Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Web Application Vulnerabilities

This page lists 24637 vulnerabilities in 62 categories.

Critical: 1632 High: 13196 Medium: 8851 Low: 887 Information: 71
Vulnerability Name
CVE
CWE
Severity
FCKeditor arbitrary file upload
CVE-2009-2265
CWE-22
Medium
FCKeditor spellchecker.php cross site scripting vulnerability
CVE-2012-4000
CWE-79
High
File Content Disclosure in Action View
CVE-2019-5418
CWE-200
High
File creation via HTTP method PUT
-
CWE-669
High
File tampering
-
CWE-20
Medium
File Upload Functionality Detected
-
-
Information
File upload XSS (Java applet)
-
CWE-79
High
Firebase database accessible without authentication
-
CWE-200
Medium
Flask debug mode
-
CWE-489
High
Flask weak secret key
-
CWE-1391
Medium
Flex BlazeDS AMF Deserialization RCE
CVE-2017-5641
CWE-502
High
Flowise Authentication Bypass (CVE-2024-31621)
CVE-2024-31621
CWE-287
Critical
FluxBB CVE-2011-3621 Vulnerability (CVE-2011-3621)
CVE-2011-3621
-
Critical
FluxBB Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-9574)
CVE-2014-9574
CWE-22
Critical
FluxBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-35240)
CVE-2020-35240
CWE-707
Medium
FluxBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-43677)
CVE-2021-43677
CWE-707
Medium
FluxBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-44110)
CVE-2025-44110
CWE-707
Medium
FluxBB Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-10029)
CVE-2014-10029
CWE-138
High
FluxBB Other Vulnerability (CVE-2014-10030)
CVE-2014-10030
-
Medium
FluxBB Use of Password Hash With Insufficient Computational Effort Vulnerability (CVE-2020-28873)
CVE-2020-28873
CWE-916
High
ForgeRock AM / OpenAM Deserialization RCE (CVE-2021-35464)
CVE-2021-35464
CWE-502
High
ForgeRock OpenAM Deserialization RCE (CVE-2021-29156)
CVE-2021-29156
CWE-502
High
Fortigate SSL VPN Arbitrary File reading (CVE-2018-13379)
CVE-2018-13379
CWE-22
High
Fortinet Authentication bypass on administrative interface
CVE-2022-40684
CWE-288
High
Fortinet FortiNAC RCE via arbitrary file upload
CVE-2022-39952
CWE-73
High
Fortinet Out-Of-Bound Memory Write RCE (CVE-2024-21762)
CVE-2024-21762
CWE-787
Critical
FortiWeb Authentication Bypass (CVE-2025-64446)
CVE-2025-58034
CWE-23
Critical
FrontAccounting Cross-site Request Forgery (CSRF) Vulnerability (CVE-2018-7176)
CVE-2018-7176
-
High
Frontaccounting Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3740)
CVE-2011-3740
CWE-200
Medium
Frontaccounting Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-5117)
CVE-2007-5117
CWE-94
Critical
Frontaccounting Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-5148)
CVE-2007-5148
CWE-94
Medium
Frontaccounting Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2020-21244)
CVE-2020-21244
CWE-22
Medium
Frontaccounting Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-4037)
CVE-2009-4037
CWE-138
High
Frontaccounting Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-4045)
CVE-2009-4045
CWE-138
High
Frontaccounting Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-1000890)
CVE-2018-1000890
CWE-138
High
Frontaccounting Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-5720)
CVE-2019-5720
CWE-138
Critical
FrontAccounting Multiple SQL Injection Vulnerabilities (CVE-2014-3973)
CVE-2014-3973
-
High
Frontaccounting Other Vulnerability (CVE-2007-4279)
CVE-2007-4279
-
High
Frontpage authors.pwd available
-
CWE-538
Medium
FrontPage Identified
-
CWE-200
Low
Full public read access Azure blob storage
-
CWE-732
Medium
Gallery 3.0.4 remote code execution
-
CWE-20
High
Generic Email Address Disclosure
-
CWE-200
Information
Genericons DOM-based XSS vulnerability
-
CWE-80
High
GeoServer CVE-2023-35042 Vulnerability (CVE-2023-35042)
CVE-2023-35042
-
Critical
GeoServer CVE-2024-34696 Vulnerability (CVE-2024-34696)
CVE-2024-34696
-
Medium
GeoServer CVE-2024-35230 Vulnerability (CVE-2024-35230)
CVE-2024-35230
-
Medium
GeoServer Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2024-34711)
CVE-2024-34711
CWE-200
High
GeoServer Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2024-38524)
CVE-2024-38524
CWE-200
High
GeoServer Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-36401)
CVE-2024-36401
CWE-94
Critical
GeoServer Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-41877)
CVE-2023-41877
CWE-22
High
GeoServer Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-24749)
CVE-2024-24749
CWE-22
High
GeoServer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-51445)
CVE-2023-51445
CWE-707
Medium
GeoServer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-23640)
CVE-2024-23640
CWE-707
Medium
GeoServer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-23642)
CVE-2024-23642
CWE-707
Medium
GeoServer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-23643)
CVE-2024-23643
CWE-707
Medium
GeoServer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-23818)
CVE-2024-23818
CWE-707
Medium
GeoServer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-23819)
CVE-2024-23819
CWE-707
Medium
GeoServer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-23821)
CVE-2024-23821
CWE-707
Medium
GeoServer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-21621)
CVE-2025-21621
CWE-707
Medium
GeoServer Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2008-7227)
CVE-2008-7227
CWE-119
Medium
GeoServer Improper Restriction of XML External Entity Reference Vulnerability (CVE-2025-58360)
CVE-2025-58360
CWE-611
Critical
GeoServer Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2025-30145)
CVE-2025-30145
CWE-835
High
GeoServer Missing Authorization Vulnerability (CVE-2025-27505)
CVE-2025-27505
CWE-862
Medium
GeoServer Other Vulnerability (CVE-2024-23634)
CVE-2024-23634
-
Medium
GeoServer RCE (CVE-2024-36401)
CVE-2024-36401
CWE-94
Critical
GeoServer Server-Side Request Forgery (SSRF) Vulnerability (CVE-2024-29198)
CVE-2024-29198
CWE-918
High
GeoServer Server-Side Request Forgery (SSRF) Vulnerability (CVE-2024-40625)
CVE-2024-40625
CWE-918
Medium
GeoServer SQLi (CVE-2023-25157)
CVE-2023-25157
CWE-89
High
GeoServer SSRF (CVE-2021-40822)
CVE-2021-40822
CWE-918
High
GeoServer Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-51444)
CVE-2023-51444
CWE-434
High
GeoServer WMS SSRF (CVE-2023-43795)
CVE-2023-43795
CWE-918
High
Ghost CMS Theme Path Traversal (CVE-2023-32235)
CVE-2023-32235
CWE-22
High
Ghost CMS Theme Preview XSS (CVE-2021-29484)
CVE-2021-29484
CWE-79
High
GhostScript RCE (Remote Code Execution)
CVE-2016-3714
CWE-78
Critical