Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Web Application Vulnerabilities

This page lists 24302 vulnerabilities in 62 categories.

Critical: 1589 High: 13053 Medium: 8721 Low: 870 Information: 69
Vulnerability Name
CVE
CWE
Severity
Envoy Proxy Use of Incorrectly-Resolved Name or Reference Vulnerability (CVE-2019-9901)
CVE-2019-9901
CWE-706
Critical
Envoy Wrong DOWNSTREAM_REMOTE_ADDRESS logged Issue (CVE-2020-35470)
CVE-2020-35470
-
High
Error page path disclosure
-
CWE-200
Low
Error page web server version disclosure
-
CWE-200
Information
EspoCRM Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2020-37094)
CVE-2020-37094
CWE-639
Critical
EspoCRM Cleartext Transmission of Sensitive Information Vulnerability (CVE-2022-38846)
CVE-2022-38846
CWE-319
Medium
EspoCRM Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-32789)
CVE-2025-32789
CWE-200
Low
EspoCRM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-7985)
CVE-2014-7985
CWE-22
Critical
EspoCRM Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2022-38844)
CVE-2022-38844
CWE-1236
High
EspoCRM Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2022-38845)
CVE-2022-38845
CWE-1236
Medium
EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-7987)
CVE-2014-7987
CWE-707
Medium
EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-17301)
CVE-2018-17301
CWE-707
Medium
EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-17302)
CVE-2018-17302
CWE-707
Medium
EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-13643)
CVE-2019-13643
CWE-707
Medium
EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14329)
CVE-2019-14329
CWE-707
Medium
EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14330)
CVE-2019-14330
CWE-707
Medium
EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14331)
CVE-2019-14331
CWE-707
Medium
EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14349)
CVE-2019-14349
CWE-707
Medium
EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14350)
CVE-2019-14350
CWE-707
Medium
EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14546)
CVE-2019-14546
CWE-707
Medium
EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14547)
CVE-2019-14547
CWE-707
Medium
EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14548)
CVE-2019-14548
CWE-707
Medium
EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14549)
CVE-2019-14549
CWE-707
Medium
EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14550)
CVE-2019-14550
CWE-707
Medium
EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-3539)
CVE-2021-3539
CWE-707
Medium
EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-59428)
CVE-2025-59428
CWE-707
Medium
EspoCRM Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2025-32390)
CVE-2025-32390
CWE-138
High
EspoCRM Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') Vulnerability (CVE-2025-52575)
CVE-2025-52575
CWE-138
Medium
EspoCRM Improper Restriction of Excessive Authentication Attempts Vulnerability (CVE-2019-14351)
CVE-2019-14351
CWE-307
High
EspoCRM Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2025-32385)
CVE-2025-32385
CWE-1021
Medium
EspoCRM Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2025-52892)
CVE-2025-52892
-
Medium
EspoCRM Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-7986)
CVE-2014-7986
CWE-264
Medium
EspoCRM Server-Side Request Forgery (SSRF) Vulnerability (CVE-2023-46736)
CVE-2023-46736
CWE-918
Medium
EspoCRM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-38843)
CVE-2022-38843
CWE-434
High
EspoCRM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-5965)
CVE-2023-5965
CWE-434
High
EspoCRM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-5966)
CVE-2023-5966
CWE-434
High
EspoCRM URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2024-24818)
CVE-2024-24818
CWE-601
Medium
Express cookie-session weak secret key
-
CWE-693
Medium
Express Development Mode enabled
-
CWE-200
Medium
Express express-session weak secret key
-
CWE-693
Information
Expression language injection
-
CWE-917
High
ExpressJs Local File Read via the layout parameter
-
CWE-22
High
Ext JS arbitrary file read
-
CWE-22
High
Ext JS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-8046)
CVE-2018-8046
CWE-707
Medium
Ext JS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2007-6758)
CVE-2007-6758
CWE-918
High
F5 BIG-IP Cookie Information Disclosure
-
CWE-200
Low
F5 BIG-IP Request Smuggling (CVE-2023-46747)
CVE-2023-46747
CWE-288
Critical
F5 BIG-IP Traffic Management User Interface (TMUI) RCE
CVE-2020-5902
CWE-78
High
F5 iControl REST unauthenticated remote command execution vulnerability
CVE-2021-22986
CWE-78
High
Family Connections Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-0699)
CVE-2012-0699
CWE-352
High
Family Connections Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2010-3419)
CVE-2010-3419
CWE-94
High
Family Connections Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-5130)
CVE-2011-5130
CWE-94
Medium
Family Connections Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-2901)
CVE-2008-2901
CWE-138
Medium
Family Connections Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-2010)
CVE-2009-2010
CWE-138
Medium
Family Connections Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-4338)
CVE-2007-4338
CWE-264
Critical
fancybox Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-1494)
CVE-2015-1494
CWE-707
Medium
FastAdmin Path Traversal (CVE-2024-7928)
CVE-2024-7928
CWE-22
High
FastCGI Unauthorized Access Vulnerability
-
CWE-78
High
FCKeditor arbitrary file upload
CVE-2009-2265
CWE-22
Medium
FCKeditor spellchecker.php cross site scripting vulnerability
CVE-2012-4000
CWE-79
High
File Content Disclosure in Action View
CVE-2019-5418
CWE-200
High
File creation via HTTP method PUT
-
CWE-669
High
File tampering
-
CWE-20
Medium
File Upload Functionality Detected
-
-
Information
File upload XSS (Java applet)
-
CWE-79
High
Firebase database accessible without authentication
-
CWE-200
Medium
Flask debug mode
-
CWE-489
High
Flask weak secret key
-
CWE-693
Medium
Flex BlazeDS AMF Deserialization RCE
CVE-2017-5641
CWE-502
High
Flowise Authentication Bypass (CVE-2024-31621)
CVE-2024-31621
CWE-287
Critical
FluxBB CVE-2011-3621 Vulnerability (CVE-2011-3621)
CVE-2011-3621
-
Critical
FluxBB Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-9574)
CVE-2014-9574
CWE-22
Critical
FluxBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-35240)
CVE-2020-35240
CWE-707
Medium
FluxBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-43677)
CVE-2021-43677
CWE-707
Medium
FluxBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-44110)
CVE-2025-44110
CWE-707
Medium