Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Web Application Vulnerabilities

This page lists 24637 vulnerabilities in 62 categories.

Critical: 1632 High: 13196 Medium: 8851 Low: 887 Information: 71
Vulnerability Name
CVE
CWE
Severity
CKEditor Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2021-26271)
CVE-2021-26271
CWE-829
Medium
CKEditor Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2021-26272)
CVE-2021-26272
CWE-829
Medium
CKEditor Other Vulnerability (CVE-2022-24729)
CVE-2022-24729
-
High
CKEditor Uncontrolled Resource Consumption Vulnerability (CVE-2021-21254)
CVE-2021-21254
CWE-400
Medium
CKEditor Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-31541)
CVE-2023-31541
CWE-434
Critical
Claroline Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-3262)
CVE-2008-3262
CWE-352
Medium
Claroline Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3716)
CVE-2011-3716
CWE-200
Medium
Claroline Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2006-4844)
CVE-2006-4844
CWE-94
Medium
Claroline Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2008-3261)
CVE-2008-3261
CWE-59
Medium
Claroline Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-3260)
CVE-2008-3260
CWE-707
Medium
Claroline Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-3315)
CVE-2008-3315
CWE-707
Medium
Claroline Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-1907)
CVE-2009-1907
CWE-707
Medium
Claroline Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-4753)
CVE-2013-4753
CWE-707
Low
Claroline Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-6267)
CVE-2013-6267
CWE-707
Medium
Claroline Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-37160)
CVE-2022-37160
CWE-707
Medium
Claroline Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-37161)
CVE-2022-37161
CWE-707
Medium
Claroline Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-37162)
CVE-2022-37162
CWE-707
Medium
Claroline Other Vulnerability (CVE-2005-1374)
CVE-2005-1374
-
Medium
Claroline Other Vulnerability (CVE-2005-1375)
CVE-2005-1375
-
High
Claroline Other Vulnerability (CVE-2005-1376)
CVE-2005-1376
-
High
Claroline Other Vulnerability (CVE-2005-1377)
CVE-2005-1377
-
High
Claroline Other Vulnerability (CVE-2006-0411)
CVE-2006-0411
-
Critical
Claroline Other Vulnerability (CVE-2006-1594)
CVE-2006-1594
-
High
Claroline Other Vulnerability (CVE-2006-1595)
CVE-2006-1595
-
Medium
Claroline Other Vulnerability (CVE-2006-1596)
CVE-2006-1596
-
High
Claroline Other Vulnerability (CVE-2006-2284)
CVE-2006-2284
-
Medium
Claroline Other Vulnerability (CVE-2006-2868)
CVE-2006-2868
-
Medium
Claroline Other Vulnerability (CVE-2006-3257)
CVE-2006-3257
-
Medium
Claroline Other Vulnerability (CVE-2006-5256)
CVE-2006-5256
-
High
Claroline Other Vulnerability (CVE-2006-7048)
CVE-2006-7048
-
High
Claroline Other Vulnerability (CVE-2007-3517)
CVE-2007-3517
-
Medium
Claroline Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-37159)
CVE-2022-37159
CWE-434
Critical
Cleo Harmony/VLTrader/LexiCom RCE (CVE-2024-50623, CVE-2024-55956)
CVE-2024-55956
CWE-434
Critical
Clickjacking: CSP frame-ancestors missing
-
CWE-1021
Low
Client Side Template Injection
-
CWE-116
High
Client-Side Prototype Pollution
-
-
High
ClipBucket Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3717)
CVE-2011-3717
CWE-200
Medium
ClipBucket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-6642)
CVE-2012-6642
CWE-707
Medium
ClipBucket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-6644)
CVE-2012-6644
CWE-707
Medium
ClipBucket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-4673)
CVE-2015-4673
CWE-707
Medium
ClipBucket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-1000307)
CVE-2016-1000307
CWE-707
Medium
ClipBucket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-4848)
CVE-2016-4848
CWE-707
Medium
ClipBucket Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2018-7664)
CVE-2018-7664
CWE-138
Critical
ClipBucket Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-5849)
CVE-2012-5849
CWE-138
High
ClipBucket Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-6643)
CVE-2012-6643
CWE-138
High
ClipBucket Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-7666)
CVE-2018-7666
CWE-138
Critical
ClipBucket Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2013-10040)
CVE-2013-10040
CWE-434
Critical
ClipBucket Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-7665)
CVE-2018-7665
CWE-434
Critical
Clockwork PHP dev tool enabled
-
CWE-200
Medium
Cloud metadata publicly exposed
-
CWE-918
High
CloudPanel file-manager Auth bypass (CVE-2023-35885)
CVE-2023-35885
CWE-565
Critical
Cmd hijack vulnerability
-
CWE-94
High
Code Evaluation (Apache Struts) S2-016
CVE-2013-2251
CWE-20
Critical
Code Evaluation (Apache Struts) S2-045
CVE-2017-5638
CWE-94
Critical
Code Evaluation (Apache Struts) S2-046
CVE-2017-5638
CWE-94
High
Code Evaluation (ASP)
-
CWE-95
Critical
Code Evaluation (Perl)
-
CWE-94
Critical
Code Evaluation (PHP)
-
CWE-94
Critical
Code Evaluation (Python)
-
CWE-95
Critical
Code Evaluation (Ruby)
-
CWE-94
Critical
Code Execution via WebDav
-
CWE-434
High
CodeIgniter 2.1.3 xss_clean() filter bypass
CVE-2013-4891
CWE-80
High
CodeIgniter development mode enabled
-
CWE-489
Medium
CodeIgniter session decoding vulnerability
-
CWE-327
High
CodeIgniter weak encryption key
-
CWE-200
High
ColdFusion 8 FCKEditor file upload vulnerability
CVE-2009-2265
CWE-22
High
ColdFusion 9 solr service exposed
CVE-2010-0185
CWE-306
High
ColdFusion Access Control bypass (CVE-2023-29298/CVE-2023-38205)
CVE-2023-38205
CWE-284
High
ColdFusion administrator login page publicly available
-
CWE-200
Low
ColdFusion AMF Deserialization RCE
CVE-2017-3066
CWE-502
High
ColdFusion Arbitrary File Upload
CVE-2018-15961
CWE-434
High
ColdFusion CFC Deserialization RCE (CVE-2023-26359/CVE-2023-26360)
CVE-2023-26360
CWE-502
High
ColdFusion directory traversal
CVE-2010-2861
CWE-22
High
ColdFusion FlashGateway Deserialization RCE CVE-2019-7091
CVE-2019-7091
CWE-502
High
ColdFusion JNDI injection RCE
CVE-2018-15957
CWE-502
High