Platform
Solutions
Pricing
Why Invicti
Resources Library
Get a demo
Home
/
Web Application Vulnerabilities
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
Web Application Vulnerabilities
This page lists
23441 vulnerabilities
in
68 categories
.
Critical: 1499
High: 12791
Medium: 8230
Low: 857
Information: 64
Vulnerability Name
CVE
CWE
Severity
Collabtive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-48707)
CVE-2024-48707
CWE-707
Medium
Collabtive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-48708)
CVE-2024-48708
CWE-707
Medium
Collabtive Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2010-4269)
CVE-2010-4269
CWE-138
High
Collabtive Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-6872)
CVE-2013-6872
CWE-138
Medium
Collabtive Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-3246)
CVE-2014-3246
CWE-138
Medium
Collabtive Improper Privilege Management Vulnerability (CVE-2013-5027)
CVE-2013-5027
CWE-269
Critical
Collabtive Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2015-0258)
CVE-2015-0258
CWE-434
High
Command Injection
-
CWE-94
Critical
Composer installed.json publicly accessible
-
CWE-200
Low
concrete5 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-8082)
CVE-2017-8082
CWE-352
Medium
concrete5 CVE-2020-14961 Vulnerability (CVE-2020-14961)
CVE-2020-14961
-
Medium
concrete5 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-5107)
CVE-2014-5107
CWE-200
Medium
concrete5 Improper Input Validation Vulnerability (CVE-2017-18195)
CVE-2017-18195
CWE-20
Medium
concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-5181)
CVE-2012-5181
CWE-707
Medium
concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-5108)
CVE-2014-5108
CWE-707
Medium
concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-9526)
CVE-2014-9526
CWE-707
Medium
concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-2250)
CVE-2015-2250
CWE-707
Medium
concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-3989)
CVE-2015-3989
CWE-707
Medium
concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-4721)
CVE-2015-4721
CWE-707
Medium
concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-6905)
CVE-2017-6905
CWE-707
Medium
concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-6908)
CVE-2017-6908
CWE-707
Medium
concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-7725)
CVE-2017-7725
CWE-707
Medium
concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-19146)
CVE-2018-19146
CWE-707
Medium
concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-3111)
CVE-2021-3111
CWE-707
Low
concrete5 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2015-4724)
CVE-2015-4724
CWE-138
High
concrete5 Server-Side Request Forgery (SSRF) Vulnerability (CVE-2018-13790)
CVE-2018-13790
CWE-918
High
concrete5 Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-22958)
CVE-2021-22958
CWE-918
Critical
concrete5 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-11476)
CVE-2020-11476
CWE-434
High
concrete5 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-24986)
CVE-2020-24986
CWE-434
High
Configuration file disclosure
-
CWE-538
High
Configuration file source code disclosure
-
CWE-538
High
Confluence Widget Connector SSTI
CVE-2019-3396
CWE-22
High
Consul API publicly exposed
-
CWE-200
High
Contao Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-1297)
CVE-2012-1297
CWE-352
Medium
Contao Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-10642)
CVE-2019-10642
CWE-352
High
Contao CVE-2018-20028 Vulnerability (CVE-2018-20028)
CVE-2018-20028
-
Medium
Contao CVE-2024-28234 Vulnerability (CVE-2024-28234)
CVE-2024-28234
-
Medium
Contao CVE-2024-28235 Vulnerability (CVE-2024-28235)
CVE-2024-28235
-
Medium
Contao Deserialization of Untrusted Data Vulnerability (CVE-2014-1860)
CVE-2014-1860
CWE-502
Critical
Contao Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-57756)
CVE-2025-57756
CWE-200
Medium
Contao Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-57757)
CVE-2025-57757
CWE-200
Medium
Contao Improper Access Control Vulnerability (CVE-2025-57758)
CVE-2025-57758
CWE-284
Medium
Contao Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-37626)
CVE-2021-37626
CWE-94
High
Contao Improper Encoding or Escaping of Output Vulnerability (CVE-2019-19714)
CVE-2019-19714
CWE-116
Medium
Contao Improper Input Validation Vulnerability (CVE-2020-25768)
CVE-2020-25768
CWE-20
Medium
Contao Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2015-0269)
CVE-2015-0269
CWE-22
Medium
Contao Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-10993)
CVE-2017-10993
CWE-22
High
Contao Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-29200)
CVE-2023-29200
CWE-22
Medium
Contao Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-45604)
CVE-2024-45604
CWE-22
Medium
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-0508)
CVE-2011-0508
CWE-707
Medium
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4335)
CVE-2011-4335
CWE-707
Medium
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-10125)
CVE-2018-10125
CWE-707
Medium
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-5478)
CVE-2018-5478
CWE-707
Medium
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-35210)
CVE-2021-35210
CWE-707
Medium
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-35955)
CVE-2021-35955
CWE-707
Medium
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-24899)
CVE-2022-24899
CWE-707
Medium
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-36806)
CVE-2023-36806
CWE-707
Medium
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-28190)
CVE-2024-28190
CWE-707
Medium
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-45965)
CVE-2024-45965
CWE-707
Medium
Contao Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2024-28191)
CVE-2024-28191
CWE-138
Medium
Contao Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2024-45612)
CVE-2024-45612
CWE-138
Medium
Contao Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-4383)
CVE-2012-4383
CWE-138
High
Contao Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-16558)
CVE-2017-16558
CWE-138
Critical
Contao Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-11512)
CVE-2019-11512
CWE-138
Critical
Contao Improper Privilege Management Vulnerability (CVE-2021-37627)
CVE-2021-37627
CWE-269
High
Contao Improper Privilege Management Vulnerability (CVE-2025-57759)
CVE-2025-57759
CWE-269
Medium
Contao Incorrect Default Permissions Vulnerability (CVE-2019-19712)
CVE-2019-19712
CWE-276
Medium
Contao Insufficient Session Expiration Vulnerability (CVE-2024-30262)
CVE-2024-30262
CWE-613
High
Contao Key Management Errors Vulnerability (CVE-2019-10643)
CVE-2019-10643
-
Critical
Contao Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-19745)
CVE-2019-19745
CWE-434
High
Contao Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2024-45398)
CVE-2024-45398
CWE-434
High
Contao Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2019-10641)
CVE-2019-10641
CWE-640
Critical
Content Security Policy (CSP) Contains Out of Scope report-uri Domain
-
CWE-16
Information
Content Security Policy (CSP) Keywords Not Used Within Single Quotes
-
CWE-16
Information
Content Security Policy (CSP) Nonce Value Not Used Within Single Quotes
-
CWE-16
Information
«
1
...
19
20
21
...
313
»
