Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Web Application Vulnerabilities

This page lists 24254 vulnerabilities in 62 categories.

Critical: 1581 High: 13032 Medium: 8704 Low: 868 Information: 69
Vulnerability Name
CVE
CWE
Severity
Envoy Proxy NULL Pointer Dereference Vulnerability (CVE-2021-28683)
CVE-2021-28683
CWE-476
High
Envoy Proxy NULL Pointer Dereference Vulnerability (CVE-2021-43824)
CVE-2021-43824
CWE-476
High
Envoy Proxy NULL Pointer Dereference Vulnerability (CVE-2022-29224)
CVE-2022-29224
CWE-476
Medium
Envoy Proxy NULL Pointer Dereference Vulnerability (CVE-2024-23327)
CVE-2024-23327
CWE-476
High
Envoy Proxy NULL Pointer Dereference Vulnerability (CVE-2024-45809)
CVE-2024-45809
CWE-476
High
Envoy Proxy NULL Pointer Dereference Vulnerability (CVE-2024-53270)
CVE-2024-53270
CWE-476
High
Envoy Proxy NULL Pointer Dereference Vulnerability (CVE-2025-62409)
CVE-2025-62409
CWE-476
High
Envoy Proxy NULL Pointer Dereference Vulnerability (CVE-2025-64527)
CVE-2025-64527
CWE-476
Medium
Envoy Proxy Off-by-one Error Vulnerability (CVE-2026-26309)
CVE-2026-26309
CWE-193
Medium
Envoy Proxy Origin Validation Error Vulnerability (CVE-2020-15104)
CVE-2020-15104
CWE-346
Medium
Envoy Proxy Other Vulnerability (CVE-2020-25017)
CVE-2020-25017
-
High
Envoy Proxy Other Vulnerability (CVE-2024-34363)
CVE-2024-34363
-
High
Envoy Proxy Out-of-bounds Write Vulnerability (CVE-2019-18801)
CVE-2019-18801
CWE-787
Critical
Envoy Proxy Out-of-bounds Write Vulnerability (CVE-2024-34364)
CVE-2024-34364
CWE-787
Medium
Envoy Proxy Overly Restrictive Regular Expression Vulnerability (CVE-2025-46821)
CVE-2025-46821
CWE-186
Medium
Envoy Proxy Protection Mechanism Failure Vulnerability (CVE-2025-64763)
CVE-2025-64763
CWE-693
Medium
Envoy Proxy Reachable Assertion Vulnerability (CVE-2021-29258)
CVE-2021-29258
CWE-617
High
Envoy Proxy Reachable Assertion Vulnerability (CVE-2022-29228)
CVE-2022-29228
CWE-617
High
Envoy Proxy Reachable Assertion Vulnerability (CVE-2024-32475)
CVE-2024-32475
CWE-617
High
Envoy Proxy Uncontrolled Recursion Vulnerability (CVE-2022-23606)
CVE-2022-23606
CWE-674
Medium
Envoy Proxy Uncontrolled Resource Consumption Vulnerability (CVE-2019-15226)
CVE-2019-15226
CWE-400
High
Envoy Proxy Uncontrolled Resource Consumption Vulnerability (CVE-2020-12603)
CVE-2020-12603
CWE-400
High
Envoy Proxy Uncontrolled Resource Consumption Vulnerability (CVE-2020-12605)
CVE-2020-12605
CWE-400
High
Envoy Proxy Uncontrolled Resource Consumption Vulnerability (CVE-2020-8663)
CVE-2020-8663
CWE-400
High
Envoy Proxy Uncontrolled Resource Consumption Vulnerability (CVE-2023-44487)
CVE-2023-44487
CWE-400
High
Envoy Proxy Uncontrolled Resource Consumption Vulnerability (CVE-2024-23323)
CVE-2024-23323
CWE-400
Medium
Envoy Proxy Use After Free Vulnerability (CVE-2021-43825)
CVE-2021-43825
CWE-416
High
Envoy Proxy Use After Free Vulnerability (CVE-2021-43826)
CVE-2021-43826
CWE-416
High
Envoy Proxy Use After Free Vulnerability (CVE-2022-29227)
CVE-2022-29227
CWE-416
High
Envoy Proxy Use After Free Vulnerability (CVE-2023-35942)
CVE-2023-35942
CWE-416
Medium
Envoy Proxy Use After Free Vulnerability (CVE-2023-35943)
CVE-2023-35943
CWE-416
High
Envoy Proxy Use After Free Vulnerability (CVE-2024-23322)
CVE-2024-23322
CWE-416
High
Envoy Proxy Use After Free Vulnerability (CVE-2024-32974)
CVE-2024-32974
CWE-416
High
Envoy Proxy Use After Free Vulnerability (CVE-2024-34362)
CVE-2024-34362
CWE-416
Medium
Envoy Proxy Use After Free Vulnerability (CVE-2024-39305)
CVE-2024-39305
CWE-416
Critical
Envoy Proxy Use After Free Vulnerability (CVE-2025-54588)
CVE-2025-54588
CWE-416
High
Envoy Proxy Use After Free Vulnerability (CVE-2025-62504)
