Platform
Solutions
Pricing
Why Invicti
Resources Library
Get a demo
Home
/
Web Application Vulnerabilities
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
Web Application Vulnerabilities
This page lists
23441 vulnerabilities
in
68 categories
.
Critical: 1499
High: 12791
Medium: 8230
Low: 857
Information: 64
Vulnerability Name
CVE
CWE
Severity
Content Security Policy (CSP) Nonce Without Matching Script Block
-
CWE-16
Information
Content Security Policy (CSP) Not Implemented
-
CWE-16
Information
Content Security Policy (CSP) report-uri Uses HTTP
-
CWE-16
Information
Content Security Policy Misconfiguration
-
CWE-16
Information
Content-Security-Policy-Report-Only Cannot Be Declared Between META Tags
-
CWE-16
Information
Content-Security-Policy-Report-Only Cannot Be Declared Without report-uri Directive
-
CWE-16
Information
Cookie signed with weak secret key
-
CWE-693
Medium
Cookies Not Marked as HttpOnly
-
CWE-1004
Low
Cookies Not Marked as Secure
-
CWE-614
Low
Cookies with missing, inconsistent or contradictory properties
-
CWE-284
Low
Cookies with Secure flag set over insecure connection
-
CWE-16
Information
Coppermine Cross-site Scripting (XSS) Vulnerability (CVE-2015-3921)
CVE-2015-3921
-
Low
Coppermine Cross-site Scripting (XSS) Vulnerability (CVE-2018-14478)
CVE-2018-14478
-
Medium
Coppermine Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-7187)
CVE-2008-7187
CWE-200
Medium
Coppermine Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3722)
CVE-2011-3722
CWE-200
Medium
Coppermine Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1614)
CVE-2012-1614
CWE-200
Medium
Coppermine Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-3923)
CVE-2015-3923
CWE-200
Medium
Coppermine Improper Authentication Vulnerability (CVE-2005-3979)
CVE-2005-3979
CWE-287
Medium
Coppermine Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-3481)
CVE-2008-3481
CWE-94
High
Coppermine Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-3486)
CVE-2008-3486
CWE-22
High
Coppermine Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-4667)
CVE-2010-4667
CWE-707
Medium
Coppermine Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-4693)
CVE-2010-4693
CWE-707
Medium
Coppermine Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-2476)
CVE-2011-2476
CWE-707
Medium
Coppermine Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-1613)
CVE-2012-1613
CWE-707
Low
Coppermine Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-4612)
CVE-2014-4612
CWE-707
Medium
Coppermine Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-0504)
CVE-2008-0504
CWE-138
Medium
Coppermine Multiple Cross-site Scripting (XSS) Vulnerabilities (CVE-2015-6528)
CVE-2015-6528
-
Medium
Coppermine Open Redirection Vulnerability (CVE-2015-3922)
CVE-2015-3922
-
Medium
Coppermine Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-7186)
CVE-2008-7186
CWE-264
Medium
Core dump checker PHP script
-
CWE-200
Medium
Core dump file
-
CWE-200
High
CouchDB REST API publicly accessible
-
CWE-285
High
cPanel XSS (CVE-2023-29489)
CVE-2023-29489
CWE-79
Medium
Craft CMS CVE-2017-8383 Vulnerability (CVE-2017-8383)
CVE-2017-8383
-
Medium
Craft CMS CVE-2024-21622 Vulnerability (CVE-2024-21622)
CVE-2024-21622
-
High
Craft CMS CVE-2025-32432 Vulnerability (CVE-2025-32432)
CVE-2025-32432
-
Critical
Craft CMS Development Mode enabled
-
CWE-200
Medium
Craft CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-14280)
CVE-2019-14280
CWE-200
Medium
Craft CMS Files or Directories Accessible to External Parties Vulnerability (CVE-2024-52292)
CVE-2024-52292
CWE-552
Medium
Craft CMS Improper Authentication Vulnerability (CVE-2024-41800)
CVE-2024-41800
CWE-287
High
Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-27903)
CVE-2021-27903
CWE-94
Critical
Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-30130)
CVE-2023-30130
CWE-94
High
Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-30179)
CVE-2023-30179
CWE-94
High
Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-41892)
CVE-2023-41892
CWE-94
Critical
Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-56145)
CVE-2024-56145
CWE-94
Critical
Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2025-23209)
CVE-2025-23209
CWE-94
High
Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2025-54417)
CVE-2025-54417
CWE-94
High
Craft CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-52291)
CVE-2024-52291
CWE-22
High
Craft CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-52293)
CVE-2024-52293
CWE-22
High
Craft CMS Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2021-41824)
CVE-2021-41824
CWE-1236
High
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-8052)
CVE-2017-8052
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-8384)
CVE-2017-8384
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-9516)
CVE-2017-9516
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-20418)
CVE-2018-20418
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-12823)
CVE-2019-12823
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-17496)
CVE-2019-17496
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-9554)
CVE-2019-9554
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-19626)
CVE-2020-19626
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-27902)
CVE-2021-27902
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-32470)
CVE-2021-32470
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-28378)
CVE-2022-28378
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-37246)
CVE-2022-37246
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-37247)
CVE-2022-37247
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-37248)
CVE-2022-37248
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-37250)
CVE-2022-37250
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-37251)
CVE-2022-37251
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-23927)
CVE-2023-23927
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-2817)
CVE-2023-2817
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-30177)
CVE-2023-30177
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-31144)
CVE-2023-31144
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-33194)
CVE-2023-33194
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-33195)
CVE-2023-33195
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-33196)
CVE-2023-33196
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-33197)
CVE-2023-33197
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-33495)
CVE-2023-33495
CWE-707
Medium
«
1
...
20
21
22
...
313
»
