Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Web Application Vulnerabilities

This page lists 24342 vulnerabilities in 62 categories.

Critical: 1593 High: 13071 Medium: 8734 Low: 875 Information: 69
Vulnerability Name
CVE
CWE
Severity
silverstripeCMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4961)
CVE-2011-4961
CWE-264
Medium
silverstripeCMS Session Fixation Vulnerability (CVE-2019-12203)
CVE-2019-12203
CWE-384
Medium
silverstripeCMS Session Fixation Vulnerability (CVE-2022-24444)
CVE-2022-24444
CWE-384
Medium
silverstripeCMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-9280)
CVE-2020-9280
CWE-434
High
SimpleHelp Path Traversal (CVE-2024-57727)
CVE-2024-57728
CWE-22
High
Sitecore Arbitrary File Read (CVE-2024-46938)
CVE-2024-46938
CWE-200
High
Sitecore XM/XP Insecure Deserialization (CVE-2025-27218)
CVE-2025-27218
CWE-502
Critical
Sitecore XP Deserialization RCE (CVE-2021-42237)
CVE-2021-42237
CWE-502
High
Sitecore XP TemplateParser RCE (CVE-2023-35813)
CVE-2023-35813
CWE-94
Critical
Skipper Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-23742)
CVE-2026-23742
CWE-94
High
Skipper Incorrect Authorization Vulnerability (CVE-2022-34296)
CVE-2022-34296
CWE-863
High
Skipper Server-Side Request Forgery (SSRF) Vulnerability (CVE-2022-38580)
CVE-2022-38580
CWE-918
Critical
Skipper Unintended Proxy or Intermediary ('Confused Deputy') Vulnerability (CVE-2026-24470)
CVE-2026-24470
CWE-441
High
Skype for Business SSRF (CVE-2023-41763)
CVE-2023-41763
CWE-918
High
SmarterTools SmarterMail Admin Password Reset (CVE-2026-23760)
CVE-2026-23760
CWE-288
Critical
Snoop Servlet information disclosure
-
CWE-200
Low
SOAP WS-Addressing SSRF
-
CWE-918
Medium
SolarWinds Orion API Auth bypass (CVE-2020-10148)
CVE-2020-10148
CWE-287
High
SolarWinds Serv-U Directory Traversal (CVE-2024-28995)
CVE-2024-28995
CWE-22
High
SolarWinds Web Help Desk Hardcoded Credential (CVE-2024-28987)
CVE-2024-28987
CWE-798
Critical
SolarWinds Web Help Desk RCE (CVE-2024-28986)
CVE-2024-28986
CWE-502
Critical
SonarQube default credentials
-
CWE-798
High
Sonicwall SMA 100 Unintended proxy (CVE-2021-20042)
CVE-2021-20042
CWE-441
Medium
SonicWall SSL-VPN 8.0.0.0 RCE via ShellShock exploit
-
CWE-78
High
Source Code Disclosure
-
CWE-538
Medium
Source Code Disclosure (Node.js)
-
CWE-540
Medium
Source Code Disclosure (Python)
-
CWE-540
Medium
Spring Boot Actuator
-
CWE-489
Medium
Spring Boot Actuator v2
-
CWE-489
Medium
Spring Boot Misconfiguration: Actuator endpoint security disabled
-
CWE-749
Medium
Spring Boot Misconfiguration: Admin MBean enabled
-
CWE-749
Medium
Spring Boot Misconfiguration: All Spring Boot Actuator endpoints are web exposed
-
CWE-200
Medium
Spring Boot Misconfiguration: Datasource credentials stored in the properties file
-
CWE-312
Medium
Spring Boot Misconfiguration: Developer tools enabled on production
-
CWE-489
Medium
Spring Boot Misconfiguration: H2 console enabled
-
CWE-200
Medium
Spring Boot Misconfiguration: MongoDB credentials stored in the properties file
-
CWE-312
Medium
Spring Boot Misconfiguration: Overly long session timeout
-
CWE-613
Medium
Spring Boot Misconfiguration: Spring Boot Actuator shutdown endpoint is web exposed