CVE-2025-62504
CWE-416
High
Envoy Proxy Use After Free Vulnerability (CVE-2026-26311)
CVE-2026-26311
CWE-416
Medium
Envoy Proxy Use After Free Vulnerability (CVE-2026-26330)
CVE-2026-26330
CWE-416
High
Envoy Proxy Use of Incorrectly-Resolved Name or Reference Vulnerability (CVE-2019-9901)
CVE-2019-9901
CWE-706
Critical
Envoy Wrong DOWNSTREAM_REMOTE_ADDRESS logged Issue (CVE-2020-35470)
CVE-2020-35470
-
High
Error page path disclosure
-
CWE-200
Low
Error page web server version disclosure
-
CWE-200
Information
EspoCRM Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2020-37094)
CVE-2020-37094
CWE-639
Critical
EspoCRM Cleartext Transmission of Sensitive Information Vulnerability (CVE-2022-38846)
CVE-2022-38846
CWE-319
Medium
EspoCRM Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-32789)
CVE-2025-32789
CWE-200
Low
EspoCRM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-7985)
CVE-2014-7985
CWE-22
Critical
EspoCRM Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2022-38844)
CVE-2022-38844
CWE-1236
High
EspoCRM Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2022-38845)
CVE-2022-38845
CWE-1236
Medium
EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-7987)
CVE-2014-7987
CWE-707
Medium
EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-17301)
CVE-2018-17301
CWE-707
Medium
EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-17302)
CVE-2018-17302
CWE-707
Medium
EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-13643)
CVE-2019-13643
CWE-707
Medium
EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14329)
CVE-2019-14329
CWE-707
Medium
EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14330)
CVE-2019-14330
CWE-707
Medium
EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14331)
CVE-2019-14331
CWE-707
Medium
EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14349)
CVE-2019-14349
CWE-707
Medium
EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14350)
CVE-2019-14350
CWE-707
Medium
EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14546)
CVE-2019-14546
CWE-707
Medium
EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14547)
CVE-2019-14547
CWE-707
Medium
EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14548)
CVE-2019-14548
CWE-707
Medium
EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14549)
CVE-2019-14549
CWE-707
Medium
EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14550)
CVE-2019-14550
CWE-707
Medium
EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-3539)
CVE-2021-3539
CWE-707
Medium
EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-59428)
CVE-2025-59428
CWE-707
Medium
EspoCRM Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2025-32390)
CVE-2025-32390
CWE-138
High
EspoCRM Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') Vulnerability (CVE-2025-52575)
CVE-2025-52575
CWE-138
Medium
EspoCRM Improper Restriction of Excessive Authentication Attempts Vulnerability (CVE-2019-14351)
CVE-2019-14351
CWE-307
High
EspoCRM Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2025-32385)
CVE-2025-32385
CWE-1021
Medium
EspoCRM Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2025-52892)
CVE-2025-52892
-
Medium
EspoCRM Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-7986)
CVE-2014-7986
CWE-264
Medium
EspoCRM Server-Side Request Forgery (SSRF) Vulnerability (CVE-2023-46736)
CVE-2023-46736
CWE-918
Medium
EspoCRM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-38843)
CVE-2022-38843
CWE-434
High
EspoCRM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-5965)
CVE-2023-5965
CWE-434
High
EspoCRM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-5966)
CVE-2023-5966
CWE-434
High