Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Web Application Vulnerabilities

This page lists 24342 vulnerabilities in 62 categories.

Critical: 1593 High: 13071 Medium: 8734 Low: 875 Information: 69
Vulnerability Name
CVE
CWE
Severity
Squid Use After Free Vulnerability (CVE-2026-33526)
CVE-2026-33526
CWE-416
High
SSL Certificate Is About To Expire
-
CWE-298
Medium
SSL Certificate Name Hostname Mismatch
-
CWE-295
Medium
SSL Secure renegotiation is not supported
CVE-2009-3555
CWE-295
Medium
SSL Untrusted Root Certificate
-
CWE-295
Medium
SSL/TLS Not Implemented
-
CWE-319
Medium
SSRF in Ivanti Connect Secure, Policy Secure and Neurons (CVE-2024-21893)
CVE-2024-21893
CWE-918
High
SSRF in Server-Side Rendering
-
CWE-918
High
SSRF via logo_uri in MITREid Connect
CVE-2021-26715
CWE-918
High
Stack Trace Disclosure (Apache MyFaces)
-
CWE-209
Low
Stack Trace Disclosure (ASP.NET)
-
CWE-209
Low
Stack Trace Disclosure (CakePHP)
-
CWE-209
Low
Stack Trace Disclosure (CherryPy)
-
CWE-209
Low
Stack Trace Disclosure (ColdFusion)
-
CWE-209
Medium
Stack Trace Disclosure (Grails)
-
CWE-209
Low
Stack Trace Disclosure (GWT)
-
CWE-209
Low
Stack Trace Disclosure (Java)
-
CWE-209
Medium
Stack Trace Disclosure (Laravel)
-
CWE-209
Medium
Stack Trace Disclosure (NodeJS)
-
CWE-209
Low
Stack Trace Disclosure (Python)
-
CWE-209
Medium
Stack Trace Disclosure (RoR)
-
CWE-209
Medium
Stack Trace Disclosure (Ruby-Sinatra Framework)
-
CWE-209
Low
Stack Trace Disclosure (Tomcat)
-
CWE-209
Low
Static Nonce Identified in Content Security Policy (CSP)
-
CWE-334
Information
Strapi Cognito provider Authentication Bypass (CVE-2023-22893)
CVE-2023-22893
CWE-287
High
Struts 2 Config Browser plugin enabled
-
CWE-200
Medium
Struts 2 development mode
-
CWE-489
High
Struts2 Development Mode Enabled
-
CWE-489
High
Struts2/XWork remote command execution (S2-014)
CVE-2013-2115
CWE-94
High
Subresource Integrity (SRI) Not Implemented
-
CWE-830
Information
SugarCRM CVE-2023-35809 Vulnerability (CVE-2023-35809)
CVE-2023-35809
-
High
SugarCRM Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3803)
CVE-2011-3803
CWE-200
Medium
SugarCRM Gain Sensitive Information Vulnerability (CVE-2004-1226)
CVE-2004-1226
-
Medium
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17299)
CVE-2019-17299
CWE-94
High
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17300)
CVE-2019-17300
CWE-94
High
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17301)
CVE-2019-17301
CWE-94
High
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17302)
CVE-2019-17302
CWE-94
High
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17303)
CVE-2019-17303
CWE-94
High
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17304)
CVE-2019-17304
CWE-94
High
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17305)
CVE-2019-17305
CWE-94
High
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17306)
CVE-2019-17306
CWE-94
High
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17307)
CVE-2019-17307
CWE-94
High
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17308)
CVE-2019-17308
CWE-94
High
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17309)
CVE-2019-17309
CWE-94
High
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17310)
CVE-2019-17310
CWE-94
High
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-46816)
CVE-2023-46816
CWE-94
High
SugarCRM Improper Input Validation Vulnerability (CVE-2011-0745)
CVE-2011-0745
CWE-20
Medium
SugarCRM Improper Input Validation Vulnerability (CVE-2012-0694)
CVE-2012-0694
CWE-20
Critical
SugarCRM Improper Input Validation Vulnerability (CVE-2017-14509)
CVE-2017-14509
CWE-20
High
SugarCRM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-2045)
CVE-2008-2045
CWE-22
Medium
SugarCRM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-17311)
CVE-2019-17311
CWE-22
High
SugarCRM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-17312)
CVE-2019-17312
CWE-22
High
SugarCRM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-17313)
CVE-2019-17313
CWE-22
High
SugarCRM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-17314)
CVE-2019-17314
CWE-22
High
SugarCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-0465)
CVE-2010-0465
CWE-707
Medium
SugarCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-14510)
CVE-2017-14510
CWE-707
Medium
SugarCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-17784)
CVE-2018-17784
CWE-707
Medium
SugarCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-5715)
CVE-2018-5715
CWE-707
Medium
SugarCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14974)
CVE-2019-14974
CWE-707
Medium
SugarCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-17372)
CVE-2020-17372
CWE-707
Medium
SugarCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-28955)
CVE-2020-28955
CWE-707
Medium
SugarCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-28956)
CVE-2020-28956
CWE-707
Medium
SugarCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-36501)
CVE-2020-36501
CWE-707
Medium
SugarCRM Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-35810)
CVE-2023-35810
CWE-138
High
SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-2978)
CVE-2009-2978
CWE-138
High
SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2011-4833)
CVE-2011-4833
CWE-138
High
SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-14508)
CVE-2017-14508
CWE-138
High
SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-6308)
CVE-2018-6308
CWE-138
Critical
SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-17292)
CVE-2019-17292
CWE-138
High
SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-17293)
CVE-2019-17293
CWE-138
High
SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-17294)
CVE-2019-17294
CWE-138
High
SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-17295)
CVE-2019-17295
CWE-138
High
SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-17296)
CVE-2019-17296
CWE-138
High
SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-17297)
CVE-2019-17297
CWE-138
High
SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-17298)
CVE-2019-17298
CWE-138
High