Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Web Application Vulnerabilities

This page lists 24302 vulnerabilities in 62 categories.

Critical: 1589 High: 13053 Medium: 8721 Low: 870 Information: 69
Vulnerability Name
CVE
CWE
Severity
CubeCart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-59412)
CVE-2025-59412
CWE-707
Medium
CubeCart Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2023-47675)
CVE-2023-47675
CWE-138
High
CubeCart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-4060)
CVE-2009-4060
CWE-138
High
CubeCart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2010-1931)
CVE-2010-1931
CWE-138
High
CubeCart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2010-4903)
CVE-2010-4903
CWE-138
High
CubeCart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-20716)
CVE-2018-20716
CWE-138
Critical
CubeCart Insufficient Session Expiration Vulnerability (CVE-2025-59335)
CVE-2025-59335
CWE-613
High
CubeCart Missing Authorization Vulnerability (CVE-2025-59413)
CVE-2025-59413
CWE-862
Medium
CubeCart Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-3904)
CVE-2009-3904
CWE-264
High
CubeCart Session Fixation Vulnerability (CVE-2021-33394)
CVE-2021-33394
CWE-384
Medium
CubeCart Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2024-33438)
CVE-2024-33438
CWE-434
High
Custom Error Pages Are Not Configured in WEB-INF/web.xml
-
CWE-209
Medium
Custom Vulnerability Alert
-
CWE-0
High
CVS Detected
-
CWE-527
Medium
CWP (Control Web Panel) < 0.9.8.1205 - Remote Code Execution (CVE-2025-48703)
CVE-2025-48703
CWE-78
Critical
CyberPanel RCE (CVE-2024-51567/CVE-2024-51568/CVE-2024-51378)
CVE-2024-51378
CWE-306
Critical
D-Link NAS Backdoor Account RCE (CVE-2024-3273, CVE-2024-3272)
CVE-2024-3272
CWE-77
Critical
D3.js Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-16044)
CVE-2017-16044
CWE-200
High
Data Binding Expression Vulnerability in Spring Web Flow
CVE-2017-4971
CWE-78
High
data: Used in a Content Security Policy (CSP) Directive
-
CWE-942
Information
Database User Has Admin Privileges
-
CWE-267
High
datatables Cross-site Scripting (XSS) Vulnerability (CVE-2015-6584)
CVE-2015-6584
-
Medium
DataTables Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2025-11031)
CVE-2025-11031
CWE-22
Medium
DataTables Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-23445)
CVE-2021-23445
CWE-707
Medium
DataTables Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-36713)
CVE-2021-36713
CWE-707
Medium
DataTables Prototype Pollution Vulnerability (CVE-2020-28458)
CVE-2020-28458
-
High
default-src Used in Content Security Policy (CSP)
-
CWE-942
Information
Delve Debugger Unauthorized Access Vulnerability
-
CWE-200
High
Deprecated Header Instruction Used to Implement Content Security Policy (CSP)
-
CWE-358
Information
Deserialization of Untrusted Data (.NET BinaryFormatter Object Deserialization)
-
CWE-502
High
Deserialization of Untrusted Data (Java JSON Deserialization) Fastjson
-
CWE-502
High
Deserialization of Untrusted Data (Java JSON Deserialization) Genson
-
CWE-502
High
Deserialization of Untrusted Data (Java JSON Deserialization) Jackson
CVE-2017-7525
CWE-502
High
Deserialization of Untrusted Data (Java JSON Deserialization) JsonIO
-
CWE-502
High
Deserialization of Untrusted Data (Java Object Deserialization)
-
CWE-502
High
Deserialization of Untrusted Data (XStream)
CVE-2020-26217
CWE-502
High
Development configuration files
-
CWE-538
Medium
Devise weak password
-
CWE-200
High
Directory listings
-
CWE-538
Medium
Directory traversal
-
CWE-22
High
Directory Traversal (lib/translation.functions.php) (CMS Made Simple) v1.6.x
CVE-2010-2797
CWE-22
High
Directory Traversal (lib/translation.functions.php) (CMS Made Simple) v1.8.x
CVE-2010-2797
CWE-22
High
Directory Traversal with spring-cloud-config-server
CVE-2020-5410
CWE-22
High
Django 7PK - Security Features Vulnerability (CVE-2016-7401)
CVE-2016-7401
-
High
Django Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-6975)
CVE-2019-6975
CWE-770
High
Django Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-23969)
CVE-2023-23969
CWE-770
High
Django Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-46695)
CVE-2023-46695
CWE-770
High
Django Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-53907)
CVE-2024-53907
CWE-770
High
Django Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-56374)
CVE-2024-56374
CWE-770
High
Django Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2025-26699)
CVE-2025-26699
CWE-770
High
Django Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2025-27556)
CVE-2025-27556
CWE-770
High
Django Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2025-32873)
CVE-2025-32873
CWE-770
High
Django Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-25673)
CVE-2026-25673
CWE-770
High
Django Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-33034)
CVE-2026-33034
CWE-770
High
Django Authentication Bypass by Spoofing Vulnerability (CVE-2026-3902)
CVE-2026-3902
CWE-290
High
Django Cleartext Transmission of Sensitive Information Vulnerability (CVE-2019-12781)
CVE-2019-12781
CWE-319
Medium
Django Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2026-25674)
CVE-2026-25674
CWE-362
Low
Django Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-0696)
CVE-2011-0696
CWE-352
Medium
Django Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-4140)
CVE-2011-4140
CWE-352
Medium
Django CVE-2014-1418 Vulnerability (CVE-2014-1418)
CVE-2014-1418
-
Medium
Django CVE-2024-24680 Vulnerability (CVE-2024-24680)
CVE-2024-24680
-
High
Django CVE-2024-41989 Vulnerability (CVE-2024-41989)
CVE-2024-41989
-
High
Django CVE-2024-41990 Vulnerability (CVE-2024-41990)
CVE-2024-41990
-
High
Django CVE-2024-45230 Vulnerability (CVE-2024-45230)
CVE-2024-45230
-
High
Django CVE-2024-45231 Vulnerability (CVE-2024-45231)
CVE-2024-45231
-
Medium
Django Debug Mode Enabled
-
CWE-200
Medium
Django Debug Toolbar
-
CWE-200
Medium
Django DEPRECATED: Code Vulnerability (CVE-2015-0219)
CVE-2015-0219
-
Medium
Django DEPRECATED: Code Vulnerability (CVE-2015-0222)
CVE-2015-0222
-
Medium
Django Download of Code Without Integrity Check Vulnerability (CVE-2022-36359)
CVE-2022-36359
CWE-494
High
Django Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-45116)
CVE-2021-45116
CWE-668
High
Django Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-0305)
CVE-2013-0305
CWE-200
Medium
Django Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-8213)
CVE-2015-8213
CWE-200
Medium
Django Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2513)
CVE-2016-2513
CWE-200
Low
Django Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-6188)
CVE-2018-6188
CWE-200
High