spring4Shell)
CVE-2022-22965
CWE-94
Critical
Remote code execution in bootstrap-sass 3.2.0.3
CVE-2019-10842
CWE-95
High
Remote code execution of user-provided local names in Rails
CVE-2020-8163
CWE-94
High
Remote code execution vulnerability in WordPress Duplicator
-
CWE-98
High
Remote File Inclusion
-
CWE-98
Critical
Remote File Inclusion (admin/lang.php) (CMS Made Simple)
CVE-2005-2846
-
High
Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (CVE-2024-6387)
CVE-2024-6387
CWE-362
High
Request Smuggling
-
CWE-444
High
Resin Application Server Improper Input Validation Vulnerability (CVE-2012-2965)
CVE-2012-2965
CWE-20
High
Resin Application Server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2012-2968)
CVE-2012-2968
CWE-22
Medium
Resin Application Server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-44138)
CVE-2021-44138
CWE-22
High
Resin Application Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-2462)
CVE-2008-2462
CWE-707
Medium
Resin Application Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-2032)
CVE-2010-2032
CWE-707
Medium
Resin Application Server Other Vulnerability (CVE-2004-0281)
CVE-2004-0281
-
Medium
Resin Application Server Other Vulnerability (CVE-2012-2966)
CVE-2012-2966
-
High
Resin Application Server Other Vulnerability (CVE-2012-2967)
CVE-2012-2967
-
High
Resin Application Server Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2969)
CVE-2012-2969
CWE-264
Medium
Resin Application Server Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-2966)
CVE-2014-2966
CWE-264
Medium
Resource Accessible Without Required Authentication
-
CWE-287
Medium
Restlet Framework Deserialization of Untrusted Data Vulnerability (CVE-2013-4271)
CVE-2013-4271
CWE-502
High
Restlet Framework Improper Restriction of XML External Entity Reference Vulnerability (CVE-2017-14868)
CVE-2017-14868
CWE-611
High
Restlet Framework Improper Restriction of XML External Entity Reference Vulnerability (CVE-2017-14949)
CVE-2017-14949
CWE-611
High
Restlet Framework XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2013-4221)
CVE-2013-4221
CWE-91
High
RethinkDB administrative interface publicly exposed
-
CWE-200
High
Retired hash function in SAML Response
-
CWE-327
Information
reveal.js Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-8127)
CVE-2020-8127
CWE-707
Medium
reveal.js Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-0776)
CVE-2022-0776
CWE-707
Medium
Reverse proxy bypass
CVE-2011-3368
CWE-20
Medium
Reverse Proxy Detected
-
-
Information
Reverse proxy misrouting
-
CWE-918
High
Reverse proxy misrouting through HTTP/2 pseudo-headers (SSRF)
-
CWE-918
Medium
ReviveAdserver 7PK - Security Features Vulnerability (CVE-2016-9470)
CVE-2016-9470
-
Critical
ReviveAdserver Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-52670)
CVE-2025-52670
CWE-639
Medium
ReviveAdserver Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-5954)
CVE-2013-5954
CWE-352
Medium
ReviveAdserver Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-9407)
CVE-2014-9407
CWE-352
Medium
ReviveAdserver Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-7364)
CVE-2015-7364
CWE-352
Medium
ReviveAdserver Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-7366)
CVE-2015-7366
CWE-352
Medium
ReviveAdserver Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-9127)
CVE-2016-9127
CWE-352
High
ReviveAdserver Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-9455)
CVE-2016-9455
CWE-352
High
ReviveAdserver Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-9456)
CVE-2016-9456
CWE-352
High
ReviveAdserver Deserialization of Untrusted Data Vulnerability (CVE-2017-5830)
CVE-2017-5830
CWE-502
Critical
ReviveAdserver Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-7368)
CVE-2015-7368
CWE-200
Low
ReviveAdserver Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-9129)
CVE-2016-9129
CWE-200
Medium
ReviveAdserver Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-52669)
CVE-2025-52669
CWE-200
Medium
ReviveAdserver Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2025-52671)
CVE-2025-52671
CWE-209
Medium
ReviveAdserver Improper Access Control Vulnerability (CVE-2015-7367)
CVE-2015-7367
CWE-284
High
ReviveAdserver Improper Access Control Vulnerability (CVE-2015-7369)
CVE-2015-7369
CWE-284
High
ReviveAdserver Improper Access Control Vulnerability (CVE-2025-48986)
CVE-2025-48986
CWE-284
High
ReviveAdserver Improper Authentication Vulnerability (CVE-2016-9124)
CVE-2016-9124
CWE-287
Critical
ReviveAdserver Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2015-7372)
CVE-2015-7372
CWE-22
High
ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-8793)
CVE-2014-8793
CWE-707
Medium
ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-7365)
CVE-2015-7365
CWE-707
Medium