Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Web Application Vulnerabilities

This page lists 24637 vulnerabilities in 62 categories.

Critical: 1632 High: 13196 Medium: 8851 Low: 887 Information: 71
Vulnerability Name
CVE
CWE
Severity
Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-5647)
CVE-2017-5647
CWE-200
High
Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-17527)
CVE-2020-17527
CWE-200
High
Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-25122)
CVE-2021-25122
CWE-200
High
Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2026-42498)
CVE-2026-42498
CWE-200
High
Apache Tomcat Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2024-21733)
CVE-2024-21733
CWE-209
Medium
Apache Tomcat Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2026-29146)
CVE-2026-29146
CWE-209
High
Apache Tomcat hello.jsp XSS
CVE-2007-1355
CWE-79
Low
Apache Tomcat Improper Access Control Vulnerability (CVE-2014-7810)
CVE-2014-7810
CWE-284
Medium
Apache Tomcat Improper Access Control Vulnerability (CVE-2016-5388)
CVE-2016-5388
CWE-284
High
Apache Tomcat Improper Authentication Vulnerability (CVE-2011-5063)
CVE-2011-5063
CWE-287
Medium
Apache Tomcat Improper Authentication Vulnerability (CVE-2012-5886)
CVE-2012-5886
CWE-287
Medium
Apache Tomcat Improper Authentication Vulnerability (CVE-2012-5887)
CVE-2012-5887
CWE-287
Medium
Apache Tomcat Improper Authentication Vulnerability (CVE-2013-2067)
CVE-2013-2067
CWE-287
Medium
Apache Tomcat Improper Authentication Vulnerability (CVE-2026-29145)
CVE-2026-29145
CWE-287
Critical
Apache Tomcat Improper Authentication Vulnerability (CVE-2026-34500)
CVE-2026-34500
CWE-287
Medium
Apache Tomcat Improper Authorization Vulnerability (CVE-2026-43515)
CVE-2026-43515
CWE-285
Critical
Apache Tomcat Improper Certificate Validation Vulnerability (CVE-2018-8034)
CVE-2018-8034
CWE-295
High
Apache Tomcat Improper Certificate Validation Vulnerability (CVE-2025-66614)
CVE-2025-66614
CWE-295
Critical
Apache Tomcat Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2024-52316)
CVE-2024-52316
CWE-754
Critical
Apache Tomcat Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-4444)
CVE-2013-4444
CWE-94
Medium
Apache Tomcat Improper Encoding or Escaping of Output Vulnerability (CVE-2021-30640)
CVE-2021-30640
CWE-116
Medium
Apache Tomcat Improper Encoding or Escaping of Output Vulnerability (CVE-2022-45143)
CVE-2022-45143
CWE-116
High
Apache Tomcat Improper Encoding or Escaping of Output Vulnerability (CVE-2025-31651)
CVE-2025-31651
CWE-116
Critical
Apache Tomcat Improper Encoding or Escaping of Output Vulnerability (CVE-2026-34483)
CVE-2026-34483
CWE-116
High
Apache Tomcat Improper Handling of Case Sensitivity Vulnerability (CVE-2025-46701)
CVE-2025-46701
CWE-178
High
Apache Tomcat Improper Handling of Case Sensitivity Vulnerability (CVE-2026-43513)
CVE-2026-43513
CWE-178
High
Apache Tomcat Improper Handling of Exceptional Conditions Vulnerability (CVE-2017-5664)
CVE-2017-5664
CWE-755
High
Apache Tomcat Improper Handling of Exceptional Conditions Vulnerability (CVE-2021-30639)
CVE-2021-30639
CWE-755
High
Apache Tomcat Improper Input Validation Vulnerability (CVE-2009-0033)
CVE-2009-0033
CWE-20
Medium
Apache Tomcat Improper Input Validation Vulnerability (CVE-2011-1475)
CVE-2011-1475
CWE-20
Medium
Apache Tomcat Improper Input Validation Vulnerability (CVE-2011-2526)
CVE-2011-2526
CWE-20
Medium
Apache Tomcat Improper Input Validation Vulnerability (CVE-2012-2733)
CVE-2012-2733
CWE-20
Medium
Apache Tomcat Improper Input Validation Vulnerability (CVE-2012-3544)
CVE-2012-3544
CWE-20
Medium
Apache Tomcat Improper Input Validation Vulnerability (CVE-2013-2185)
CVE-2013-2185
CWE-20
High
Apache Tomcat Improper Input Validation Vulnerability (CVE-2013-4286)
CVE-2013-4286
CWE-20
Medium
Apache Tomcat Improper Input Validation Vulnerability (CVE-2013-4322)
CVE-2013-4322
CWE-20
Medium
Apache Tomcat Improper Input Validation Vulnerability (CVE-2014-0033)
CVE-2014-0033
