Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Web Application Vulnerabilities

This page lists 24342 vulnerabilities in 62 categories.

Critical: 1593 High: 13071 Medium: 8734 Low: 875 Information: 69
Vulnerability Name
CVE
CWE
Severity
User controllable tag parameter
-
CWE-79
Medium
User controllable tag parameter (DOM-based)
-
CWE-79
Medium
User-controlled form action
-
CWE-20
Medium
uWSGI Path Traversal vulnerability
CVE-2018-7490
CWE-22
High
uWSGI Unauthorized Access Vulnerability
-
CWE-78
High
Vanilla Forums Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2018-15833)
CVE-2018-15833
CWE-639
Medium
Vanilla Forums Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-1000432)
CVE-2017-1000432
CWE-352
High
Vanilla Forums CVE-2013-3528 Vulnerability (CVE-2013-3528)
CVE-2013-3528
-
High
Vanilla Forums Deserialization of Untrusted Data Vulnerability (CVE-2018-19499)
CVE-2018-19499
CWE-502
High
Vanilla Forums Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3613)
CVE-2011-3613
CWE-200
High
Vanilla Forums Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3812)
CVE-2011-3812
CWE-200
Medium
Vanilla Forums Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-10073)
CVE-2016-10073
CWE-200
High
Vanilla Forums Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-18903)
CVE-2018-18903
CWE-94
Critical
Vanilla Forums Improper Input Validation Vulnerability (CVE-2011-0908)
CVE-2011-0908
CWE-20
Medium
Vanilla Forums Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-9889)
CVE-2019-9889
CWE-22
Low
Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-0526)
CVE-2011-0526
CWE-707
Medium
Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-0909)
CVE-2011-0909
CWE-707
Medium
Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-1009)
CVE-2011-1009
CWE-707
Medium
Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-9685)
CVE-2014-9685
CWE-707
Medium
Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-17571)
CVE-2018-17571
CWE-707
Medium
Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8279)
CVE-2019-8279
CWE-707
Medium
Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-8825)
CVE-2020-8825
CWE-707
Medium
Vanilla Forums Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-3527)
CVE-2013-3527
CWE-138
High
Vanilla Forums Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-16410)
CVE-2018-16410
CWE-138
Medium
Vanilla Forums Other Vulnerability (CVE-2011-0910)
CVE-2011-0910
-
Medium
Vanilla Forums Other Vulnerability (CVE-2011-3614)
CVE-2011-3614
-
Critical
Vanilla Forums Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-4954)
CVE-2012-4954
CWE-264
Low
Varnish Cache Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2013-4484)
CVE-2013-4484
CWE-119
Medium
Varnish Cache Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2017-8807)
CVE-2017-8807
CWE-119
Critical
Varnish Cache Integer Overflow or Wraparound Vulnerability (CVE-2017-12425)
CVE-2017-12425
CWE-190
High
Varnish Cache Other Vulnerability (CVE-2013-4090)
CVE-2013-4090
-
High
Varnish Cache Other Vulnerability (CVE-2015-8852)
CVE-2015-8852
-
High
Varnish Cache Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-0345)
CVE-2013-0345
CWE-264
Low
Varnish Cache Reachable Assertion Vulnerability (CVE-2019-15892)
CVE-2019-15892
CWE-617
High
vBSEO 3.6.0 PHP code injection
CVE-2012-5223
CWE-94
High
vBulletin 4 (up to 4.1.2) search.php SQL injection
-
CWE-89
High
vBulletin 5 CONNECT remote code execution
-
CWE-94
High
vBulletin 5.1.2 SQL injection
CVE-2014-5102
CWE-89
High
vBulletin 5.6.1 nodeId SQL injection
CVE-2020-12720
CWE-94
High
vBulletin 5.x 0day pre-auth RCE
-
CWE-94
High
vBulletin customer number disclosure
CVE-2013-6129
CWE-200
High
vBulletin PHP object injection vulnerability
-
CWE-915
High
vBulletin Pre-Auth RCE Vulnerability
CVE-2020-17496
CWE-94
High
vBulletin routestring Local File Inclusion
-
CWE-98
High
Verb tampering via misconfigured security constraint
-
CWE-288
Medium
Version Disclosure (ASP.NET MVC)
-
CWE-200
Low
Version Disclosure (ASP.NET)
-
CWE-200
Low
Version Disclosure (IIS)
-
CWE-200
Low
Version Disclosure (PHP)
-
-
Low
Vertical Broken Function Level Authorization (BFLA)
-
CWE-639
High
Vertical IDOR/BOLA (Broken Object Level Authorization)
-
CWE-639
High
VideoJS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-23414)
CVE-2021-23414
CWE-707
Medium
ViewsState is not Encrypted
-
CWE-200
Low
ViewState MAC Disabled
-
CWE-642
Medium
ViewStateMac is Not Enabled
-
CWE-354
Medium
Virtual host directory listing
-
CWE-538
Medium
Virtual Host locations misconfiguration
-
CWE-200
High
VirtueMart access control bypass
-
CWE-287
High
Vite Arbitrary File Read (CVE-2025-30208, CVE-2025-31125)
CVE-2025-31125
CWE-200
High
VMware Aria Operations for Networks RCE (CVE-2023-20887)
CVE-2023-20887
CWE-77
Critical
VMware directory traversal and privilege escalation vulnerabilities
CVE-2009-3733
CWE-22
High
VMware Horizon Log4Shell RCE
CVE-2021-44228
CWE-78
High
VMware vCenter Log4Shell RCE
CVE-2021-44228
CWE-78
High
VMware vCenter Server Unauthorized Remote Code Execution
CVE-2021-21972
CWE-78
High
VMware vCenter vcavbootstrap Arbitrary File Read
-
-
High
VMware vRealize Operations Server Side Request Forgery (SSRF) vulnerability
CVE-2021-21975
CWE-918
High
VMware Workspace ONE Access SSTI (CVE-2022-22954)
CVE-2022-22954
CWE-94
High
Vulnerabilities in SharePoint could allow elevation of privilege
CVE-2012-1859
CWE-79
High
Vulnerable JavaScript libraries
-
CWE-1395
Medium
Vulnerable Laravel Livewire version (CVE-2025-54068)
CVE-2025-54068
CWE-94
Critical
Vulnerable package dependencies [high]
-
CWE-1104
High
Vulnerable package dependencies [low]
-
CWE-1104
Low
Vulnerable package dependencies [medium]
-
CWE-1104
Medium
Vulnerable project dependencies
-
CWE-1395
High
W3 Total Cache CVE-2019-6715 Vulnerability (CVE-2019-6715)
CVE-2019-6715
-
High