Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.3.2229

Web Application Vulnerabilities

This page lists 24119 vulnerabilities in 70 categories.

Critical: 1560 High: 12984 Medium: 8644 Low: 865 Information: 66
Vulnerability Name
CVE
CWE
Severity
XWikiplatform Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-32969)
CVE-2025-32969
CWE-138
Critical
XWikiplatform Improper Removal of Sensitive Information Before Storage or Transfer Vulnerability (CVE-2025-58049)
CVE-2025-58049
CWE-212
High
XWikiplatform Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2026-26000)
CVE-2026-26000
CWE-1021
Medium
XWikiplatform Incorrect Authorization Vulnerability (CVE-2024-55662)
CVE-2024-55662
CWE-863
High
XWikiplatform Incorrect Authorization Vulnerability (CVE-2025-29924)
CVE-2025-29924
CWE-863
High
XWikiplatform Incorrect Authorization Vulnerability (CVE-2025-32971)
CVE-2025-32971
CWE-863
Low
XWikiplatform Incorrect Authorization Vulnerability (CVE-2025-49586)
CVE-2025-49586
CWE-863
High
XWikiplatform Incorrect Authorization Vulnerability (CVE-2025-53836)
CVE-2025-53836
CWE-863
High
XWikiplatform Incorrect Privilege Assignment Vulnerability (CVE-2025-49580)
CVE-2025-49580
CWE-266
High
XWikiplatform Insertion of Sensitive Information Into Sent Data Vulnerability (CVE-2025-49584)
CVE-2025-49584
CWE-201
High
XWikiplatform Insufficient UI Warning of Dangerous Operations Vulnerability (CVE-2025-49582)
CVE-2025-49582
CWE-357
High
XWikiplatform Insufficient UI Warning of Dangerous Operations Vulnerability (CVE-2025-49583)
CVE-2025-49583
CWE-357
Low
XWikiplatform Insufficient UI Warning of Dangerous Operations Vulnerability (CVE-2025-49585)
CVE-2025-49585
CWE-357
High
XWikiplatform Insufficient UI Warning of Dangerous Operations Vulnerability (CVE-2025-49587)
CVE-2025-49587
CWE-357
High
XWikiplatform Missing Authorization Vulnerability (CVE-2024-31981)
CVE-2024-31981
CWE-862
High
XWikiplatform Missing Authorization Vulnerability (CVE-2024-31983)
CVE-2024-31983
CWE-862
High
XWikiplatform Missing Authorization Vulnerability (CVE-2024-31987)
CVE-2024-31987
CWE-862
High
XWikiplatform Missing Authorization Vulnerability (CVE-2024-31997)
CVE-2024-31997
CWE-862
High
XWikiplatform Missing Authorization Vulnerability (CVE-2024-37898)
CVE-2024-37898
CWE-862
Medium
XWikiplatform Missing Authorization Vulnerability (CVE-2024-45591)
CVE-2024-45591
CWE-862
Medium
XWikiplatform Missing Authorization Vulnerability (CVE-2024-55876)
CVE-2024-55876
CWE-862
Medium
XWikiplatform Missing Authorization Vulnerability (CVE-2024-55879)
CVE-2024-55879
CWE-862
High
XWikiplatform Missing Authorization Vulnerability (CVE-2025-23025)
CVE-2025-23025
CWE-862
High
XWikiplatform Missing Authorization Vulnerability (CVE-2025-29926)
CVE-2025-29926
CWE-862
Critical
XWikiplatform Missing Authorization Vulnerability (CVE-2025-32973)
CVE-2025-32973
CWE-862
Critical
XWikiplatform Missing Authorization Vulnerability (CVE-2025-46554)
CVE-2025-46554
CWE-862
Medium
XWikiplatform Missing Authorization Vulnerability (CVE-2025-46557)
CVE-2025-46557
CWE-862
Critical
XWikiplatform Other Vulnerability (CVE-2024-46978)
CVE-2024-46978
-
Medium
XWikiplatform Other Vulnerability (CVE-2024-46979)
CVE-2024-46979
-
Medium
XWikiplatform Other Vulnerability (CVE-2025-29925)
CVE-2025-29925
-
Medium
XWikiplatform Other Vulnerability (CVE-2025-32783)
CVE-2025-32783
-
Medium
XWikiplatform Relative Path Traversal Vulnerability (CVE-2025-55747)
CVE-2025-55747
CWE-23
Critical
XWikiplatform Relative Path Traversal Vulnerability (CVE-2025-55748)
CVE-2025-55748
CWE-23
High
XWikiplatform URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2025-32970)
CVE-2025-32970
CWE-601
Medium
XWikiplatform Use of Password Hash With Insufficient Computational Effort Vulnerability (CVE-2024-31464)
