Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.3.2229

Web Application Vulnerabilities

This page lists 24119 vulnerabilities in 70 categories.

Critical: 1560 High: 12984 Medium: 8644 Low: 865 Information: 66
Vulnerability Name
CVE
CWE
Severity
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-36259)
CVE-2023-36259
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-45406)
CVE-2024-45406
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-25491)
CVE-2026-25491
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-25496)
CVE-2026-25496
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-27126)
CVE-2026-27126
CWE-707
Medium
Craft CMS Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2020-9757)
CVE-2020-9757
CWE-138
High
Craft CMS Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-32679)
CVE-2023-32679
CWE-138
High
Craft CMS Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-36260)
CVE-2023-36260
CWE-138
High
Craft CMS Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-40035)
CVE-2023-40035
CWE-138
High
Craft CMS Improper Neutralization of Special Elements Used in a Template Engine Vulnerability (CVE-2025-46731)
CVE-2025-46731
CWE-138
High
Craft CMS Improper Neutralization of Special Elements Used in a Template Engine Vulnerability (CVE-2025-57811)
CVE-2025-57811
CWE-138
High
Craft CMS Improper Neutralization of Special Elements Used in a Template Engine Vulnerability (CVE-2025-68454)
CVE-2025-68454
CWE-138
High
Craft CMS Improper Neutralization of Special Elements Used in a Template Engine Vulnerability (CVE-2026-28695)
CVE-2026-28695
CWE-138
High
Craft CMS Improper Neutralization of Special Elements Used in a Template Engine Vulnerability (CVE-2026-28697)
CVE-2026-28697
CWE-138
Critical
Craft CMS Improper Neutralization of Special Elements Used in a Template Engine Vulnerability (CVE-2026-28784)
CVE-2026-28784
CWE-138
High
Craft CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-37843)
CVE-2024-37843
CWE-138
Critical
Craft CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-25495)
CVE-2026-25495
CWE-138
High
Craft CMS Missing Encryption of Sensitive Data Vulnerability (CVE-2018-20465)
CVE-2018-20465
CWE-311
High
Craft CMS Missing Encryption of Sensitive Data Vulnerability (CVE-2022-37783)
CVE-2022-37783
CWE-311
High
Craft CMS Other Vulnerability (CVE-2025-35939)
CVE-2025-35939
-
Medium
Craft CMS RCE (CVE-2023-41892)
CVE-2023-41892
CWE-94
Critical
Craft CMS RCE (CVE-2025-32432)
CVE-2025-32432
CWE-470
Critical
Craft CMS register_argc_argv RCE (CVE-2024-56145)
CVE-2024-56145
CWE-94
Critical
Craft CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-68437)
CVE-2025-68437
CWE-918
Medium
Craft CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2026-25492)
CVE-2026-25492
CWE-918
Medium
Craft CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2026-25493)
CVE-2026-25493
CWE-918
Medium
Craft CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2026-25494)
CVE-2026-25494
CWE-918
Medium
Craft CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2026-27129)
CVE-2026-27129
CWE-918
Medium
Craft CMS Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2026-27127)
CVE-2026-27127
CWE-367
Medium
Craft CMS Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2026-27128)
CVE-2026-27128
CWE-367
Medium
Craft CMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-3814)
CVE-2018-3814
CWE-434
High
Craft CMS Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') Vulnerability (CVE-2025-68455)
CVE-2025-68455
CWE-470
High
Craft CMS Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') Vulnerability (CVE-2026-25498)
CVE-2026-25498
CWE-470
High
Craft CMS Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2017-8385)
CVE-2017-8385
CWE-640
Medium
Craft CMS Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2019-15929)
CVE-2019-15929
CWE-640
Critical
Craft CMS Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2022-29933)
CVE-2022-29933
CWE-640
High
CRIME SSL/TLS attack
CVE-2012-4929
CWE-310
Medium
CRLF injection/HTTP response splitting (Web Server)
-
CWE-113
Medium
CRMEB SQL Injection (CVE-2024-36837)
CVE-2024-36837
CWE-89
High
Cross frame scripting
-
CWE-79
Medium
Cross Site Scripting (Category Description) (CMS Made Simple)
CVE-2017-6555
CWE-79
Medium
Cross Site Scripting (globalmetadata) (CMS Made Simple)
CVE-2017-6556
CWE-79
Medium
Cross site scripting (requiring unencoded quote)
-
CWE-79
Information
Cross site scripting (requiring unencoded tag delimiter)
-
CWE-79
Information
Cross site scripting (XSS) in ASP.NET via ResolveUrl
-
CWE-79
High
Cross site scripting in HTTP-01 ACME challenge implementation
-
CWE-79
High
Cross site scripting via Bootstrap
-
CWE-79
High
Cross-Site Request Forgery (CSRF) (CMS Made Simple)
CVE-2016-7904
CWE-352
Medium
Cross-site Scripting
-
CWE-79
High
Cross-site Scripting (DOM based)
-
CWE-79
High
Cross-site Scripting via File Upload
-
CWE-79
High
Cross-site Scripting via Remote File Inclusion
-
CWE-79
High
Cross-site scripting vulnerability in Google Web Toolkit
CVE-2012-4563
CWE-80
High
Cross-site scripting vulnerability in Google Web Toolkit (CVE-2012-5920)
CVE-2012-5920
CWE-80
High
CrushFTP Authentication Bypass (CVE-2025-2825)
CVE-2025-2825
CWE-287
Critical
CrushFTP Server Deserialization of Untrusted Data Vulnerability (CVE-2017-14035)
CVE-2017-14035
CWE-502
Critical
CrushFTP Server Improper Control of Dynamically-Managed Code Resources Vulnerability (CVE-2023-43177)
CVE-2023-43177
CWE-913
Critical
CrushFTP Server Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-4040)
CVE-2024-4040
CWE-94
Critical
CrushFTP Server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2025-32103)
CVE-2025-32103
CWE-22
Medium
CrushFTP Server Improper Neutralization of CRLF Sequences ('CRLF Injection') Vulnerability (CVE-2017-14037)
CVE-2017-14037
CWE-707
Medium
CrushFTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-14036)
CVE-2017-14036
CWE-707
Medium
CrushFTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-44076)
CVE-2021-44076
CWE-707
Medium
CrushFTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-22910)
CVE-2024-22910
CWE-707
Medium
CrushFTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-63419)
CVE-2025-63419
CWE-707
Medium
CrushFTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-63420)
CVE-2025-63420
CWE-707
Medium
CrushFTP Server Improper Validation of Integrity Check Value Vulnerability (CVE-2023-48795)
CVE-2023-48795
CWE-354
Medium
CrushFTP Server Other Vulnerability (CVE-2025-31161)
CVE-2025-31161
-
Critical
CrushFTP Server Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-32102)
CVE-2025-32102
CWE-918
Medium
CrushFTP Server Unprotected Alternate Channel Vulnerability (CVE-2025-54309)
CVE-2025-54309
CWE-420
Critical
CrushFTP Server URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-14038)
CVE-2017-14038
CWE-601
Medium
CrushFTP Server URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-18288)
CVE-2018-18288
CWE-601
Medium
CrushFTP Server Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2024-53552)
CVE-2024-53552
CWE-640
Critical
CrushFTP SSTI (CVE-2024-4040)
CVE-2024-4040
CWE-94
Critical
CubeCart Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-38130)
CVE-2023-38130
CWE-352
High
CubeCart Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3724)
CVE-2011-3724
CWE-200
Medium