CWE-20
Medium
Apache Tomcat Improper Input Validation Vulnerability (CVE-2014-0095)
CVE-2014-0095
CWE-20
Medium
Apache Tomcat Improper Input Validation Vulnerability (CVE-2016-1240)
CVE-2016-1240
CWE-20
High
Apache Tomcat Improper Input Validation Vulnerability (CVE-2016-3092)
CVE-2016-3092
CWE-20
High
Apache Tomcat Improper Input Validation Vulnerability (CVE-2016-6816)
CVE-2016-6816
CWE-20
High
Apache Tomcat Improper Input Validation Vulnerability (CVE-2026-32990)
CVE-2026-32990
CWE-20
Medium
Apache Tomcat Improper Input Validation Vulnerability (CVE-2026-41293)
CVE-2026-41293
CWE-20
Critical
Apache Tomcat Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2007-0450)
CVE-2007-0450
CWE-22
Medium
Apache Tomcat Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2007-5461)
CVE-2007-5461
CWE-22
Low
Apache Tomcat Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-2370)
CVE-2008-2370
CWE-22
Medium
Apache Tomcat Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-2938)
CVE-2008-2938
CWE-22
Medium
Apache Tomcat Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-5515)
CVE-2008-5515
CWE-22
Medium
Apache Tomcat Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2009-2693)
CVE-2009-2693
CWE-22
Medium
Apache Tomcat Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2009-2902)
CVE-2009-2902
CWE-22
Medium
Apache Tomcat Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2015-5174)
CVE-2015-5174
CWE-22
Medium
Apache Tomcat Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2015-5345)
CVE-2015-5345
CWE-22
Medium
Apache Tomcat Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-7675)
CVE-2017-7675
CWE-22
High
Apache Tomcat Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2016-9774)
CVE-2016-9774
CWE-59
High
Apache Tomcat Improper Locking Vulnerability (CVE-2019-10072)
CVE-2019-10072
CWE-667
High
Apache Tomcat Improper Neutralization of Escape, Meta, or Control Sequences Vulnerability (CVE-2025-55754)
CVE-2025-55754
CWE-150
Critical
Apache Tomcat Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2005-4838)
CVE-2005-4838
CWE-707
Medium
Apache Tomcat Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2006-7196)
CVE-2006-7196
CWE-707
Medium
Apache Tomcat Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-1358)
CVE-2007-1358
CWE-707
Low
Apache Tomcat Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-2450)
CVE-2007-2450
CWE-707
Low
Apache Tomcat Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-3386)
CVE-2007-3386
CWE-707
Medium
Apache Tomcat Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-1232)
CVE-2008-1232
CWE-707
Medium
Apache Tomcat Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-1947)
CVE-2008-1947
CWE-707
Medium
Apache Tomcat Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-0781)
CVE-2009-0781
CWE-707
Medium
Apache Tomcat Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-2696)
CVE-2009-2696
CWE-707
Medium
Apache Tomcat Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-4172)
CVE-2010-4172
CWE-707
Medium
Apache Tomcat Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-0013)
CVE-2011-0013
CWE-707
Medium
Apache Tomcat Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-0221)
CVE-2019-0221
CWE-707
Medium
Apache Tomcat Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-34305)
CVE-2022-34305
CWE-707
Medium
Apache Tomcat Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2019-0232)
CVE-2019-0232
CWE-138
High
Apache Tomcat Improper Resource Shutdown or Release Vulnerability (CVE-2017-5650)
CVE-2017-5650
CWE-404
High
Apache Tomcat Improper Resource Shutdown or Release Vulnerability (CVE-2022-25762)
CVE-2022-25762
CWE-404
High
Apache Tomcat Improper Resource Shutdown or Release Vulnerability (CVE-2025-48989)
CVE-2025-48989
CWE-404
High
Apache Tomcat Improper Resource Shutdown or Release Vulnerability (CVE-2025-61795)
CVE-2025-61795
CWE-404
Medium
Apache Tomcat Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2002-2272)
CVE-2002-2272
CWE-119
High