Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Web Application Vulnerabilities

This page lists 24342 vulnerabilities in 62 categories.

Critical: 1593 High: 13071 Medium: 8734 Low: 875 Information: 69
Vulnerability Name
CVE
CWE
Severity
ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-7370)
CVE-2015-7370
CWE-707
Medium
ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-7373)
CVE-2015-7373
CWE-707
Medium
ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9126)
CVE-2016-9126
CWE-707
Medium
ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9128)
CVE-2016-9128
CWE-707
Medium
ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9130)
CVE-2016-9130
CWE-707
Medium
ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9454)
CVE-2016-9454
CWE-707
Medium
ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9457)
CVE-2016-9457
CWE-707
Medium
ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9472)
CVE-2016-9472
CWE-707
Medium
ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-5832)
CVE-2017-5832
CWE-707
Medium
ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-5833)
CVE-2017-5833
CWE-707
Medium
ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-8115)
CVE-2020-8115
CWE-707
Medium
ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-22871)
CVE-2021-22871
CWE-707
Medium
ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-22872)
CVE-2021-22872
CWE-707
Medium
ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-22874)
CVE-2021-22874
CWE-707
Medium
ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-22875)
CVE-2021-22875
CWE-707
Medium
ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-22888)
CVE-2021-22888
CWE-707
Medium
ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-22889)
CVE-2021-22889
CWE-707
Medium
ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-38040)
CVE-2023-38040
CWE-707
Medium
ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-53931)
CVE-2023-53931
CWE-707
Medium
ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-27208)
CVE-2025-27208
CWE-707
Medium
ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-48987)
CVE-2025-48987
CWE-707
Medium
ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-52667)
CVE-2025-52667
CWE-707
Medium
ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-52668)
CVE-2025-52668
CWE-707
Medium
ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-55123)
CVE-2025-55123
CWE-707
Medium
ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-55124)
CVE-2025-55124
CWE-707
Medium
ReviveAdserver Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-7149)
CVE-2013-7149
CWE-138
High
ReviveAdserver Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-52664)
CVE-2025-52664
CWE-138
High
ReviveAdserver Incorrect Authorization Vulnerability (CVE-2020-8142)
CVE-2020-8142
CWE-863
Medium
ReviveAdserver Other Vulnerability (CVE-2014-8875)
CVE-2014-8875
-
Medium
ReviveAdserver Other Vulnerability (CVE-2016-9471)
CVE-2016-9471
-
Low
ReviveAdserver Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-7371)
CVE-2015-7371
CWE-264
Medium
ReviveAdserver Session Fixation Vulnerability (CVE-2016-9125)
CVE-2016-9125
CWE-384
Critical
ReviveAdserver Session Fixation Vulnerability (CVE-2017-5831)
CVE-2017-5831
CWE-384
Medium
ReviveAdserver URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-5433)
CVE-2019-5433
CWE-601
Medium
ReviveAdserver URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-8143)
CVE-2020-8143
CWE-601
Medium
ReviveAdserver URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-22873)
CVE-2021-22873
CWE-601
Medium
ReviveAdserver Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2021-22948)
CVE-2021-22948
CWE-327
High
ReviveAdserver Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Vulnerability (CVE-2019-5440)
CVE-2019-5440
CWE-338
High
ReviveAdserver Use of Externally-Controlled Format String Vulnerability (CVE-2025-52666)
CVE-2025-52666
CWE-134
Low
Revoked SSL Certificate
-
CWE-295
Medium
Riot.js Resource Management Errors Vulnerability (CVE-2016-10527)
CVE-2016-10527
-
High
ROBOT Attack Detected (Strong Oracle)
-
-
High
ROBOT Attack Detected (Weak Oracle)
-
-
High
RoR Database Configuration File Detected
-
CWE-538
High
RoR Development Mode enabled
-
CWE-200
Medium
Roundcube Access of Resource Using Incompatible Type ('Type Confusion') Vulnerability (CVE-2026-35541)
CVE-2026-35541
CWE-843
Medium
Roundcube Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2009-4076)
CVE-2009-4076
CWE-352
Medium
Roundcube Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2009-4077)
CVE-2009-4077
CWE-352
Medium
Roundcube Cross-site Request Forgery (CSRF) Vulnerability (CVE-2016-4069)
CVE-2016-4069
-
High
Roundcube Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-12626)
CVE-2020-12626
CWE-352
Medium
Roundcube Cross-site Scripting (XSS) Vulnerability (CVE-2015-1433)
CVE-2015-1433
-
Medium
Roundcube Cross-site Scripting (XSS) Vulnerability (CVE-2015-8105)
CVE-2015-8105
-
Low
Roundcube Cross-site Scripting (XSS) Vulnerability (CVE-2015-8793)
CVE-2015-8793
-
Medium
Roundcube Cross-site Scripting (XSS) Vulnerability (CVE-2015-8864)
CVE-2015-8864
-
Medium
Roundcube Cross-site Scripting (XSS) Vulnerability (CVE-2016-4068)
CVE-2016-4068
-
Medium
Roundcube Deserialization of Untrusted Data Vulnerability (CVE-2025-49113)
CVE-2025-49113
CWE-502
High
Roundcube Deserialization of Untrusted Data Vulnerability (CVE-2026-35537)
CVE-2026-35537
CWE-502
High
Roundcube Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-0464)
CVE-2010-0464
CWE-200
Medium
Roundcube Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5382)
CVE-2015-5382
CWE-200
Medium
Roundcube Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5383)
CVE-2015-5383
CWE-200
High
Roundcube Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-19205)
CVE-2018-19205
CWE-200
High
Roundcube Files or Directories Accessible to External Parties Vulnerability (CVE-2017-16651)
CVE-2017-16651
CWE-552
High
Roundcube Improper Access Control Vulnerability (CVE-2016-9920)
CVE-2016-9920
CWE-284
High
Roundcube Improper Encoding or Escaping of Output Vulnerability (CVE-2025-68460)
CVE-2025-68460
CWE-116
High
Roundcube Improper Input Validation Vulnerability (CVE-2011-1491)
CVE-2011-1491
CWE-20
Low
Roundcube Improper Input Validation Vulnerability (CVE-2011-1492)
CVE-2011-1492
CWE-20
Medium
Roundcube Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2013-1904)
CVE-2013-1904
CWE-22
Medium
Roundcube Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2020-12640)
CVE-2020-12640
CWE-22
Critical
Roundcube Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') Vulnerability (CVE-2020-12641)
CVE-2020-12641
CWE-707
Critical
Roundcube Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') Vulnerability (CVE-2026-35538)
CVE-2026-35538
CWE-707
Low
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-0413)
CVE-2009-0413
CWE-707
Medium
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-2937)
CVE-2011-2937
CWE-707
Medium
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-1253)
CVE-2012-1253
CWE-707
Low
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-3507)
CVE-2012-3507
CWE-707
Low
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-3508)
CVE-2012-3508
CWE-707
Medium