Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.3.2229

Web Application Vulnerabilities

This page lists 24119 vulnerabilities in 70 categories.

Critical: 1560 High: 12984 Medium: 8644 Low: 865 Information: 66
Vulnerability Name
CVE
CWE
Severity
Claroline Other Vulnerability (CVE-2007-3517)
CVE-2007-3517
-
Medium
Claroline Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-37159)
CVE-2022-37159
CWE-434
Critical
Cleo Harmony/VLTrader/LexiCom RCE (CVE-2024-50623, CVE-2024-55956)
CVE-2024-55956
CWE-434
Critical
Clickjacking: CSP frame-ancestors missing
-
CWE-1021
Low
Client Side Template Injection
-
CWE-116
High
Client-Side Prototype Pollution
-
-
High
ClipBucket Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3717)
CVE-2011-3717
CWE-200
Medium
ClipBucket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-6642)
CVE-2012-6642
CWE-707
Medium
ClipBucket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-6644)
CVE-2012-6644
CWE-707
Medium
ClipBucket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-4673)
CVE-2015-4673
CWE-707
Medium
ClipBucket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-1000307)
CVE-2016-1000307
CWE-707
Medium
ClipBucket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-4848)
CVE-2016-4848
CWE-707
Medium
ClipBucket Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2018-7664)
CVE-2018-7664
CWE-138
Critical
ClipBucket Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-5849)
CVE-2012-5849
CWE-138
High
ClipBucket Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-6643)
CVE-2012-6643
CWE-138
High
ClipBucket Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-7666)
CVE-2018-7666
CWE-138
Critical
ClipBucket Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2013-10040)
CVE-2013-10040
CWE-434
Critical
ClipBucket Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-7665)
CVE-2018-7665
CWE-434
Critical
Clockwork PHP dev tool enabled
-
CWE-200
Medium
Cloud metadata publicly exposed
-
CWE-918
High
CloudPanel file-manager Auth bypass (CVE-2023-35885)
CVE-2023-35885
CWE-565
Critical
Cmd hijack vulnerability
-
CWE-94
High
Code Evaluation (Apache Struts) S2-016
CVE-2013-2251
CWE-20
Critical
Code Evaluation (Apache Struts) S2-045
CVE-2017-5638
CWE-94
Critical
Code Evaluation (Apache Struts) S2-046
CVE-2017-5638
CWE-94
High
Code Evaluation (ASP)
-
CWE-95
Critical
Code Evaluation (Perl)
-
CWE-94
Critical
Code Evaluation (PHP)
-
CWE-94
Critical
Code Evaluation (Python)
-
CWE-95
Critical
Code Evaluation (Ruby)
-
CWE-94
Critical
Code Execution via WebDav
-
CWE-434
High
CodeIgniter 2.1.3 xss_clean() filter bypass
CVE-2013-4891
CWE-80
High
CodeIgniter development mode enabled
-
CWE-16
Medium
CodeIgniter session decoding vulnerability
-
CWE-327
High
CodeIgniter weak encryption key
-
CWE-200
High
ColdFusion 8 FCKEditor file upload vulnerability
CVE-2009-2265
CWE-22
High
ColdFusion 9 solr service exposed
CVE-2010-0185
CWE-264
High
ColdFusion Access Control bypass (CVE-2023-29298/CVE-2023-38205)
CVE-2023-38205
CWE-284
High
ColdFusion administrator login page publicly available
-
CWE-200
Low
ColdFusion AMF Deserialization RCE
CVE-2017-3066
CWE-502
High
ColdFusion Arbitrary File Upload
CVE-2018-15961
CWE-434
High
ColdFusion CFC Deserialization RCE (CVE-2023-26359/CVE-2023-26360)
CVE-2023-26360
CWE-502
High
ColdFusion directory traversal
CVE-2010-2861
CWE-22
High
ColdFusion FlashGateway Deserialization RCE CVE-2019-7091
CVE-2019-7091
CWE-502
High
ColdFusion JNDI injection RCE
CVE-2018-15957
CWE-502
High
ColdFusion path disclosures
-
CWE-200
Low
ColdFusion PMS Arbitrary File Read (CVE-2024-20767)
CVE-2024-20767
CWE-284
High
ColdFusion RDS Service enabled
-
CWE-200
Low
ColdFusion Request Debugging information disclosure
-
CWE-200
Medium
ColdFusion Robust Exception enabled
-
CWE-200
Medium
ColdFusion User-Agent cross-site scripting
CVE-2007-0817
CWE-79
High
ColdFusion WDDX Deserialization RCE (CVE-2023-29300/CVE-2023-38203/CVE-2023-38204)
CVE-2023-38204
CWE-502
Critical
ColdFusion WDDX Deserialization RCE (CVE-2023-44353)
CVE-2023-44353
CWE-502
Critical
ColdFusion XSS (CVE-2023-44352)
CVE-2023-44352
CWE-79
Medium
Collabtive Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2010-5285)
CVE-2010-5285
CWE-352
Medium
Collabtive Improper Input Validation Vulnerability (CVE-2012-2670)
CVE-2012-2670
CWE-20
Medium
Collabtive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-5284)
CVE-2010-5284
CWE-707
Medium
Collabtive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-3247)
CVE-2014-3247
CWE-707
Medium
Collabtive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8935)
CVE-2019-8935
CWE-707
Medium
Collabtive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13655)
CVE-2020-13655
CWE-707
Medium
Collabtive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-3298)
CVE-2021-3298
CWE-707
Medium
Collabtive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-46240)
CVE-2024-46240
CWE-707
Medium
Collabtive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-48706)
CVE-2024-48706
CWE-707
Medium
Collabtive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-48707)
CVE-2024-48707
CWE-707
Medium
Collabtive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-48708)
CVE-2024-48708
CWE-707
Medium
Collabtive Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2010-4269)
CVE-2010-4269
CWE-138
High
Collabtive Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-6872)
CVE-2013-6872
CWE-138
Medium
Collabtive Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-3246)
CVE-2014-3246
CWE-138
Medium
Collabtive Improper Privilege Management Vulnerability (CVE-2013-5027)
CVE-2013-5027
CWE-269
Critical
Collabtive Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2015-0258)
CVE-2015-0258
CWE-434
High
Command Injection
-
CWE-94
Critical
Composer installed.json publicly accessible
-
CWE-200
Low
concrete5 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-8082)
CVE-2017-8082
CWE-352
Medium
concrete5 CVE-2020-14961 Vulnerability (CVE-2020-14961)
CVE-2020-14961
-
Medium
concrete5 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-5107)
CVE-2014-5107
CWE-200
Medium