Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Web Application Vulnerabilities

This page lists 24302 vulnerabilities in 62 categories.

Critical: 1589 High: 13053 Medium: 8721 Low: 870 Information: 69
Vulnerability Name
CVE
CWE
Severity
CodeIgniter 2.1.3 xss_clean() filter bypass
CVE-2013-4891
CWE-80
High
CodeIgniter development mode enabled
-
CWE-489
Medium
CodeIgniter session decoding vulnerability
-
CWE-327
High
CodeIgniter weak encryption key
-
CWE-200
High
ColdFusion 8 FCKEditor file upload vulnerability
CVE-2009-2265
CWE-22
High
ColdFusion 9 solr service exposed
CVE-2010-0185
CWE-306
High
ColdFusion Access Control bypass (CVE-2023-29298/CVE-2023-38205)
CVE-2023-38205
CWE-284
High
ColdFusion administrator login page publicly available
-
CWE-200
Low
ColdFusion AMF Deserialization RCE
CVE-2017-3066
CWE-502
High
ColdFusion Arbitrary File Upload
CVE-2018-15961
CWE-434
High
ColdFusion CFC Deserialization RCE (CVE-2023-26359/CVE-2023-26360)
CVE-2023-26360
CWE-502
High
ColdFusion directory traversal
CVE-2010-2861
CWE-22
High
ColdFusion FlashGateway Deserialization RCE CVE-2019-7091
CVE-2019-7091
CWE-502
High
ColdFusion JNDI injection RCE
CVE-2018-15957
CWE-502
High
ColdFusion path disclosures
-
CWE-200
Low
ColdFusion PMS Arbitrary File Read (CVE-2024-20767)
CVE-2024-20767
CWE-284
High
ColdFusion RDS Service enabled
-
CWE-200
Low
ColdFusion Request Debugging information disclosure
-
CWE-200
Medium
ColdFusion Robust Exception enabled
-
CWE-200
Medium
ColdFusion User-Agent cross-site scripting
CVE-2007-0817
CWE-79
High
ColdFusion WDDX Deserialization RCE (CVE-2023-29300/CVE-2023-38203/CVE-2023-38204)
CVE-2023-38204
CWE-502
Critical
ColdFusion WDDX Deserialization RCE (CVE-2023-44353)
CVE-2023-44353
CWE-502
Critical
ColdFusion XSS (CVE-2023-44352)
CVE-2023-44352
CWE-79
Medium
Collabtive Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2010-5285)
CVE-2010-5285
CWE-352
Medium
Collabtive Improper Input Validation Vulnerability (CVE-2012-2670)
CVE-2012-2670
CWE-20
Medium
Collabtive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-5284)
CVE-2010-5284
CWE-707
Medium
Collabtive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-3247)
CVE-2014-3247
CWE-707
Medium
Collabtive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8935)
CVE-2019-8935
CWE-707
Medium
Collabtive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13655)
CVE-2020-13655
CWE-707
Medium
Collabtive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-3298)
CVE-2021-3298
CWE-707
Medium
Collabtive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-46240)
CVE-2024-46240
CWE-707
Medium
Collabtive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-48706)
CVE-2024-48706
CWE-707
Medium
Collabtive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-48707)
CVE-2024-48707
CWE-707
Medium
Collabtive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-48708)
CVE-2024-48708
CWE-707
Medium
Collabtive Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2010-4269)
CVE-2010-4269
CWE-138
High
Collabtive Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-6872)
CVE-2013-6872
CWE-138
Medium
Collabtive Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-3246)
CVE-2014-3246
CWE-138
Medium
Collabtive Improper Privilege Management Vulnerability (CVE-2013-5027)
CVE-2013-5027
CWE-269
Critical
Collabtive Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2015-0258)
CVE-2015-0258
CWE-434
High
Command Injection
-
CWE-94
Critical
Composer installed.json publicly accessible
-
CWE-200
Low
concrete5 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-8082)
CVE-2017-8082
CWE-352
Medium
concrete5 CVE-2020-14961 Vulnerability (CVE-2020-14961)
CVE-2020-14961
-
Medium
concrete5 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-5107)
CVE-2014-5107
CWE-200
Medium
concrete5 Improper Input Validation Vulnerability (CVE-2017-18195)
CVE-2017-18195
CWE-20
Medium
concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-5181)
CVE-2012-5181
CWE-707
Medium
concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-5108)
CVE-2014-5108
CWE-707
Medium
concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-9526)
CVE-2014-9526
CWE-707
Medium
concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-2250)
CVE-2015-2250
CWE-707
Medium
concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-3989)
CVE-2015-3989
CWE-707
Medium
concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-4721)
CVE-2015-4721
CWE-707
Medium
concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-6905)
CVE-2017-6905
CWE-707
Medium
concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-6908)
CVE-2017-6908
CWE-707
Medium
concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-7725)
CVE-2017-7725
CWE-707
Medium
concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-19146)
CVE-2018-19146
CWE-707
Medium
concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-3111)
CVE-2021-3111
CWE-707
Low
concrete5 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2015-4724)
CVE-2015-4724
CWE-138
High
concrete5 Server-Side Request Forgery (SSRF) Vulnerability (CVE-2018-13790)
CVE-2018-13790
CWE-918
High
concrete5 Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-22958)
CVE-2021-22958
CWE-918
Critical
concrete5 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-11476)
CVE-2020-11476
CWE-434
High
concrete5 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-24986)
CVE-2020-24986
CWE-434
High
Configuration file disclosure
-
CWE-538
High
Configuration file source code disclosure
-
CWE-538
High
Confluence Widget Connector SSTI
CVE-2019-3396
CWE-22
High
Consul API publicly exposed
-
CWE-200
High
Contao Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-1297)
CVE-2012-1297
CWE-352
Medium
Contao Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-10642)
CVE-2019-10642
CWE-352
High
Contao CVE-2018-20028 Vulnerability (CVE-2018-20028)
CVE-2018-20028
-
Medium
Contao CVE-2024-28234 Vulnerability (CVE-2024-28234)
CVE-2024-28234
-
Medium
Contao CVE-2024-28235 Vulnerability (CVE-2024-28235)
CVE-2024-28235
-
Medium
Contao Deserialization of Untrusted Data Vulnerability (CVE-2014-1860)
CVE-2014-1860
CWE-502
Critical
Contao Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-57756)
CVE-2025-57756
CWE-200
Medium
Contao Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-57757)
CVE-2025-57757
CWE-200
Medium
Contao Improper Access Control Vulnerability (CVE-2025-57758)
CVE-2025-57758
CWE-284
Medium
Contao Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-37626)
CVE-2021-37626
CWE-94
High