Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Web Application Vulnerabilities

This page lists 24342 vulnerabilities in 62 categories.

Critical: 1593 High: 13071 Medium: 8734 Low: 875 Information: 69
Vulnerability Name
CVE
CWE
Severity
WebLogic Improper Access Control Vulnerability (CVE-2025-50072)
CVE-2025-50072
CWE-284
Medium
WebLogic Improper Authorization Vulnerability (CVE-2025-50073)
CVE-2025-50073
CWE-285
Medium
WebLogic Improper Certificate Validation Vulnerability (CVE-2020-9488)
CVE-2020-9488
CWE-295
Low
WebLogic Improper Certificate Validation Vulnerability (CVE-2021-3450)
CVE-2021-3450
CWE-295
High
WebLogic Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2019-17195)
CVE-2019-17195
CWE-754
Critical
WebLogic Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2021-27568)
CVE-2021-27568
CWE-754
Medium
WebLogic Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2022-22965)
CVE-2022-22965
CWE-94
Critical
WebLogic Improper Handling of Exceptional Conditions Vulnerability (CVE-2017-5638)
CVE-2017-5638
CWE-755
Critical
WebLogic Improper Input Validation Vulnerability (CVE-2017-15707)
CVE-2017-15707
CWE-20
Medium
WebLogic Improper Input Validation Vulnerability (CVE-2019-12400)
CVE-2019-12400
CWE-20
Medium
WebLogic Improper Input Validation Vulnerability (CVE-2020-10693)
CVE-2020-10693
CWE-20
Medium
WebLogic Improper Input Validation Vulnerability (CVE-2021-44832)
CVE-2021-44832
CWE-20
Medium
WebLogic Improper Input Validation Vulnerability (CVE-2021-45105)
CVE-2021-45105
CWE-20
Medium
WebLogic Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-29425)
CVE-2021-29425
CWE-22
Medium
WebLogic Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-21371)
CVE-2022-21371
CWE-22
High
WebLogic Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-23457)
CVE-2022-23457
CWE-22
Critical
WebLogic Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-9251)
CVE-2015-9251
CWE-707
Medium
WebLogic Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-7103)
CVE-2016-7103
CWE-707
Medium
WebLogic Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-10219)
CVE-2019-10219
CWE-707
Medium
WebLogic Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-11022)
CVE-2020-11022
CWE-707
Medium
WebLogic Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-11023)
CVE-2020-11023
CWE-707
Medium
WebLogic Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-14572)
CVE-2020-14572
CWE-707
Medium
WebLogic Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41182)
CVE-2021-41182
CWE-707
Medium
WebLogic Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41183)
CVE-2021-41183
CWE-707
Medium
WebLogic Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41184)
CVE-2021-41184
CWE-707
Medium
WebLogic Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-29577)
CVE-2022-29577
CWE-707
Medium
WebLogic Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2019-2725)
CVE-2019-2725
CWE-138
Critical
WebLogic Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression La Vulnerability (CVE-2021-28170)
CVE-2021-28170
CWE-138
Medium
WebLogic Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-23305)
CVE-2022-23305
CWE-138
Critical
WebLogic Improper Privilege Management Vulnerability (CVE-2025-50064)
CVE-2025-50064
CWE-269
Medium
WebLogic Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2008-3257)
CVE-2008-3257
CWE-119
Critical
WebLogic Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2019-11358)
CVE-2019-11358
CWE-1321
Medium
WebLogic Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2020-5258)
CVE-2020-5258
CWE-1321
High
WebLogic Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2021-23450)
CVE-2021-23450
CWE-1321
Critical
WebLogic Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2018-11040)
CVE-2018-11040
CWE-829
High
WebLogic Incorrect Authorization Vulnerability (CVE-2018-1258)
