Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Web Application Vulnerabilities

This page lists 24302 vulnerabilities in 62 categories.

Critical: 1589 High: 13053 Medium: 8721 Low: 870 Information: 69
Vulnerability Name
CVE
CWE
Severity
Contao Improper Encoding or Escaping of Output Vulnerability (CVE-2019-19714)
CVE-2019-19714
CWE-116
Medium
Contao Improper Input Validation Vulnerability (CVE-2020-25768)
CVE-2020-25768
CWE-20
Medium
Contao Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2015-0269)
CVE-2015-0269
CWE-22
Medium
Contao Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-10993)
CVE-2017-10993
CWE-22
High
Contao Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-29200)
CVE-2023-29200
CWE-22
Medium
Contao Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-45604)
CVE-2024-45604
CWE-22
Medium
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-0508)
CVE-2011-0508
CWE-707
Medium
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4335)
CVE-2011-4335
CWE-707
Medium
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-10125)
CVE-2018-10125
CWE-707
Medium
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-5478)
CVE-2018-5478
CWE-707
Medium
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-35210)
CVE-2021-35210
CWE-707
Medium
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-35955)
CVE-2021-35955
CWE-707
Medium
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-24899)
CVE-2022-24899
CWE-707
Medium
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-36806)
CVE-2023-36806
CWE-707
Medium
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-28190)
CVE-2024-28190
CWE-707
Medium
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-45965)
CVE-2024-45965
CWE-707
Medium
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-29790)
CVE-2025-29790
CWE-707
Medium
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-65961)
CVE-2025-65961
CWE-707
Medium
Contao Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2024-28191)
CVE-2024-28191
CWE-138
Medium
Contao Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2024-45612)
CVE-2024-45612
CWE-138
Medium
Contao Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-4383)
CVE-2012-4383
CWE-138
High
Contao Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-16558)
CVE-2017-16558
CWE-138
Critical
Contao Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-11512)
CVE-2019-11512
CWE-138
Critical
Contao Improper Privilege Management Vulnerability (CVE-2021-37627)
CVE-2021-37627
CWE-269
High
Contao Improper Privilege Management Vulnerability (CVE-2025-57759)
CVE-2025-57759
CWE-269
Medium
Contao Incorrect Default Permissions Vulnerability (CVE-2019-19712)
CVE-2019-19712
CWE-276
Medium
Contao Insufficient Session Expiration Vulnerability (CVE-2024-30262)
CVE-2024-30262
CWE-613
High
Contao Insufficient Type Distinction Vulnerability (CVE-2025-65960)
CVE-2025-65960
CWE-351
Medium
Contao Key Management Errors Vulnerability (CVE-2019-10643)
CVE-2019-10643
-
Critical
Contao Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-19745)
CVE-2019-19745
CWE-434
High
Contao Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2024-45398)
CVE-2024-45398
CWE-434
High
Contao Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2019-10641)
CVE-2019-10641
CWE-640
Critical
Content Security Policy (CSP) Contains Out of Scope report-uri Domain
-
CWE-358
Information
Content Security Policy (CSP) Keywords Not Used Within Single Quotes
-
CWE-942
Information
Content Security Policy (CSP) Nonce Value Not Used Within Single Quotes
-
CWE-358
Information
Content Security Policy (CSP) Nonce Without Matching Script Block
-
CWE-358
Information
Content Security Policy (CSP) Not Implemented
-
CWE-1021
Information
Content Security Policy (CSP) report-uri Uses HTTP
-
CWE-319
Information
Content Security Policy Misconfiguration
-
CWE-358
Information
Content-Security-Policy-Report-Only Cannot Be Declared Between META Tags
-
CWE-358
Information
Content-Security-Policy-Report-Only Cannot Be Declared Without report-uri Directive
-
CWE-358
Information
Cookie signed with weak secret key
-
CWE-693
Medium
Cookies Not Marked as HttpOnly
-
CWE-1004
Low
Cookies Not Marked as Secure
-
CWE-614
Low
Cookies with missing, inconsistent or contradictory properties
-
CWE-732
Low
Cookies with Secure flag set over insecure connection
-
CWE-614
Information
Coppermine Cross-site Scripting (XSS) Vulnerability (CVE-2015-3921)
CVE-2015-3921
-
Low
Coppermine Cross-site Scripting (XSS) Vulnerability (CVE-2018-14478)
CVE-2018-14478
-
Medium
Coppermine Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-7187)
CVE-2008-7187
CWE-200
Medium
Coppermine Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3722)
CVE-2011-3722
CWE-200
Medium
Coppermine Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1614)
CVE-2012-1614
CWE-200
Medium
Coppermine Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-3923)
CVE-2015-3923
CWE-200
Medium
Coppermine Improper Authentication Vulnerability (CVE-2005-3979)
CVE-2005-3979
CWE-287
Medium
Coppermine Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-3481)
CVE-2008-3481
CWE-94
High
Coppermine Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-3486)
CVE-2008-3486
CWE-22
High
Coppermine Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-4667)
CVE-2010-4667
CWE-707
Medium
Coppermine Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-4693)
CVE-2010-4693
CWE-707
Medium
Coppermine Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-2476)
CVE-2011-2476
CWE-707
Medium
Coppermine Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-1613)
CVE-2012-1613
CWE-707
Low
Coppermine Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-4612)
CVE-2014-4612
CWE-707
Medium
Coppermine Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-0504)
CVE-2008-0504
CWE-138
Medium
Coppermine Multiple Cross-site Scripting (XSS) Vulnerabilities (CVE-2015-6528)
CVE-2015-6528
-
Medium
Coppermine Open Redirection Vulnerability (CVE-2015-3922)
CVE-2015-3922
-
Medium
Coppermine Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-7186)
CVE-2008-7186
CWE-264
Medium
Coppermine Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-53868)
CVE-2023-53868
CWE-434
High
Core dump checker PHP script
-
CWE-200
Medium
Core dump file
-
CWE-200
High
CouchDB REST API publicly accessible
-
CWE-285
High
cPanel XSS (CVE-2023-29489)
CVE-2023-29489
CWE-79
Medium
Craft CMS Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2025-68456)
CVE-2025-68456
CWE-770
Critical
Craft CMS Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2026-25497)
CVE-2026-25497
CWE-639
High
Craft CMS Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2026-28696)
CVE-2026-28696
CWE-639
High
Craft CMS Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2026-28781)
CVE-2026-28781
CWE-639
Medium
Craft CMS Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2026-28782)
CVE-2026-28782
CWE-639
Medium
Craft CMS Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2026-29069)
CVE-2026-29069
CWE-639
Medium