Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Web Application Vulnerabilities

This page lists 24637 vulnerabilities in 62 categories.

Critical: 1632 High: 13196 Medium: 8851 Low: 887 Information: 71
Vulnerability Name
CVE
CWE
Severity
Grafana Missing Authorization Vulnerability (CVE-2023-2183)
CVE-2023-2183
CWE-862
Medium
Grafana Missing Authorization Vulnerability (CVE-2026-28380)
CVE-2026-28380
CWE-862
Medium
Grafana Open Redirect (CVE-2025-4123)
CVE-2025-4123
CWE-601
High
Grafana Other Vulnerability (CVE-2021-28147)
CVE-2021-28147
-
Medium
Grafana Out-of-bounds Write Vulnerability (CVE-2026-27879)
CVE-2026-27879
CWE-787
Medium
Grafana Out-of-bounds Write Vulnerability (CVE-2026-27880)
CVE-2026-27880
CWE-787
High
Grafana Plugin Dir Traversal (CVE-2021-43798)
CVE-2021-43798
CWE-200
High
Grafana Server-Side Request Forgery (SSRF) Vulnerability (CVE-2020-13379)
CVE-2020-13379
CWE-918
High
Grafana Signature Verification Vulnerability (CVE-2020-27846)
CVE-2020-27846
-
Critical
Grafana Snapshot Authentication Bypass (CVE-2021-39226)
CVE-2021-39226
CWE-287
High
Grafana Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2026-21725)
CVE-2026-21725
CWE-367
Low
Grafana Uncontrolled Resource Consumption Vulnerability (CVE-2026-21720)
CVE-2026-21720
CWE-400
High
Grafana Uncontrolled Resource Consumption Vulnerability (CVE-2026-28375)
CVE-2026-28375
CWE-400
Medium
Grafana Uncontrolled Resource Consumption Vulnerability (CVE-2026-33375)
CVE-2026-33375
CWE-400
Medium
Grafana Uncontrolled Resource Consumption Vulnerability (CVE-2026-33378)
CVE-2026-33378
CWE-400
Medium
Grafana URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-29170)
CVE-2022-29170
CWE-601
High
Grails database console
-
CWE-200
Medium
Grandnode Path Traversal (CVE-2019-12276)
CVE-2019-12276
CWE-22
High
GraphiQL Explorer/Playground Enabled
-
CWE-200
Medium
GraphQL Alias Overloading Allowed: Potential Denial of Service Vulnerability
-
CWE-400
Medium
GraphQL Array-based Query Batching Allowed: Potential Batching Attack Vulnerability
-
CWE-770
Medium
GraphQL Circular-Query via Introspection Allowed: Potential DoS Vulnerability
-
CWE-400
Medium
GraphQL Field Suggestions Enabled
-
CWE-200
Medium
GraphQL Introspection Query Enabled
-
CWE-200
Medium
GraphQL Non-JSON Mutations over GET: Potential CSRF Vulnerability
-
CWE-352
Medium
GraphQL Non-JSON Queries over GET: Potential CSRF Vulnerability
-
CWE-352
Medium
GraphQL Non-JSON Queries over POST: Potential CSRF Vulnerability
-
CWE-352
Medium
GraphQL Unauthenticated Mutation Detected
-
CWE-306
Medium
GraphQL Unhandled Error Leakage
-
CWE-209
Medium
Grav CMS Unauthenticated RCE (CVE-2021-21425)
CVE-2021-21425
CWE-284
High
GSAP CVE-2020-28478 Vulnerability (CVE-2020-28478)
CVE-2020-28478
-
High
Gunicorn Improper Neutralization of CRLF Sequences ('CRLF Injection') Vulnerability (CVE-2018-1000164)
CVE-2018-1000164
CWE-707
High
H2 console publicly accessible
-
CWE-287
Low
Hadoop cluster web interface
-
CWE-200
Medium
Hadoop YARN ResourceManager publicly accessible
-
CWE-200
High
Handlebars CVE-2021-23369 Vulnerability (CVE-2021-23369)
CVE-2021-23369
-
Critical
Handlebars Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2026-33939)
CVE-2026-33939
CWE-754
High
Handlebars Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-20920)
CVE-2019-20920
CWE-94
High
Handlebars Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-33937)
CVE-2026-33937
CWE-94
Critical
Handlebars Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-33938)
CVE-2026-33938
CWE-94
High
Handlebars Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-33940)
CVE-2026-33940
CWE-94
High
Handlebars Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-8861)
CVE-2015-8861
CWE-707
Medium
Handlebars Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-33916)
CVE-2026-33916
CWE-707
Medium
Handlebars Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-33941)
CVE-2026-33941
CWE-707
High
Handlebars Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2019-19919)
CVE-2019-19919
CWE-138
Critical
Handlebars Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2019-20922)
CVE-2019-20922
CWE-835
High
Handlebars Other Vulnerability (CVE-2021-23383)
CVE-2021-23383
-
Critical
Harbor Unauthorized Access Vulnerability
CVE-2022-46463
CWE-200
High
Hashicorp Consul API is accessible without authentication
-
CWE-200
Medium
Hasura GraphQL API without authentication
-
CWE-200
Medium
Hesk Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3743)
CVE-2011-3743
CWE-200
Medium
Hesk Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-5287)
CVE-2011-5287
CWE-707
Medium
Hesk Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13897)
CVE-2020-13897
CWE-707
Medium
Hiawatha CVE-2025-57783 Vulnerability (CVE-2025-57783)
CVE-2025-57783
-
Medium
Hiawatha CVE-2025-57784 Vulnerability (CVE-2025-57784)
CVE-2025-57784
-
Low
Hiawatha Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-8358)
CVE-2019-8358
CWE-22
High
Hibernate Query Language (HQL) Injection
-
CWE-564
High
Highcharts JS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-29489)
CVE-2021-29489
CWE-707
Medium
Highcharts JS Incorrect Regular Expression Vulnerability (CVE-2018-20801)
CVE-2018-20801
CWE-185
High
HipChat for JIRA plugin - Velocity template injection
CVE-2015-5603
CWE-94
High
Horde Imp Unauthenticated Remote Command Execution
CVE-2018-19518
CWE-94
High
Horde remote code execution
CVE-2014-1691
CWE-94
High
Horde/IMP Plesk webmail exploit
-
CWE-20
High
Horizontal Broken Function Level Authorization (BFLA)
-
CWE-639
High
Horizontal IDOR/BOLA (Broken Object Level Authorization)
-
CWE-639
High
Host header attack
-
CWE-20
Medium
Hostile subdomain takeover
-
CWE-346
Medium
HSQLDB CVE-2022-41853 Vulnerability (CVE-2022-41853)
CVE-2022-41853
-
Critical
HTML Attribute Injection
-
CWE-80
Low
HTML Form found in redirect page
-
CWE-287
Low
HTML Injection
-
CWE-80
Medium
HTML Injection (requiring unencoded tag delimiter)
-
CWE-80
Information
HTTP Header Injection
-
CWE-113
Medium
HTTP header reflected in cached response
-
CWE-79
Medium
HTTP parameter pollution
-
CWE-88
Medium