Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Web Application Vulnerabilities

This page lists 24342 vulnerabilities in 62 categories.

Critical: 1593 High: 13071 Medium: 8734 Low: 875 Information: 69
Vulnerability Name
CVE
CWE
Severity
Unauthenticated Arbitrary File Read vulnerability in VMware vCenter
-
CWE-22
High
Unauthenticated MCP (Model Context Protocol) Server
-
-
High
Unauthenticated OGNL injection in Confluence Server and Data Center
CVE-2021-26084
CWE-917
High
Unauthenticated OGNL injection in Confluence Server and Data Center (CVE-2023-22527)
CVE-2023-22527
CWE-917
Critical
Unauthenticated OpenAI API Access
-
-
Medium
Unauthenticated Remote Code Execution via JSONWS in Liferay 6.1 (LPS-88051)
-
CWE-78
High
Unauthenticated Remote Code Execution via JSONWS in Liferay 7.2.0 CE GA1
CVE-2020-7961
CWE-78
High
Unauthenticated remote code execution vulnerability in Confluence Server and Data Center
CVE-2022-26134
CWE-917
High
Unauthorized Access to a web app installer
-
CWE-200
Medium
Unchecked GraphQL Query Length: Potential Denial of Service Vulnerability
-
CWE-400
Medium
Uncontrolled format string
-
CWE-134
High
Underscore.js Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-27601)
CVE-2026-27601
CWE-770
High
Underscore.js Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-23358)
CVE-2021-23358
CWE-94
High
Undertow Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2021-3597)
CVE-2021-3597
CWE-362
Medium
Undertow CVE-2022-1259 Vulnerability (CVE-2022-1259)
CVE-2022-1259
-
High
Undertow CVE-2022-2764 Vulnerability (CVE-2022-2764)
CVE-2022-2764
-
Medium
Undertow CVE-2022-4492 Vulnerability (CVE-2022-4492)
CVE-2022-4492
-
Critical
Undertow CVE-2023-3223 Vulnerability (CVE-2023-3223)
CVE-2023-3223
-
High
Undertow Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-3859)
CVE-2021-3859
CWE-668
High
Undertow Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-1745)
CVE-2020-1745
CWE-200
Critical
Undertow Improper Input Validation Vulnerability (CVE-2020-1757)
CVE-2020-1757
CWE-20
High
Undertow Improper Input Validation Vulnerability (CVE-2025-12543)
CVE-2025-12543
CWE-20
Critical
Undertow Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-7816)
CVE-2014-7816
CWE-22
Medium
Undertow Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') Vulnerability (CVE-2018-1067)
CVE-2018-1067
CWE-113
Medium
Undertow Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2020-10705)
CVE-2020-10705
CWE-119
High
Undertow Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2017-12165)
CVE-2017-12165
CWE-444
High
Undertow Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2017-7559)
CVE-2017-7559
CWE-444
Medium
Undertow Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2020-10687)
CVE-2020-10687
CWE-444
Medium
Undertow Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2020-10719)
CVE-2020-10719
CWE-444
Medium
Undertow Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2021-20220)
CVE-2021-20220
CWE-444
Medium
Undertow Incorrect Authorization Vulnerability (CVE-2017-12196)
CVE-2017-12196
CWE-863
Medium
Undertow Insertion of Sensitive Information into Log File Vulnerability (CVE-2019-10212)
CVE-2019-10212
CWE-532
Critical
Undertow Insertion of Sensitive Information into Log File Vulnerability (CVE-2019-3888)
CVE-2019-3888
CWE-532
Critical
Undertow Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2017-2670)
CVE-2017-2670
CWE-835
High
Undertow Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2023-1108)
CVE-2023-1108
CWE-835
High
Undertow Missing Authorization Vulnerability (CVE-2019-10184)
CVE-2019-10184
CWE-862
High
Undertow Unchecked Return Value Vulnerability (CVE-2022-1319)
CVE-2022-1319
CWE-252
High
Undertow Uncontrolled Resource Consumption Vulnerability (CVE-2019-14888)
CVE-2019-14888
CWE-400
High
Undertow Uncontrolled Resource Consumption Vulnerability (CVE-2019-19343)
CVE-2019-19343
CWE-400
High
Undertow Uncontrolled Resource Consumption Vulnerability (CVE-2021-3629)
CVE-2021-3629
CWE-400
High
Undertow Uncontrolled Resource Consumption Vulnerability (CVE-2021-3690)
CVE-2021-3690
CWE-400
High
Undertow Uncontrolled Resource Consumption Vulnerability (CVE-2022-2053)
CVE-2022-2053
CWE-400
High
Unfiltered header injection in Apache 1.3.34/2.0.57/2.2.1
CVE-2006-3918
CWE-79
Low
Unicode Transformation (Best-Fit Mapping)
-
CWE-176
Medium
Unprotected Apache NiFi API interface
-
CWE-287
Medium
Unprotected JSON file leaking secrets
-
CWE-200
Medium
Unprotected Kong Gateway Admin API interface
-
CWE-287
Medium
Unprotected phpMyAdmin interface
-
CWE-205
High
Unrestricted access to a monitoring system
-
CWE-200
Low
Unrestricted access to AnythingLLM API
CVE-2024-6842
CWE-200
Medium
Unrestricted access to Apache HugeGraph
-
CWE-200
Critical
Unrestricted access to Caddy API interface
-
CWE-200
High
Unrestricted access to Haproxy Data Plane API
-
CWE-200
High
Unrestricted access to ImageResizer Diagnotics plugin
-
CWE-200
Low
Unrestricted access to Kong Gateway API
-
CWE-200
High
Unrestricted access to MLflow
-
CWE-200
Medium
Unrestricted access to NGINX+ API interface (read only)
-
CWE-200
Medium
Unrestricted access to NGINX+ API interface (read write)
-
CWE-200
High
Unrestricted access to NGINX+ Dashboard
-
CWE-200
Medium
Unrestricted access to NGINX+ Status module
-
CWE-200
Low
Unrestricted access to NGINX+ Upstream HTTP interface
-
CWE-200
Medium
Unrestricted access to Odoo DB manager
-
CWE-200
High
Unrestricted access to Prometheus
-
CWE-200
Low
Unrestricted access to Prometheus Metrics
-
CWE-200
Low
Unrestricted File Upload
-
CWE-434
High
Unrestricted file upload vulnerability in ofc_upload_image.php
CVE-2009-4140
CWE-434
High
Unsafe use of Reflection
-
CWE-470
High
Unsafe value for session tracking in WEB-INF/web.xml
-
CWE-598
Medium
Unsupported Hash Detected in Content Security Policy (CSP)
-
CWE-327
Information
Unvalidated JWT jku parameter
-
CWE-287
High
Unvalidated JWT x5u parameter
-
CWE-287
High
Uploadify arbitrary file upload
-
CWE-434
High
URL rewrite vulnerability
CVE-2018-14773
CWE-436
Medium
User controllable charset
-
CWE-20
Medium
User controllable script source
-
CWE-79
High