CVE-2018-1258
CWE-863
High
WebLogic Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2020-8908)
CVE-2020-8908
CWE-732
Low
WebLogic Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-11771)
CVE-2018-11771
CWE-835
Medium
WebLogic Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-1324)
CVE-2018-1324
CWE-835
Medium
WebLogic Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2022-23437)
CVE-2022-23437
CWE-835
Medium
WebLogic Missing Authentication for Critical Function Vulnerability (CVE-2024-21007)
CVE-2024-21007
CWE-306
High
WebLogic Missing Authentication for Critical Function Vulnerability (CVE-2025-21535)
CVE-2025-21535
CWE-306
Critical
WebLogic Missing Authentication for Critical Function Vulnerability (CVE-2025-30762)
CVE-2025-30762
CWE-306
High
WebLogic Missing Authentication for Critical Function Vulnerability (CVE-2025-61752)
CVE-2025-61752
CWE-306
High
WebLogic Observable Discrepancy Vulnerability (CVE-2019-3739)
CVE-2019-3739
CWE-203
Medium
WebLogic Observable Discrepancy Vulnerability (CVE-2019-3740)
CVE-2019-3740
CWE-203
Medium
WebLogic Other Vulnerability (CVE-2020-10672)
CVE-2020-10672
-
High
WebLogic Other Vulnerability (CVE-2020-10673)
CVE-2020-10673
-
High
WebLogic Other Vulnerability (CVE-2022-24891)
CVE-2022-24891
-
Medium
WebLogic Out-of-bounds Write Vulnerability (CVE-2020-36518)
CVE-2020-36518
CWE-787
High
WebLogic Server Side Request Forgery
CVE-2014-4242
CWE-918
High
WebLogic Server-Side Request Forgery (SSRF) Vulnerability (CVE-2020-11987)
CVE-2020-11987
CWE-918
High
WebLogic Uncontrolled Resource Consumption Vulnerability (CVE-2016-8610)
CVE-2016-8610
CWE-400
High
WebLogic Uncontrolled Resource Consumption Vulnerability (CVE-2022-24839)
CVE-2022-24839
CWE-400
Medium
WebLogic Uncontrolled Resource Consumption Vulnerability (CVE-2025-21549)
CVE-2025-21549
CWE-400
High
WebLogic Uncontrolled Resource Consumption Vulnerability (CVE-2025-30753)
CVE-2025-30753
CWE-400
Medium
WebLogic Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2021-21347)
CVE-2021-21347
CWE-434
Critical
WebLogic Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-1000180)
CVE-2018-1000180
CWE-327
High
WebLogic Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2021-2351)
CVE-2021-2351
CWE-327
High
WebLogic Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') Vulnerability (CVE-2018-1000613)
CVE-2018-1000613
CWE-470
Critical
Webmail weak password
-
CWE-200
High
Webmin v1.920 Unauhenticated Remote Command Execution
CVE-2019-15107
CWE-94
High
WebPageTest Unauthorized Access Vulnerability
-
CWE-200
Medium
WEBrick v.1.3 directory traversal
CVE-2008-1145
CWE-22
High
Werkzeug WSGI Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-25577)
CVE-2023-25577
CWE-770
High
Werkzeug WSGI Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-49767)
CVE-2024-49767
CWE-770
High
Werkzeug WSGI Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-34069)
CVE-2024-34069
CWE-352
High
Werkzeug WSGI CVE-2023-23934 Vulnerability (CVE-2023-23934)
CVE-2023-23934
-
Low
Werkzeug WSGI Improper Handling of Windows Device Names Vulnerability (CVE-2025-66221)
CVE-2025-66221
CWE-67
Medium
Werkzeug WSGI Improper Handling of Windows Device Names Vulnerability (CVE-2026-21860)
CVE-2026-21860
CWE-67
Medium
Werkzeug WSGI Improper Handling of Windows Device Names Vulnerability (CVE-2026-27199)
CVE-2026-27199
CWE-67
Medium
Werkzeug WSGI Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-14322)
CVE-2019-14322
CWE-22
High
Werkzeug WSGI Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-49766)
CVE-2024-49766
CWE-22
Medium
Werkzeug WSGI Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-10516)
CVE-2016-10516
CWE-707
Medium
Werkzeug WSGI Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2022-29361)
CVE-2022-29361
-
Critical