Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.3.2229

Web Application Vulnerabilities

This page lists 24119 vulnerabilities in 70 categories.

Critical: 1560 High: 12984 Medium: 8644 Low: 865 Information: 66
Vulnerability Name
CVE
CWE
Severity
ASP.NET Core Development Mode enabled
-
CWE-200
Medium
ASP.NET CustomErrors Is Disabled
-
CWE-12
Medium
ASP.NET debugging enabled
-
CWE-11
Low
ASP.NET Deny missing from authorization rule on location
-
CWE-16
Medium
ASP.NET diagnostic page
-
CWE-200
Medium
ASP.NET error message
-
CWE-12
Low
ASP.NET event validation disabled
-
CWE-16
Medium
ASP.NET expired session IDs are not regenerated
-
CWE-16
Medium
ASP.NET forms authentication using inadequate protection
-
CWE-16
Medium
ASP.NET header checking is disabled in web.config
-
CWE-16
Medium
ASP.NET login credentials stored in plain text
-
CWE-256
Medium
ASP.NET MVC Improper Authentication Vulnerability (CVE-2018-8171)
CVE-2018-8171
CWE-287
High
ASP.NET MVC Improper Input Validation Vulnerability (CVE-2017-0247)
CVE-2017-0247
CWE-20
High
ASP.NET MVC Improper Input Validation Vulnerability (CVE-2017-0249)
CVE-2017-0249
CWE-20
High
ASP.NET MVC Improper Input Validation Vulnerability (CVE-2017-0256)
CVE-2017-0256
CWE-20
Medium
ASP.NET MVC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-4075)
CVE-2014-4075
CWE-707
Medium
ASP.NET path disclosure
-
CWE-200
Low
ASP.NET potential HTTP Verb Tampering
-
CWE-16
Medium
ASP.NET SignalR Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-5042)
CVE-2013-5042
CWE-707
Medium
ASP.NET ValidateRequest Is Globally Disabled
-
CWE-707
Medium
ASP.NET viewstate encryption disabled
-
CWE-16
Medium
ASP.NET ViewState Weak Validation Key
-
CWE-321
Critical
ASP.NET ViewStateUserKey Is Not Set
-
CWE-642
Low
ASP.NET WCF metadata enabled for behavior
-
CWE-16
Medium
ASP.NET WCF replay attacks are not detected
-
CWE-16
Medium
ASP.NET WCF service include exception details
-
CWE-16
Medium
ASP.NET: Failure To Require SSL For Authentication Cookies
-
CWE-319
Medium
Atlassian Confluence Access Restriction Bypass
CVE-2017-9505
-
Medium
Atlassian Confluence Asymmetric Resource Consumption (Amplification) Vulnerability (CVE-2025-22166)
CVE-2025-22166
CWE-405
High
Atlassian Confluence Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-6342)
CVE-2012-6342
CWE-352
Medium
Atlassian Confluence CVE-2020-29448 Vulnerability (CVE-2020-29448)
CVE-2020-29448
-
Medium
Atlassian Confluence CVE-2023-22503 Vulnerability (CVE-2023-22503)
CVE-2023-22503
-
Medium
Atlassian Confluence CVE-2023-22505 Vulnerability (CVE-2023-22505)
CVE-2023-22505
-
High
Atlassian Confluence CVE-2023-22508 Vulnerability (CVE-2023-22508)
CVE-2023-22508
-
High
Atlassian Confluence CVE-2023-22512 Vulnerability (CVE-2023-22512)
CVE-2023-22512
-
High
Atlassian Confluence CVE-2023-22515 Vulnerability (CVE-2023-22515)
CVE-2023-22515
-
Critical
Atlassian Confluence CVE-2024-21683 Vulnerability (CVE-2024-21683)
CVE-2024-21683
-
High
Atlassian Confluence Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-8399)
CVE-2015-8399
CWE-200
Medium
Atlassian Confluence Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6668)
CVE-2016-6668
CWE-200
High
Atlassian Confluence Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-7415)
CVE-2017-7415
CWE-200
High
Atlassian Confluence Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-20237)
CVE-2018-20237
CWE-200
Medium
Atlassian Confluence Improper Control of Dynamically-Managed Code Resources Vulnerability (CVE-2019-15006)
CVE-2019-15006
CWE-913
Medium
Atlassian Confluence Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-22526)
CVE-2023-22526
CWE-94
High
Atlassian Confluence Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-21672)
CVE-2024-21672
CWE-94
High
Atlassian Confluence Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-21673)
CVE-2024-21673
CWE-94
High
Atlassian Confluence Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-21674)
CVE-2024-21674
CWE-94
High
Atlassian Confluence Improper Input Validation Vulnerability (CVE-2018-13389)
CVE-2018-13389
CWE-20
Medium
Atlassian Confluence Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-3394)
CVE-2019-3394
CWE-22
High
Atlassian Confluence Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-3396)
CVE-2019-3396
CWE-22
Critical
Atlassian Confluence Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-3398)
CVE-2019-3398
CWE-22
High
Atlassian Confluence Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-21677)
CVE-2024-21677
CWE-22
High
Atlassian Confluence Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-8398)
CVE-2015-8398
CWE-707
Medium
Atlassian Confluence Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-4317)
CVE-2016-4317
CWE-707
Medium
Atlassian Confluence Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-6283)
CVE-2016-6283
CWE-707
Medium
Atlassian Confluence Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-16856)
CVE-2017-16856
CWE-707
Medium
Atlassian Confluence Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-18083)
CVE-2017-18083
CWE-707
Medium
Atlassian Confluence Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-18084)
CVE-2017-18084
CWE-707
Medium
Atlassian Confluence Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-18085)
CVE-2017-18085
CWE-707
Medium
Atlassian Confluence Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-18086)
CVE-2017-18086
CWE-707
Medium
Atlassian Confluence Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-20239)
CVE-2018-20239
CWE-707
Medium
Atlassian Confluence Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-20102)
CVE-2019-20102
CWE-707
Medium
Atlassian Confluence Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-14175)
CVE-2020-14175
CWE-707
Medium
Atlassian Confluence Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-29444)
CVE-2020-29444
CWE-707
Medium
Atlassian Confluence Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-36290)
CVE-2020-36290
CWE-707
Medium
Atlassian Confluence Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-21678)
CVE-2024-21678
CWE-707
High
Atlassian Confluence Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-21686)
CVE-2024-21686
CWE-707
High
Atlassian Confluence Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-21690)
CVE-2024-21690
CWE-707
High
Atlassian Confluence Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2020-4027)
CVE-2020-4027
CWE-138
Medium
Atlassian Confluence Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2021-26084)
CVE-2021-26084
CWE-138
Critical
Atlassian Confluence Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2021-39114)
CVE-2021-39114
CWE-138
High
Atlassian Confluence Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-22522)
CVE-2023-22522
CWE-138
High
Atlassian Confluence Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-22527)
CVE-2023-22527
CWE-138
Critical
Atlassian Confluence Incorrect Authorization Vulnerability (CVE-2023-22518)
CVE-2023-22518
CWE-863
Critical
Atlassian Confluence Incorrect Behavior Order: Validate Before Canonicalize Vulnerability (CVE-2022-26136)
CVE-2022-26136
CWE-180
Critical
Atlassian Confluence Incorrect Behavior Order: Validate Before Canonicalize Vulnerability (CVE-2022-26137)
CVE-2022-26137
CWE-180
Critical