Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Web Application Vulnerabilities

This page lists 24254 vulnerabilities in 62 categories.

Critical: 1581 High: 13032 Medium: 8704 Low: 868 Information: 69
Vulnerability Name
CVE
CWE
Severity
EspoCRM URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2024-24818)
CVE-2024-24818
CWE-601
Medium
Express cookie-session weak secret key
-
CWE-693
Medium
Express Development Mode enabled
-
CWE-200
Medium
Express express-session weak secret key
-
CWE-693
Information
Expression language injection
-
CWE-917
High
ExpressJs Local File Read via the layout parameter
-
CWE-22
High
Ext JS arbitrary file read
-
CWE-22
High
Ext JS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-8046)
CVE-2018-8046
CWE-707
Medium
Ext JS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2007-6758)
CVE-2007-6758
CWE-918
High
F5 BIG-IP Cookie Information Disclosure
-
CWE-200
Low
F5 BIG-IP Request Smuggling (CVE-2023-46747)
CVE-2023-46747
CWE-288
Critical
F5 BIG-IP Traffic Management User Interface (TMUI) RCE
CVE-2020-5902
CWE-78
High
F5 iControl REST unauthenticated remote command execution vulnerability
CVE-2021-22986
CWE-78
High
Family Connections Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-0699)
CVE-2012-0699
CWE-352
High
Family Connections Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2010-3419)
CVE-2010-3419
CWE-94
High
Family Connections Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-5130)
CVE-2011-5130
CWE-94
Medium
Family Connections Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-2901)
CVE-2008-2901
CWE-138
Medium
Family Connections Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-2010)
CVE-2009-2010
CWE-138
Medium
Family Connections Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-4338)
CVE-2007-4338
CWE-264
Critical
fancybox Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-1494)
CVE-2015-1494
CWE-707
Medium
FastAdmin Path Traversal (CVE-2024-7928)
CVE-2024-7928
CWE-22
High
FastCGI Unauthorized Access Vulnerability
-
CWE-78
High
FCKeditor arbitrary file upload
CVE-2009-2265
CWE-22
Medium
FCKeditor spellchecker.php cross site scripting vulnerability
CVE-2012-4000
CWE-79
High
File Content Disclosure in Action View
CVE-2019-5418
CWE-200
High
File creation via HTTP method PUT
-
CWE-669
High
File tampering
-
CWE-20
Medium
File Upload Functionality Detected
-
-
Information
File upload XSS (Java applet)
-
CWE-79
High
Firebase database accessible without authentication
-
CWE-200
Medium
Flask debug mode
-
CWE-489
High
Flask weak secret key
-
CWE-693
Medium
Flex BlazeDS AMF Deserialization RCE
CVE-2017-5641
CWE-502
High
Flowise Authentication Bypass (CVE-2024-31621)
CVE-2024-31621
CWE-287
Critical
FluxBB CVE-2011-3621 Vulnerability (CVE-2011-3621)
CVE-2011-3621
-
Critical
FluxBB Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-9574)
CVE-2014-9574
CWE-22
Critical
FluxBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-35240)
CVE-2020-35240
CWE-707
Medium
FluxBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-43677)
CVE-2021-43677
CWE-707
Medium
FluxBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-44110)
CVE-2025-44110
CWE-707
Medium
FluxBB Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-10029)
CVE-2014-10029
CWE-138
High
FluxBB Other Vulnerability (CVE-2014-10030)
CVE-2014-10030
-
Medium
FluxBB Use of Password Hash With Insufficient Computational Effort Vulnerability (CVE-2020-28873)
CVE-2020-28873
CWE-916
High
ForgeRock AM / OpenAM Deserialization RCE (CVE-2021-35464)
CVE-2021-35464
CWE-502
High
ForgeRock OpenAM Deserialization RCE (CVE-2021-29156)
CVE-2021-29156
CWE-502
High
Fortigate SSL VPN Arbitrary File reading (CVE-2018-13379)
CVE-2018-13379
CWE-22
High
Fortinet Authentication bypass on administrative interface
CVE-2022-40684
CWE-288
High
Fortinet FortiNAC RCE via arbitrary file upload
CVE-2022-39952
CWE-73
High
Fortinet Out-Of-Bound Memory Write RCE (CVE-2024-21762)
CVE-2024-21762
CWE-787
Critical
FortiWeb Authentication Bypass (CVE-2025-64446)
CVE-2025-58034
CWE-23
Critical
FrontAccounting Cross-site Request Forgery (CSRF) Vulnerability (CVE-2018-7176)
CVE-2018-7176
-
High
Frontaccounting Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3740)
CVE-2011-3740
CWE-200
Medium
Frontaccounting Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-5117)
CVE-2007-5117
CWE-94
Critical
Frontaccounting Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-5148)
CVE-2007-5148
CWE-94
Medium
Frontaccounting Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2020-21244)
CVE-2020-21244
CWE-22
Medium
Frontaccounting Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-4037)
CVE-2009-4037
CWE-138
High
Frontaccounting Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-4045)
CVE-2009-4045
CWE-138
High
Frontaccounting Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-1000890)
CVE-2018-1000890
CWE-138
High
Frontaccounting Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-5720)
CVE-2019-5720
CWE-138
Critical
FrontAccounting Multiple SQL Injection Vulnerabilities (CVE-2014-3973)
CVE-2014-3973
-
High
Frontaccounting Other Vulnerability (CVE-2007-4279)
CVE-2007-4279
-
High
Frontpage authors.pwd available
-
CWE-538
Medium
FrontPage Identified
-
CWE-200
Low
Full public read access Azure blob storage
-
CWE-732
Medium
Gallery 3.0.4 remote code execution
-
CWE-20
High
Generic Email Address Disclosure
-
CWE-200
Information
Genericons DOM-based XSS vulnerability
-
CWE-80
High
GeoServer CVE-2023-35042 Vulnerability (CVE-2023-35042)
CVE-2023-35042
-
Critical
GeoServer CVE-2024-34696 Vulnerability (CVE-2024-34696)
CVE-2024-34696
-
Medium
GeoServer CVE-2024-35230 Vulnerability (CVE-2024-35230)
CVE-2024-35230
-
Medium
GeoServer Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2024-34711)
CVE-2024-34711
CWE-200
High
GeoServer Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2024-38524)
CVE-2024-38524
CWE-200
High
GeoServer Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-36401)
CVE-2024-36401
CWE-94
Critical
GeoServer Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-41877)
CVE-2023-41877
CWE-22
High
GeoServer Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-24749)
CVE-2024-24749
CWE-22
High
GeoServer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-51445)
CVE-2023-51445
CWE-707
Medium