-
CWE-749
Low
Spring Boot Misconfiguration: Unsafe value for session tracking
-
CWE-598
Medium
Spring Boot Whitelabel Error Page SpEL
-
CWE-94
High
Spring Cloud Gateway Improper Certificate Validation Vulnerability (CVE-2022-22946)
CVE-2022-22946
CWE-295
Medium
Spring Cloud Gateway Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression La Vulnerability (CVE-2022-22947)
CVE-2022-22947
CWE-138
Critical
Spring Cloud Gateway Incorrect Authorization Vulnerability (CVE-2021-22051)
CVE-2021-22051
CWE-863
Medium
Spring Data REST RCE via PATCH requests
CVE-2017-8046
CWE-94
High
Spring Misconfiguration: HTML Escaping disabled
-
CWE-116
Medium
Spring Security Authentication Bypass
CVE-2016-5007
CWE-287
High
spring-boot-actuator-logview Path Traversal
CVE-2021-21234
CWE-22
High
SQL Injection
-
CWE-89
Critical
SQL Injection (stylesheet.php) (CMS Made Simple)
CVE-2007-2473
CWE-89
High
SQL Injection in Symphony
CVE-2013-2559
CWE-89
High
SQL injection in the authentication header
-
CWE-89
Critical
Sqlite Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2015-3717)
CVE-2015-3717
CWE-120
High
Sqlite CVE-2015-5895 Vulnerability (CVE-2015-5895)
CVE-2015-5895
-
Critical
Sqlite CVE-2019-19244 Vulnerability (CVE-2019-19244)
CVE-2019-19244
-
High
Sqlite CVE-2019-19603 Vulnerability (CVE-2019-19603)
CVE-2019-19603
-
High
Sqlite CVE-2020-13631 Vulnerability (CVE-2020-13631)
CVE-2020-13631
-
Medium
Sqlite CVE-2021-20223 Vulnerability (CVE-2021-20223)
CVE-2021-20223
-
Critical
Sqlite CVE-2021-36690 Vulnerability (CVE-2021-36690)
CVE-2021-36690
-
High
Sqlite CVE-2023-36191 Vulnerability (CVE-2023-36191)
CVE-2023-36191
-
Medium
SQLite Database File Found
-
CWE-538
Medium
Sqlite Divide By Zero Vulnerability (CVE-2019-16168)
CVE-2019-16168
CWE-369
Medium
Sqlite Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2019-19646)
CVE-2019-19646
CWE-754
Critical
Sqlite Improper Clearing of Heap Memory Before Release ('Heap Inspection') Vulnerability (CVE-2025-70873)
CVE-2025-70873
CWE-244
High
Sqlite Improper Handling of Exceptional Conditions Vulnerability (CVE-2019-19924)
CVE-2019-19924
CWE-755
Medium
Sqlite Improper Initialization Vulnerability (CVE-2020-11655)
CVE-2020-11655
CWE-665
High
Sqlite Improper Input Validation Vulnerability (CVE-2016-6153)
CVE-2016-6153
CWE-20
Medium
Sqlite Improper Input Validation Vulnerability (CVE-2017-13685)
CVE-2017-13685
CWE-20
Medium
Sqlite Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-6590)
CVE-2008-6590
CWE-22
Medium
Sqlite Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-6592)
CVE-2008-6592
CWE-22
High
Sqlite Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-6589)
CVE-2008-6589
CWE-707
Medium
Sqlite Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-6593)
CVE-2008-6593
CWE-138
High
Sqlite Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-20505)
CVE-2018-20505
CWE-138
High
Sqlite Improper Resource Shutdown or Release Vulnerability (CVE-2015-3415)
CVE-2015-3415
CWE-404
High
Sqlite Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2013-7443)
CVE-2013-7443
CWE-119
Medium
Sqlite Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2020-35527)
CVE-2020-35527
CWE-119
Critical