Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Web Application Vulnerabilities

This page lists 24342 vulnerabilities in 62 categories.

Critical: 1593 High: 13071 Medium: 8734 Low: 875 Information: 69
Vulnerability Name
CVE
CWE
Severity
SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-17318)
CVE-2019-17318
CWE-138
High
SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-17319)
CVE-2019-17319
CWE-138
High
SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-17373)
CVE-2020-17373
CWE-138
Medium
SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-35811)
CVE-2023-35811
CWE-138
High
SugarCRM Improper Restriction of XML External Entity Reference Vulnerability (CVE-2014-3244)
CVE-2014-3244
CWE-611
Critical
SugarCRM Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability (CVE-2019-17315)
CVE-2019-17315
CWE-915
High
SugarCRM Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability (CVE-2019-17316)
CVE-2019-17316
CWE-915
High
SugarCRM Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability (CVE-2019-17317)
CVE-2019-17317
CWE-915
High
SugarCRM Incomplete List of Disallowed Inputs Vulnerability (CVE-2015-5946)
CVE-2015-5946
CWE-184
High
SugarCRM Missing Authorization Vulnerability (CVE-2020-7472)
CVE-2020-7472
CWE-862
Critical
SugarCRM Other Vulnerability (CVE-2004-1225)
CVE-2004-1225
-
Critical
SugarCRM Other Vulnerability (CVE-2005-0266)
CVE-2005-0266
-
Medium
SugarCRM Other Vulnerability (CVE-2006-2460)
CVE-2006-2460
-
Medium
SugarCRM Other Vulnerability (CVE-2006-6712)
CVE-2006-6712
-
Medium
SugarCRM Other Vulnerability (CVE-2009-2146)
CVE-2009-2146
-
Medium
SugarCRM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-35808)
CVE-2023-35808
CWE-434
High
SugarCRM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-46815)
CVE-2023-46815
CWE-434
High
SuiteCRM SQL Injection (CVE-2024-36412)
CVE-2024-36412
CWE-89
Critical
SVN Detected
-
CWE-538
High
Swagger UI DOM XSS vulnerability
-
CWE-80
High
Swagger UI Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-5682)
CVE-2016-5682
CWE-707
Medium
Symfony databases.yml configuration file
-
CWE-538
High
Symfony debug mode enabled
-
CWE-200
Low
Symfony debug mode enabled (Invicti IAST)
-
CWE-489
Medium
Symfony ESI (Edge-Side Includes) enabled
-
CWE-200
Low
Symfony Profiler open
-
CWE-200
Medium
Symfony RCE via weak/predictable APP_SECRET
-
CWE-94
High
Symfony running in dev mode
-
CWE-489
Medium
Symfony weak application secret
-
CWE-94
High
Symfony web debug toolbar
-
CWE-489
Medium
SysAid On-Premise RCE (CVE-2023-47246)
CVE-2023-47246
CWE-22
Critical
TCExam Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3806)
CVE-2011-3806
CWE-200
Medium
TCExam Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-5743)
CVE-2020-5743
CWE-200
Medium
TCExam Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-20114)
CVE-2021-20114
CWE-200
High
TCExam Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2020-5744)
CVE-2020-5744
CWE-22
Medium
TCExam Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-4238)
CVE-2012-4238
CWE-707
Low
TCExam Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-4602)
CVE-2012-4602
CWE-707
Medium
TCExam Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-13422)
CVE-2018-13422
CWE-707
Medium
TCExam Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-5745)
CVE-2020-5745
CWE-707
High
TCExam Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-5746)
CVE-2020-5746
CWE-707
Medium
TCExam Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-5747)
CVE-2020-5747
CWE-707
Medium
TCExam Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-5748)
CVE-2020-5748
CWE-707
Medium
TCExam Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-5749)
CVE-2020-5749
CWE-707
Medium
TCExam Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-5750)
CVE-2020-5750
CWE-707
Medium
TCExam Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-5751)
CVE-2020-5751
CWE-707
Medium
TCExam Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-20111)
CVE-2021-20111
CWE-707
Medium
TCExam Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-20112)
CVE-2021-20112
CWE-707
Medium
TCExam Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-20115)
CVE-2021-20115
CWE-707
Medium
TCExam Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-20116)
CVE-2021-20116
CWE-707
Medium
TCExam Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-4237)
CVE-2012-4237
CWE-138
Medium
TCExam Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-4601)
CVE-2012-4601
CWE-138
Medium
TCExam Missing Authorization Vulnerability (CVE-2023-6554)
CVE-2023-6554
CWE-862
Medium
TCExam Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2021-20113)
CVE-2021-20113
-
Medium
TCExam Other Vulnerability (CVE-2010-2153)
CVE-2010-2153
-
Medium
TCPDF arbitrary file read
-
CWE-98
High
TeamCity Authentication Bypass (CVE-2023-42793)
CVE-2023-42793
CWE-287
Critical
TeamCity Authentication Bypass (CVE-2024-27198)
CVE-2024-27198
CWE-288
Critical
TeamCity Authentication Bypass (CVE-2024-27199)
CVE-2024-27199
CWE-288
High
Telerik Report Server Authentication Bypass Vulnerability
CVE-2024-4358
CWE-287
Critical
Telerik Web UI Deserialization of Untrusted Data Vulnerability (CVE-2019-18935)
CVE-2019-18935
CWE-502
Critical
Telerik Web UI Improper Input Validation Vulnerability (CVE-2017-11357)
CVE-2017-11357
CWE-20
Critical
Telerik Web UI Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-2217)
CVE-2014-2217
CWE-22
High
Telerik Web UI Inadequate Encryption Strength Vulnerability (CVE-2017-11317)
CVE-2017-11317
CWE-326
Critical
Telerik Web UI Insecure Direct Object Reference
CVE-2017-11357
CWE-78
High
Telerik Web UI Insufficiently Protected Credentials Vulnerability (CVE-2017-9248)
CVE-2017-9248
CWE-522
Critical
Telerik Web UI Missing Authorization Vulnerability (CVE-2021-28141)
CVE-2021-28141
CWE-862
Critical
Telerik Web UI RadAsyncUpload Deserialization
CVE-2019-18935
CWE-78
High
Telerik Web UI Unrestricted File Upload (CVE-2014-2217)
CVE-2014-2217
CWE-78
High
Telerik Web UI Unrestricted File Upload (CVE-2017-11317)
CVE-2017-11317
CWE-78
High
Telerik.Web.UI.dll Cryptographic Weakness
CVE-2017-9248
CWE-338
High
Test CGI script leaking environment variables
-
-
Medium
TestRail Information Disclosure (CVE-2021-40875)
CVE-2021-40875
CWE-425
Medium
Text4shell: Apache Commons Text RCE via insecure interpolation
CVE-2022-42889
CWE-94
Critical
The DROWN attack (SSLv2 supported)
CVE-2016-0800
CWE-327
High
The FREAK attack
CVE-2015-0204
CWE-327
Medium