Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.3.2229

Web Application Vulnerabilities

This page lists 24119 vulnerabilities in 70 categories.

Critical: 1560 High: 12984 Medium: 8644 Low: 865 Information: 66
Vulnerability Name
CVE
CWE
Severity
Bootstrap Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-14041)
CVE-2018-14041
CWE-707
Medium
Bootstrap Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-14042)
CVE-2018-14042
CWE-707
Medium
Bootstrap Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-20676)
CVE-2018-20676
CWE-707
Medium
Bootstrap Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-20677)
CVE-2018-20677
CWE-707
Medium
Bootstrap Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8331)
CVE-2019-8331
CWE-707
Medium
Bootstrap Select Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-20921)
CVE-2019-20921
CWE-707
Medium
Bootstrap Table Access of Resource Using Incompatible Type ('Type Confusion') Vulnerability (CVE-2021-23472)
CVE-2021-23472
CWE-843
Medium
Bootstrap Table Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-1726)
CVE-2022-1726
CWE-707
Medium
BottlePy weak secret key
-
CWE-693
High
Broken access control in Confluence Server and Data Center (CVE-2023-22515)
CVE-2023-22515
CWE-284
Critical
Broken Link Hijacking
-
CWE-610
Low
Broken Object Property Level Authorization (Mass Assignment)
-
CWE-285
High
BuddyPress REST API Privilege Escalation
CVE-2021-21389
CWE-269
High
Cacti Unauthenticated Command Injection (CVE-2022-46169)
CVE-2022-46169
CWE-77
Critical
Caddy Web Server Authentication Bypass by Spoofing Vulnerability (CVE-2023-50463)
CVE-2023-50463
CWE-290
Medium
Caddy Web Server Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2026-27589)
CVE-2026-27589
CWE-352
Medium
Caddy Web Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-19148)
CVE-2018-19148
CWE-200
Low
Caddy Web Server Improper Authentication Vulnerability (CVE-2018-21246)
CVE-2018-21246
CWE-287
Critical
Caddy Web Server Improper Handling of Case Sensitivity Vulnerability (CVE-2026-27587)
CVE-2026-27587
CWE-178
Critical
Caddy Web Server Improper Handling of Case Sensitivity Vulnerability (CVE-2026-27588)
CVE-2026-27588
CWE-178
Critical
Caddy Web Server Improper Handling of Exceptional Conditions Vulnerability (CVE-2026-27586)
CVE-2026-27586
CWE-755
Critical
Caddy Web Server Improper Input Validation Vulnerability (CVE-2026-27585)
CVE-2026-27585
CWE-20
Medium
Caddy Web Server Improper Input Validation Vulnerability (CVE-2026-27590)
CVE-2026-27590
CWE-20
Critical
Caddy Web Server Out-of-bounds Read Vulnerability (CVE-2022-34037)
CVE-2022-34037
CWE-125
High
Caddy Web Server Uncontrolled Resource Consumption Vulnerability (CVE-2023-44487)
CVE-2023-44487
CWE-400
High
Caddy Web Server URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-28923)
CVE-2022-28923
CWE-601
Medium
Caddy Web Server URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-29718)
CVE-2022-29718
CWE-601
Medium
CakePHP 1.3.5 / 1.2.8 unserialize() vulnerability
CVE-2010-4335
CWE-20
High
CakePHP Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-8379)
CVE-2015-8379
CWE-352
High
CakePHP Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-15400)
CVE-2020-15400
CWE-352
Medium
CakePHP Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-35239)
CVE-2020-35239
CWE-352
High
CakePHP Deserialization of Untrusted Data Vulnerability (CVE-2019-11458)
CVE-2019-11458
CWE-502
High
CakePHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3712)
CVE-2011-3712
CWE-200
Medium
CakePHP Improper Input Validation Vulnerability (CVE-2010-4335)
CVE-2010-4335
CWE-20
High
CakePHP Improper Input Validation Vulnerability (CVE-2016-4793)
CVE-2016-4793
CWE-20
High
CakePHP Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2006-5031)
CVE-2006-5031
CWE-22
Medium
CakePHP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2006-4067)
CVE-2006-4067
CWE-707
Medium
CakePHP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-23643)
CVE-2026-23643
CWE-707
Medium
CakePHP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-22727)
CVE-2023-22727
CWE-138
Critical
CakePHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4399)
CVE-2012-4399
CWE-264
Medium
Case-Insensitive Routing Bypass in Express.js Application
-
CWE-287
High
CData Jetty Path Traversal (CVE-2024-31848/CVE-2024-31849/CVE-2024-31850/CVE-2024-31851)
CVE-2024-31851
CWE-22
Critical
Certificate is Signed Using a Weak Signature Algorithm
-
-
High
Chamilo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-23127)
CVE-2020-23127
CWE-352
High
Chamilo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-40662)
CVE-2021-40662
CWE-352
High
Chamilo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-39061)
CVE-2023-39061
CWE-352
Low
Chamilo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-30617)
CVE-2024-30617
CWE-352
Medium
Chamilo CVE-2024-30619 Vulnerability (CVE-2024-30619)
CVE-2024-30619
-
High
Chamilo Deserialization of Untrusted Data Vulnerability (CVE-2024-47886)
CVE-2024-47886
CWE-502
High
Chamilo Deserialization of Untrusted Data Vulnerability (CVE-2025-50198)
CVE-2025-50198
CWE-502
Medium
Chamilo Deserialization of Untrusted Data Vulnerability (CVE-2025-52998)
CVE-2025-52998
CWE-502
Critical
Chamilo Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-32925)
CVE-2021-32925
CWE-200
Medium
Chamilo Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-1999019)
CVE-2018-1999019
CWE-94
Critical
Chamilo Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-38745)
CVE-2021-38745
CWE-94
Medium
Chamilo Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2022-27427)
CVE-2022-27427
CWE-94
High
Chamilo Improper Enforcement of Behavioral Workflow Vulnerability (CVE-2025-52469)
CVE-2025-52469
CWE-841
High
Chamilo Improper Handling of Case Sensitivity Vulnerability (CVE-2023-3545)
CVE-2023-3545
CWE-178
Critical
Chamilo Improper Input Validation Vulnerability (CVE-2012-4030)
CVE-2012-4030
CWE-20
High
Chamilo Improper Input Validation Vulnerability (CVE-2021-31933)
CVE-2021-31933
CWE-20
High
Chamilo Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-3533)
CVE-2023-3533
CWE-22
Critical
Chamilo Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') Vulnerability (CVE-2025-50187)
CVE-2025-50187
CWE-707
Critical
Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-4029)
CVE-2012-4029
CWE-707
Medium
Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-0738)
CVE-2013-0738
CWE-707
Medium
Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-0739)
CVE-2013-0739
CWE-707
Medium
Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-20327)
CVE-2018-20327
CWE-707
Medium
Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-20328)
CVE-2018-20328
CWE-707
Medium
Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-1000015)
CVE-2019-1000015
CWE-707
Medium
Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-23126)
CVE-2020-23126
CWE-707
Medium
Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-26746)
CVE-2021-26746
CWE-707
Medium
Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-35413)
CVE-2021-35413
CWE-707
High
Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-35414)
CVE-2021-35414
CWE-707
Critical
Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-35415)
CVE-2021-35415
CWE-707
Medium
Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-37389)
CVE-2021-37389
CWE-707
Medium
Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-37390)
CVE-2021-37390
CWE-707
Medium
Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-37391)
CVE-2021-37391
CWE-707
Medium