Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.3.2229

Web Application Vulnerabilities

This page lists 24119 vulnerabilities in 70 categories.

Critical: 1560 High: 12984 Medium: 8644 Low: 865 Information: 66
Vulnerability Name
CVE
CWE
Severity
Cookies with missing, inconsistent or contradictory properties
-
CWE-284
Low
Cookies with Secure flag set over insecure connection
-
CWE-16
Information
Coppermine Cross-site Scripting (XSS) Vulnerability (CVE-2015-3921)
CVE-2015-3921
-
Low
Coppermine Cross-site Scripting (XSS) Vulnerability (CVE-2018-14478)
CVE-2018-14478
-
Medium
Coppermine Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-7187)
CVE-2008-7187
CWE-200
Medium
Coppermine Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3722)
CVE-2011-3722
CWE-200
Medium
Coppermine Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1614)
CVE-2012-1614
CWE-200
Medium
Coppermine Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-3923)
CVE-2015-3923
CWE-200
Medium
Coppermine Improper Authentication Vulnerability (CVE-2005-3979)
CVE-2005-3979
CWE-287
Medium
Coppermine Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-3481)
CVE-2008-3481
CWE-94
High
Coppermine Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-3486)
CVE-2008-3486
CWE-22
High
Coppermine Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-4667)
CVE-2010-4667
CWE-707
Medium
Coppermine Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-4693)
CVE-2010-4693
CWE-707
Medium
Coppermine Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-2476)
CVE-2011-2476
CWE-707
Medium
Coppermine Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-1613)
CVE-2012-1613
CWE-707
Low
Coppermine Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-4612)
CVE-2014-4612
CWE-707
Medium
Coppermine Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-0504)
CVE-2008-0504
CWE-138
Medium
Coppermine Multiple Cross-site Scripting (XSS) Vulnerabilities (CVE-2015-6528)
CVE-2015-6528
-
Medium
Coppermine Open Redirection Vulnerability (CVE-2015-3922)
CVE-2015-3922
-
Medium
Coppermine Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-7186)
CVE-2008-7186
CWE-264
Medium
Coppermine Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-53868)
CVE-2023-53868
CWE-434
High
Core dump checker PHP script
-
CWE-200
Medium
Core dump file
-
CWE-200
High
CouchDB REST API publicly accessible
-
CWE-285
High
cPanel XSS (CVE-2023-29489)
CVE-2023-29489
CWE-79
Medium
Craft CMS Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2025-68456)
CVE-2025-68456
CWE-770
Critical
Craft CMS Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2026-25497)
CVE-2026-25497
CWE-639
High
Craft CMS Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2026-28696)
CVE-2026-28696
CWE-639
High
Craft CMS Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2026-28781)
CVE-2026-28781
CWE-639
Medium
Craft CMS Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2026-28782)
CVE-2026-28782
CWE-639
Medium
Craft CMS Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2026-29069)
CVE-2026-29069
CWE-639
Medium
Craft CMS CVE-2017-8383 Vulnerability (CVE-2017-8383)
CVE-2017-8383
-
Medium
Craft CMS CVE-2024-21622 Vulnerability (CVE-2024-21622)
CVE-2024-21622
-
High
Craft CMS CVE-2025-32432 Vulnerability (CVE-2025-32432)
CVE-2025-32432
-
Critical
Craft CMS Development Mode enabled
-
CWE-200
Medium
Craft CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-14280)
CVE-2019-14280
CWE-200
Medium
Craft CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-68436)
CVE-2025-68436
CWE-200
Medium
Craft CMS Files or Directories Accessible to External Parties Vulnerability (CVE-2024-52292)
CVE-2024-52292
CWE-552
Medium
Craft CMS Improper Authentication Vulnerability (CVE-2024-41800)
CVE-2024-41800
CWE-287
High
Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-27903)
CVE-2021-27903
CWE-94
Critical
Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-30130)
CVE-2023-30130
CWE-94
High
Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-30179)
CVE-2023-30179
CWE-94
High
Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-41892)
CVE-2023-41892
CWE-94
Critical
Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-56145)
CVE-2024-56145
CWE-94
Critical
Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2025-23209)
CVE-2025-23209
CWE-94
High
Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2025-54417)
CVE-2025-54417
CWE-94
High
Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-28783)
CVE-2026-28783
CWE-94
Critical
Craft CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-52291)
CVE-2024-52291
CWE-22
High
Craft CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-52293)
CVE-2024-52293
CWE-22
High
Craft CMS Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2021-41824)
CVE-2021-41824
CWE-1236
High
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-8052)
CVE-2017-8052
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-8384)
CVE-2017-8384
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-9516)
CVE-2017-9516
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-20418)
CVE-2018-20418
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-12823)
CVE-2019-12823
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-17496)
CVE-2019-17496
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-9554)
CVE-2019-9554
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-19626)
CVE-2020-19626
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-27902)
CVE-2021-27902
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-32470)
CVE-2021-32470
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-28378)
CVE-2022-28378
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-37246)
CVE-2022-37246
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-37247)
CVE-2022-37247
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-37248)
CVE-2022-37248
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-37250)
CVE-2022-37250
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-37251)
CVE-2022-37251
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-23927)
CVE-2023-23927
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-2817)
CVE-2023-2817
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-30177)
CVE-2023-30177
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-31144)
CVE-2023-31144
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-33194)
CVE-2023-33194
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-33195)
CVE-2023-33195
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-33196)
CVE-2023-33196
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-33197)
CVE-2023-33197
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-33495)
CVE-2023-33495
CWE-707
Medium