Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Web Application Vulnerabilities

This page lists 24637 vulnerabilities in 62 categories.

Critical: 1632 High: 13196 Medium: 8851 Low: 887 Information: 71
Vulnerability Name
CVE
CWE
Severity
Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-30130)
CVE-2023-30130
CWE-94
High
Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-30179)
CVE-2023-30179
CWE-94
High
Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-41892)
CVE-2023-41892
CWE-94
Critical
Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-56145)
CVE-2024-56145
CWE-94
Critical
Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2025-23209)
CVE-2025-23209
CWE-94
High
Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2025-54417)
CVE-2025-54417
CWE-94
High
Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-28783)
CVE-2026-28783
CWE-94
Critical
Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-31857)
CVE-2026-31857
CWE-94
High
Craft CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-52291)
CVE-2024-52291
CWE-22
High
Craft CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-52293)
CVE-2024-52293
CWE-22
High
Craft CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2026-32262)
CVE-2026-32262
CWE-22
Medium
Craft CMS Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2021-41824)
CVE-2021-41824
CWE-1236
High
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-8052)
CVE-2017-8052
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-8384)
CVE-2017-8384
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-9516)
CVE-2017-9516
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-20418)
CVE-2018-20418
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-12823)
CVE-2019-12823
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-17496)
CVE-2019-17496
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-9554)
CVE-2019-9554
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-19626)
CVE-2020-19626
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-27902)
CVE-2021-27902
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-32470)
CVE-2021-32470
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-28378)
CVE-2022-28378
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-37246)
CVE-2022-37246
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-37247)
CVE-2022-37247
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-37248)
CVE-2022-37248
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-37250)
CVE-2022-37250
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-37251)
CVE-2022-37251
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-23927)
CVE-2023-23927
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-2817)
CVE-2023-2817
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-30177)
CVE-2023-30177
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-31144)
CVE-2023-31144
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-33194)
CVE-2023-33194
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-33195)
CVE-2023-33195
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-33196)
CVE-2023-33196
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-33197)
CVE-2023-33197
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-33495)
CVE-2023-33495
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-36259)
CVE-2023-36259
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-45406)
CVE-2024-45406
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-25491)
CVE-2026-25491
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-25496)
CVE-2026-25496
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-27126)
CVE-2026-27126
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-31859)
CVE-2026-31859
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-33051)
CVE-2026-33051
CWE-707
Medium
Craft CMS Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2020-9757)
CVE-2020-9757
CWE-138
High
Craft CMS Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-32679)
CVE-2023-32679
CWE-138
High
Craft CMS Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-36260)
CVE-2023-36260
CWE-138
High
Craft CMS Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-40035)
CVE-2023-40035
CWE-138
High
Craft CMS Improper Neutralization of Special Elements Used in a Template Engine Vulnerability (CVE-2025-46731)
CVE-2025-46731
CWE-138
High
Craft CMS Improper Neutralization of Special Elements Used in a Template Engine Vulnerability (CVE-2025-57811)
CVE-2025-57811
CWE-138
High
Craft CMS Improper Neutralization of Special Elements Used in a Template Engine Vulnerability (CVE-2025-68454)
CVE-2025-68454
CWE-138
High
Craft CMS Improper Neutralization of Special Elements Used in a Template Engine Vulnerability (CVE-2026-28695)
CVE-2026-28695
CWE-138
High
Craft CMS Improper Neutralization of Special Elements Used in a Template Engine Vulnerability (CVE-2026-28697)
CVE-2026-28697
CWE-138
Critical
Craft CMS Improper Neutralization of Special Elements Used in a Template Engine Vulnerability (CVE-2026-28784)
CVE-2026-28784
CWE-138
High
Craft CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-37843)
CVE-2024-37843
CWE-138
Critical
Craft CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-25495)
CVE-2026-25495
CWE-138
High
Craft CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-31858)
CVE-2026-31858
CWE-138
High
Craft CMS Incorrect Authorization Vulnerability (CVE-2026-32267)
CVE-2026-32267
CWE-863
Critical
Craft CMS Missing Authentication for Critical Function Vulnerability (CVE-2026-33159)
CVE-2026-33159
CWE-306
Medium
Craft CMS Missing Encryption of Sensitive Data Vulnerability (CVE-2018-20465)
CVE-2018-20465
CWE-311
High
Craft CMS Missing Encryption of Sensitive Data Vulnerability (CVE-2022-37783)
CVE-2022-37783
CWE-311
High
Craft CMS Other Vulnerability (CVE-2025-35939)
CVE-2025-35939
-
Medium
Craft CMS RCE (CVE-2023-41892)
CVE-2023-41892
CWE-94
Critical
Craft CMS RCE (CVE-2025-32432)
CVE-2025-32432
CWE-470
Critical
Craft CMS register_argc_argv RCE (CVE-2024-56145)
CVE-2024-56145
CWE-94
Critical
Craft CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-68437)
CVE-2025-68437
CWE-918
Medium
Craft CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2026-25492)
CVE-2026-25492
CWE-918
Medium
Craft CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2026-25493)
CVE-2026-25493
CWE-918
Medium
Craft CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2026-25494)
CVE-2026-25494
CWE-918
Medium
Craft CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2026-27129)
CVE-2026-27129
CWE-918
Medium
Craft CMS Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2026-27127)
CVE-2026-27127
CWE-367
Medium
Craft CMS Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2026-27128)
CVE-2026-27128
CWE-367
Medium
Craft CMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-3814)
CVE-2018-3814
CWE-434
High
Craft CMS Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') Vulnerability (CVE-2025-68455)
CVE-2025-68455
CWE-470
High
Craft CMS Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') Vulnerability (CVE-2026-25498)
CVE-2026-25498
CWE-470
High