Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Web Application Vulnerabilities

This page lists 24342 vulnerabilities in 62 categories.

Critical: 1593 High: 13071 Medium: 8734 Low: 875 Information: 69
Vulnerability Name
CVE
CWE
Severity
W3 total cache debug mode
-
CWE-489
Medium
Weak Nonce Detected in Content Security Policy (CSP) Declaration
-
CWE-330
Information
Weak password
-
CWE-200
High
Weak Secret is Used to Sign JWT
-
CWE-347
High
Weak Session ID in cookie Detected
-
CWE-287
High
Weak WordPress security key
-
CWE-326
High
Web application default/weak credentials
-
CWE-200
High
Web Application Firewall Detected
-
-
Information
Web Cache Deception
-
-
High
Web Cache Poisoning
-
CWE-44
High
Web Cache Poisoning DoS
-
CWE-400
Medium
Web Cache Poisoning DoS (for javascript)
-
CWE-400
Medium
Web Cache Poisoning DoS through HTTP/2 headers
-
CWE-400
Medium
Web Cache Poisoning through HTTP/2 pseudo-headers
-
CWE-44
High
Web Cache Poisoning via Fat GET Request
-
CWE-44
High
Web Cache Poisoning via Host Header
-
CWE-44
High
Web Cache Poisoning via JSONP and UTM_ parameter
-
CWE-44
High
Web Cache Poisoning via POST Request
-
CWE-44
High
Web Cache Poisoning via semicolon query separator
-
CWE-44
High
Web Server Cache Poisoning (CMS Made Simple) v1.x
CVE-2016-2784
CWE-20
Low
Web Server Cache Poisoning (CMS Made Simple) v2.x
CVE-2016-2784
CWE-20
High
Web server default welcome page
-
CWE-200
Information
web.xml configuration file disclosure
-
CWE-538
High
Web2py weak secret key
-
CWE-693
Medium
webadmin.php script
-
CWE-552
High
Webalizer script
-
CWE-538
Medium
WebDAV Directory Has Write Permissions
-
CWE-732
High
WebDAV directory listing
-
CWE-538
Medium
WebDAV Enabled
-
CWE-749
Information
WebERP Files or Directories Accessible to External Parties Vulnerability (CVE-2020-37082)
CVE-2020-37082
CWE-552
High
WebERP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-19434)
CVE-2018-19434
CWE-138
High
WebERP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-19435)
CVE-2018-19435
CWE-138
High
WebERP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-19436)
CVE-2018-19436
CWE-138
High
WebERP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-13292)
CVE-2019-13292
CWE-138
Critical
WebERP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-7755)
CVE-2019-7755
CWE-138
High
WebERP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-46052)
CVE-2025-46052
CWE-138
Critical
WebERP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-46053)
CVE-2025-46053
CWE-138
Medium
WebERP Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2018-20420)
CVE-2018-20420
CWE-732
Medium
WebERP Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2020-22474)
CVE-2020-22474
CWE-732
Medium
WeBid Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2024-32166)
CVE-2024-32166
CWE-639
High
WeBid Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3815)
CVE-2011-3815
CWE-200
Medium
WeBid Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-47397)
CVE-2023-47397
CWE-94
Critical
WeBid Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-1000882)
CVE-2018-1000882
CWE-22
High
WeBid Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-5101)
CVE-2014-5101
CWE-707
Medium
WeBid Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1000868)
CVE-2018-1000868
CWE-707
Medium
WeBid Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-11592)
CVE-2019-11592
CWE-707
Medium
WeBid Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-7116)
CVE-2008-7116
CWE-138
High
WeBid Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-7119)
CVE-2008-7119
CWE-138
High
WeBid Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-1000867)
CVE-2018-1000867
CWE-138
High
WeBid Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-35409)
CVE-2024-35409
CWE-138
Critical
WeBid Incorrect Comparison Vulnerability (CVE-2020-23359)
CVE-2020-23359
CWE-697
Critical
WeBid Other Vulnerability (CVE-2014-5114)
CVE-2014-5114
-
High
WeBid Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-7117)
CVE-2008-7117
CWE-264
Medium
WeBid Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-7118)
CVE-2008-7118
CWE-264
Medium
WeBid Server-Side Request Forgery (SSRF) Vulnerability (CVE-2022-41477)
CVE-2022-41477
CWE-918
Critical
WebLogic admin console weak credentials
-
CWE-693
High
WebLogic Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2018-10237)
CVE-2018-10237
CWE-770
Medium
WebLogic Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-17359)
CVE-2019-17359
CWE-770
High
WebLogic Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2020-28491)
CVE-2020-28491
CWE-770
High
WebLogic Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2020-7226)
CVE-2020-7226
CWE-770
High
WebLogic Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-5397)
CVE-2020-5397
CWE-352
Medium
WebLogic CVE-2008-2578 Vulnerability (CVE-2008-2578)
CVE-2008-2578
-
Medium
WebLogic CVE-2008-2579 Vulnerability (CVE-2008-2579)
CVE-2008-2579
-
High
WebLogic CVE-2010-2375 Vulnerability (CVE-2010-2375)
CVE-2010-2375
-
Medium
WebLogic CVE-2010-4453 Vulnerability (CVE-2010-4453)
CVE-2010-4453
-
Medium
WebLogic CVE-2016-0572 Vulnerability (CVE-2016-0572)
CVE-2016-0572
-
High
WebLogic CVE-2016-0573 Vulnerability (CVE-2016-0573)
CVE-2016-0573
-
High
WebLogic CVE-2016-0574 Vulnerability (CVE-2016-0574)
CVE-2016-0574
-
High
WebLogic CVE-2016-0577 Vulnerability (CVE-2016-0577)
CVE-2016-0577
-
High
WebLogic CVE-2016-0638 Vulnerability (CVE-2016-0638)
CVE-2016-0638
-
Critical
WebLogic CVE-2016-0675 Vulnerability (CVE-2016-0675)
CVE-2016-0675
-
Medium
WebLogic CVE-2016-0688 Vulnerability (CVE-2016-0688)
CVE-2016-0688
-
Low
WebLogic CVE-2016-0696 Vulnerability (CVE-2016-0696)
CVE-2016-0696
-
Medium
WebLogic CVE-2016-0700 Vulnerability (CVE-2016-0700)
CVE-2016-0700
-
Medium
WebLogic CVE-2016-3416 Vulnerability (CVE-2016-3416)
CVE-2016-3416
-
Medium