Platform
Solutions
Pricing
Why Invicti
Resources Library
Get a demo
Home
/
Web Application Vulnerabilities
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
Web Application Vulnerabilities
This page lists
23441 vulnerabilities
in
68 categories
.
Critical: 1499
High: 12791
Medium: 8230
Low: 857
Information: 64
Vulnerability Name
CVE
CWE
Severity
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-36259)
CVE-2023-36259
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-45406)
CVE-2024-45406
CWE-707
Medium
Craft CMS Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2020-9757)
CVE-2020-9757
CWE-138
High
Craft CMS Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-32679)
CVE-2023-32679
CWE-138
High
Craft CMS Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-36260)
CVE-2023-36260
CWE-138
High
Craft CMS Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-40035)
CVE-2023-40035
CWE-138
High
Craft CMS Improper Neutralization of Special Elements Used in a Template Engine Vulnerability (CVE-2025-46731)
CVE-2025-46731
CWE-138
High
Craft CMS Improper Neutralization of Special Elements Used in a Template Engine Vulnerability (CVE-2025-57811)
CVE-2025-57811
CWE-138
High
Craft CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-37843)
CVE-2024-37843
CWE-138
Critical
Craft CMS Missing Encryption of Sensitive Data Vulnerability (CVE-2018-20465)
CVE-2018-20465
CWE-311
High
Craft CMS Missing Encryption of Sensitive Data Vulnerability (CVE-2022-37783)
CVE-2022-37783
CWE-311
High
Craft CMS Other Vulnerability (CVE-2025-35939)
CVE-2025-35939
-
Medium
Craft CMS RCE (CVE-2023-41892)
CVE-2023-41892
CWE-94
Critical
Craft CMS RCE (CVE-2025-32432)
CVE-2025-32432
CWE-470
Critical
Craft CMS register_argc_argv RCE (CVE-2024-56145)
CVE-2024-56145
CWE-94
Critical
Craft CMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-3814)
CVE-2018-3814
CWE-434
High
Craft CMS Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2017-8385)
CVE-2017-8385
CWE-640
Medium
Craft CMS Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2019-15929)
CVE-2019-15929
CWE-640
Critical
Craft CMS Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2022-29933)
CVE-2022-29933
CWE-640
High
CRIME SSL/TLS attack
CVE-2012-4929
CWE-310
Medium
CRLF injection/HTTP response splitting (Web Server)
-
CWE-113
Medium
CRMEB SQL Injection (CVE-2024-36837)
CVE-2024-36837
CWE-89
High
Cross frame scripting
-
CWE-79
Medium
Cross Site Scripting (Category Description) (CMS Made Simple)
CVE-2017-6555
CWE-79
Medium
Cross Site Scripting (globalmetadata) (CMS Made Simple)
CVE-2017-6556
CWE-79
Medium
Cross site scripting (requiring unencoded quote)
-
CWE-79
Low
Cross site scripting (requiring unencoded tag delimiter)
-
CWE-79
Information
Cross site scripting (XSS) in ASP.NET via ResolveUrl
-
CWE-79
High
Cross site scripting in HTTP-01 ACME challenge implementation
-
CWE-79
High
Cross site scripting via Bootstrap
-
CWE-79
High
Cross-Site Request Forgery (CSRF) (CMS Made Simple)
CVE-2016-7904
CWE-352
Medium
Cross-site Scripting
-
CWE-79
High
Cross-site Scripting (DOM based)
-
CWE-79
High
Cross-site Scripting via File Upload
-
CWE-79
High
Cross-site Scripting via Remote File Inclusion
-
CWE-79
High
Cross-site scripting vulnerability in Google Web Toolkit
CVE-2012-4563
CWE-80
High
Cross-site scripting vulnerability in Google Web Toolkit (CVE-2012-5920)
CVE-2012-5920
CWE-80
High
CrushFTP Authentication Bypass (CVE-2025-2825)
CVE-2025-2825
CWE-287
Critical
CrushFTP Server Deserialization of Untrusted Data Vulnerability (CVE-2017-14035)
CVE-2017-14035
CWE-502
Critical
CrushFTP Server Improper Control of Dynamically-Managed Code Resources Vulnerability (CVE-2023-43177)
CVE-2023-43177
CWE-913
Critical
CrushFTP Server Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-4040)
CVE-2024-4040
CWE-94
Critical
CrushFTP Server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2025-32103)
CVE-2025-32103
CWE-22
Medium
CrushFTP Server Improper Neutralization of CRLF Sequences ('CRLF Injection') Vulnerability (CVE-2017-14037)
CVE-2017-14037
CWE-707
Medium
CrushFTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-14036)
CVE-2017-14036
CWE-707
Medium
CrushFTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-44076)
CVE-2021-44076
CWE-707
Medium
CrushFTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-22910)
CVE-2024-22910
CWE-707
Medium
CrushFTP Server Improper Validation of Integrity Check Value Vulnerability (CVE-2023-48795)
CVE-2023-48795
CWE-354
Medium
CrushFTP Server Other Vulnerability (CVE-2025-31161)
CVE-2025-31161
-
Critical
CrushFTP Server Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-32102)
CVE-2025-32102
CWE-918
Medium
CrushFTP Server Unprotected Alternate Channel Vulnerability (CVE-2025-54309)
CVE-2025-54309
CWE-420
Critical
CrushFTP Server URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-14038)
CVE-2017-14038
CWE-601
Medium
CrushFTP Server URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-18288)
CVE-2018-18288
CWE-601
Medium
CrushFTP Server Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2024-53552)
CVE-2024-53552
CWE-640
Critical
CrushFTP SSTI (CVE-2024-4040)
CVE-2024-4040
CWE-94
Critical
CubeCart Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-38130)
CVE-2023-38130
CWE-352
High
CubeCart Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3724)
CVE-2011-3724
CWE-200
Medium
CubeCart Improper Access Control Vulnerability (CVE-2015-6928)
CVE-2015-6928
CWE-284
Medium
CubeCart Improper Authentication Vulnerability (CVE-2014-2341)
CVE-2014-2341
CWE-287
Medium
CubeCart Improper Input Validation Vulnerability (CVE-2012-0865)
CVE-2012-0865
CWE-20
Medium
CubeCart Improper Input Validation Vulnerability (CVE-2013-1465)
CVE-2013-1465
CWE-20
High
CubeCart Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-2090)
CVE-2017-2090
CWE-22
Medium
CubeCart Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-2098)
CVE-2017-2098
CWE-22
Medium
CubeCart Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-2117)
CVE-2017-2117
CWE-22
Medium
CubeCart Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-42428)
CVE-2023-42428
CWE-22
Medium
CubeCart Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-47283)
CVE-2023-47283
CWE-22
Medium
CubeCart Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-34832)
CVE-2024-34832
CWE-22
Critical
CubeCart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-1550)
CVE-2008-1550
CWE-707
Medium
CubeCart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-20703)
CVE-2018-20703
CWE-707
Medium
CubeCart Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2023-47675)
CVE-2023-47675
CWE-138
High
CubeCart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-4060)
CVE-2009-4060
CWE-138
High
CubeCart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2010-1931)
CVE-2010-1931
CWE-138
High
CubeCart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2010-4903)
CVE-2010-4903
CWE-138
High
CubeCart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-20716)
CVE-2018-20716
CWE-138
Critical
CubeCart Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-3904)
CVE-2009-3904
CWE-264
High
CubeCart Session Fixation Vulnerability (CVE-2021-33394)
CVE-2021-33394
CWE-384
Medium
«
1
...
21
22
23
...
313
»