CVE-2024-31464
CWE-916
Medium
XXE in Ivanti Connect Secure, Policy Secure and Neurons (CVE-2024-22024)
CVE-2024-22024
CWE-112
Medium
YetiForce CRM Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-4092)
CVE-2021-4092
CWE-352
Medium
YetiForce CRM Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-0269)
CVE-2022-0269
CWE-352
High
YetiForce CRM Improper Input Validation Vulnerability (CVE-2021-4111)
CVE-2021-4111
CWE-20
Medium
YetiForce CRM Improper Input Validation Vulnerability (CVE-2021-4117)
CVE-2021-4117
CWE-20
Medium
YetiForce CRM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-49508)
CVE-2023-49508
CWE-22
Medium
YetiForce CRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-4107)
CVE-2021-4107
CWE-707
Medium
YetiForce CRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-4116)
CVE-2021-4116
CWE-707
Medium
YetiForce CRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-4121)
CVE-2021-4121
CWE-707
Medium
YetiForce CRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-1340)
CVE-2022-1340
CWE-707
Medium
YetiForce CRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-2829)
CVE-2022-2829
CWE-707
Medium
YetiForce CRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-2885)
CVE-2022-2885
CWE-707
Medium
YetiForce CRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-2890)
CVE-2022-2890
CWE-707
Medium
YetiForce CRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-2924)
CVE-2022-2924
CWE-707
Medium
YetiForce CRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-3000)
CVE-2022-3000
CWE-707
Medium
YetiForce CRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-3002)
CVE-2022-3002
CWE-707
Medium
YetiForce CRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-3004)
CVE-2022-3004
CWE-707
Medium
YetiForce CRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-3005)
CVE-2022-3005
CWE-707
Medium
YetiForce CRM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-1411)
CVE-2022-1411
CWE-434
Medium
Yii debug mode enabled
-
CWE-16
Medium
Yii running in dev mode
-
CWE-16
Medium
Yii2 debug toolkit
-
CWE-200
Medium
Yii2 Gii extension
-
CWE-200
Medium
Yii2 weak secret key
-
CWE-693
Medium
YOURLS Access of Resource Using Incompatible Type ('Type Confusion') Vulnerability (CVE-2019-14537)
CVE-2019-14537
CWE-843
Critical
YOURLS Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-0088)
CVE-2022-0088
CWE-352
High
YOURLS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3824)
CVE-2011-3824
CWE-200
Medium
YOURLS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-8488)
CVE-2014-8488
CWE-707
Medium
YOURLS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-27388)
CVE-2020-27388
CWE-707
Medium
YOURLS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-3783)
CVE-2021-3783
CWE-707
Medium
YOURLS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-3785)
CVE-2021-3785
CWE-707
Medium
YOURLS Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2021-3734)
CVE-2021-3734
CWE-1021
High
YUI Library Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-4207)
CVE-2010-4207
CWE-707
Medium
YUI Library Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-4208)
CVE-2010-4208
CWE-707
Medium
YUI Library Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-4209)
CVE-2010-4209
CWE-707
Medium
YUI Library Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-4710)
CVE-2010-4710
CWE-707
Medium
YUI Library Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-5881)
CVE-2012-5881
CWE-707
Medium
YUI Library Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-5882)
CVE-2012-5882
CWE-707
Medium
YUI Library Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-5883)
CVE-2012-5883
CWE-707
Medium
YUI Library Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-4939)
CVE-2013-4939
CWE-707
Medium