Platform
Solutions
Pricing
Why Invicti
Resources Library
Get a demo
Home
/
Web Application Vulnerabilities
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
Web Application Vulnerabilities
This page lists
23441 vulnerabilities
in
68 categories
.
Critical: 1499
High: 12791
Medium: 8230
Low: 857
Information: 64
Vulnerability Name
CVE
CWE
Severity
Grafana Improper Input Validation Vulnerability (CVE-2022-39306)
CVE-2022-39306
CWE-20
High
Grafana Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-43798)
CVE-2021-43798
CWE-22
High
Grafana Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-43813)
CVE-2021-43813
CWE-22
Medium
Grafana Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-43815)
CVE-2021-43815
CWE-22
Medium
Grafana Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-32275)
CVE-2022-32275
CWE-22
High
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1000816)
CVE-2018-1000816
CWE-707
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-12099)
CVE-2018-12099
CWE-707
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-18623)
CVE-2018-18623
CWE-707
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-18624)
CVE-2018-18624
CWE-707
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-18625)
CVE-2018-18625
CWE-707
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-13068)
CVE-2019-13068
CWE-707
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-11110)
CVE-2020-11110
CWE-707
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-12052)
CVE-2020-12052
CWE-707
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-12245)
CVE-2020-12245
CWE-707
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13430)
CVE-2020-13430
CWE-707
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-24303)
CVE-2020-24303
CWE-707
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41174)
CVE-2021-41174
CWE-707
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-21702)
CVE-2022-21702
CWE-707
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-23552)
CVE-2022-23552
CWE-707
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-31097)
CVE-2022-31097
CWE-707
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-39324)
CVE-2022-39324
CWE-707
Low
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-0507)
CVE-2023-0507
CWE-707
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-0594)
CVE-2023-0594
CWE-707
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-1410)
CVE-2023-1410
CWE-707
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-22462)
CVE-2023-22462
CWE-707
Medium
Grafana Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2024-9264)
CVE-2024-9264
CWE-138
High
Grafana Improper Preservation of Permissions Vulnerability (CVE-2022-36062)
CVE-2022-36062
CWE-281
Low
Grafana Improper Synchronization Vulnerability (CVE-2023-2801)
CVE-2023-2801
CWE-662
Medium
Grafana Improper Verification of Cryptographic Signature Vulnerability (CVE-2022-31123)
CVE-2022-31123
CWE-347
High
Grafana Incorrect Authorization Vulnerability (CVE-2021-28146)
CVE-2021-28146
CWE-863
Medium
Grafana Incorrect Authorization Vulnerability (CVE-2022-21713)
CVE-2022-21713
CWE-863
Medium
Grafana Incorrect Authorization Vulnerability (CVE-2022-31107)
CVE-2022-31107
CWE-863
High
Grafana Incorrect Authorization Vulnerability (CVE-2023-6152)
CVE-2023-6152
CWE-863
Medium
Grafana Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-27962)
CVE-2021-27962
CWE-732
High
Grafana Insufficiently Protected Credentials Vulnerability (CVE-2019-15635)
CVE-2019-15635
CWE-522
Medium
Grafana Insufficiently Protected Credentials Vulnerability (CVE-2022-31130)
CVE-2022-31130
CWE-522
High
Grafana Missing Authentication for Critical Function Vulnerability (CVE-2019-15043)
CVE-2019-15043
CWE-306
High
Grafana Missing Authentication for Critical Function Vulnerability (CVE-2022-28660)
CVE-2022-28660
CWE-306
Critical
Grafana Missing Authorization Vulnerability (CVE-2023-2183)
CVE-2023-2183
CWE-862
Medium
Grafana Open Redirect (CVE-2025-4123)
CVE-2025-4123
CWE-601
High
Grafana Other Vulnerability (CVE-2021-28147)
CVE-2021-28147
-
Medium
Grafana Plugin Dir Traversal (CVE-2021-43798)
CVE-2021-43798
CWE-200
High
Grafana Server-Side Request Forgery (SSRF) Vulnerability (CVE-2020-13379)
CVE-2020-13379
CWE-918
High
Grafana Signature Verification Vulnerability (CVE-2020-27846)
CVE-2020-27846
-
Critical
Grafana Snapshot Authentication Bypass (CVE-2021-39226)
CVE-2021-39226
CWE-287
High
Grafana URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-29170)
CVE-2022-29170
CWE-601
High
Grails database console
-
CWE-200
Medium
Grandnode Path Traversal (CVE-2019-12276)
CVE-2019-12276
CWE-22
High
GraphiQL Explorer/Playground Enabled
-
CWE-200
Medium
GraphQL Alias Overloading Allowed: Potential Denial of Service Vulnerability
-
CWE-400
Medium
GraphQL Array-based Query Batching Allowed: Potential Batching Attack Vulnerability
-
CWE-770
Medium
GraphQL Circular-Query via Introspection Allowed: Potential DoS Vulnerability
-
CWE-400
Medium
GraphQL Field Suggestions Enabled
-
CWE-200
Medium
GraphQL Introspection Query Enabled
-
CWE-200
Medium
GraphQL Non-JSON Mutations over GET: Potential CSRF Vulnerability
-
CWE-352
Medium
GraphQL Non-JSON Queries over GET: Potential CSRF Vulnerability
-
CWE-352
Medium
GraphQL Non-JSON Queries over POST: Potential CSRF Vulnerability
-
CWE-352
Medium
GraphQL Unauthenticated Mutation Detected
-
CWE-306
Medium
GraphQL Unhandled Error Leakage
-
CWE-209
Medium
Grav CMS Unauthenticated RCE (CVE-2021-21425)
CVE-2021-21425
CWE-284
High
GSAP CVE-2020-28478 Vulnerability (CVE-2020-28478)
CVE-2020-28478
-
High
Gunicorn Improper Neutralization of CRLF Sequences ('CRLF Injection') Vulnerability (CVE-2018-1000164)
CVE-2018-1000164
CWE-707
High
H2 console publicly accessible
-
CWE-287
Low
Hadoop cluster web interface
-
CWE-200
Medium
Hadoop YARN ResourceManager publicly accessible
-
CWE-200
High
Handlebars CVE-2021-23369 Vulnerability (CVE-2021-23369)
CVE-2021-23369
-
Critical
Handlebars Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-20920)
CVE-2019-20920
CWE-94
High
Handlebars Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-8861)
CVE-2015-8861
CWE-707
Medium
Handlebars Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2019-19919)
CVE-2019-19919
CWE-138
Critical
Handlebars Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2019-20922)
CVE-2019-20922
CWE-835
High
Handlebars Other Vulnerability (CVE-2021-23383)
CVE-2021-23383
-
Critical
Harbor Unauthorized Access Vulnerability
CVE-2022-46463
CWE-200
High
Hashicorp Consul API is accessible without authentication
-
CWE-200
Medium
Hasura GraphQL API without authentication
-
CWE-200
Medium
Hesk Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3743)
CVE-2011-3743
CWE-200
Medium
«
1
...
40
41
42
...
313
»
