Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Web Application Vulnerabilities

This page lists 24302 vulnerabilities in 62 categories.

Critical: 1589 High: 13053 Medium: 8721 Low: 870 Information: 69
Vulnerability Name
CVE
CWE
Severity
Grafana Improper Authentication Vulnerability (CVE-2018-15727)
CVE-2018-15727
CWE-287
Critical
Grafana Improper Authentication Vulnerability (CVE-2021-28148)
CVE-2021-28148
CWE-287
High
Grafana Improper Authentication Vulnerability (CVE-2021-39226)
CVE-2021-39226
CWE-287
High
Grafana Improper Authentication Vulnerability (CVE-2022-32276)
CVE-2022-32276
CWE-287
High
Grafana Improper Authentication Vulnerability (CVE-2022-39229)
CVE-2022-39229
CWE-287
Medium
Grafana Improper Authorization Vulnerability (CVE-2026-21724)
CVE-2026-21724
CWE-285
Medium
Grafana Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-27876)
CVE-2026-27876
CWE-94
Critical
Grafana Improper Input Validation Vulnerability (CVE-2022-39306)
CVE-2022-39306
CWE-20
High
Grafana Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-43798)
CVE-2021-43798
CWE-22
High
Grafana Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-43813)
CVE-2021-43813
CWE-22
Medium
Grafana Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-43815)
CVE-2021-43815
CWE-22
Medium
Grafana Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-32275)
CVE-2022-32275
CWE-22
High
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1000816)
CVE-2018-1000816
CWE-707
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-12099)
CVE-2018-12099
CWE-707
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-18623)
CVE-2018-18623
CWE-707
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-18624)
CVE-2018-18624
CWE-707
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-18625)
CVE-2018-18625
CWE-707
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-13068)
CVE-2019-13068
CWE-707
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-11110)
CVE-2020-11110
CWE-707
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-12052)
CVE-2020-12052
CWE-707
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-12245)
CVE-2020-12245
CWE-707
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13430)
CVE-2020-13430
CWE-707
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-24303)
CVE-2020-24303
CWE-707
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41174)
CVE-2021-41174
CWE-707
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-21702)
CVE-2022-21702
CWE-707
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-23552)
CVE-2022-23552
CWE-707
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-31097)
CVE-2022-31097
CWE-707
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-39324)
CVE-2022-39324
CWE-707
Low
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-0507)
CVE-2023-0507
CWE-707
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-0594)
CVE-2023-0594
CWE-707
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-1410)
CVE-2023-1410
CWE-707
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-22462)
CVE-2023-22462
CWE-707
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-41117)
CVE-2025-41117
CWE-707
Medium
Grafana Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2024-9264)
CVE-2024-9264
CWE-138
High
Grafana Improper Preservation of Permissions Vulnerability (CVE-2022-36062)
CVE-2022-36062
CWE-281
Low
Grafana Improper Synchronization Vulnerability (CVE-2023-2801)
CVE-2023-2801
CWE-662
Medium
Grafana Improper Verification of Cryptographic Signature Vulnerability (CVE-2022-31123)
CVE-2022-31123
CWE-347
High
Grafana Incorrect Authorization Vulnerability (CVE-2021-28146)
CVE-2021-28146
CWE-863
Medium
Grafana Incorrect Authorization Vulnerability (CVE-2022-21713)
CVE-2022-21713
CWE-863
Medium
Grafana Incorrect Authorization Vulnerability (CVE-2022-31107)
CVE-2022-31107
CWE-863
High
Grafana Incorrect Authorization Vulnerability (CVE-2023-6152)
CVE-2023-6152
CWE-863
Medium
Grafana Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-27962)
CVE-2021-27962
CWE-732
High
Grafana Incorrect Privilege Assignment Vulnerability (CVE-2025-41115)
CVE-2025-41115
CWE-266
Critical
Grafana Insufficiently Protected Credentials Vulnerability (CVE-2019-15635)
CVE-2019-15635
CWE-522
Medium
Grafana Insufficiently Protected Credentials Vulnerability (CVE-2022-31130)
CVE-2022-31130
CWE-522
High
Grafana Missing Authentication for Critical Function Vulnerability (CVE-2019-15043)
CVE-2019-15043
CWE-306
High
Grafana Missing Authentication for Critical Function Vulnerability (CVE-2022-28660)
CVE-2022-28660
CWE-306
Critical
Grafana Missing Authorization Vulnerability (CVE-2023-2183)
CVE-2023-2183
CWE-862
Medium
Grafana Open Redirect (CVE-2025-4123)
CVE-2025-4123
CWE-601
High
Grafana Other Vulnerability (CVE-2021-28147)
CVE-2021-28147
-
Medium
Grafana Out-of-bounds Write Vulnerability (CVE-2026-27879)
CVE-2026-27879
CWE-787
Medium
Grafana Out-of-bounds Write Vulnerability (CVE-2026-27880)
CVE-2026-27880
CWE-787
High
Grafana Plugin Dir Traversal (CVE-2021-43798)
CVE-2021-43798
CWE-200
High
Grafana Server-Side Request Forgery (SSRF) Vulnerability (CVE-2020-13379)
CVE-2020-13379
CWE-918
High
Grafana Signature Verification Vulnerability (CVE-2020-27846)
CVE-2020-27846
-
Critical
Grafana Snapshot Authentication Bypass (CVE-2021-39226)
CVE-2021-39226
CWE-287
High
Grafana Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2026-21725)
CVE-2026-21725
CWE-367
Low
Grafana Uncontrolled Resource Consumption Vulnerability (CVE-2026-21720)
CVE-2026-21720
CWE-400
High
Grafana Uncontrolled Resource Consumption Vulnerability (CVE-2026-28375)
CVE-2026-28375
CWE-400
Medium
Grafana Uncontrolled Resource Consumption Vulnerability (CVE-2026-33375)
CVE-2026-33375
CWE-400
Medium
Grafana URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-29170)
CVE-2022-29170
CWE-601
High
Grails database console
-
CWE-200
Medium
Grandnode Path Traversal (CVE-2019-12276)
CVE-2019-12276
CWE-22
High
GraphiQL Explorer/Playground Enabled
-
CWE-200
Medium
GraphQL Alias Overloading Allowed: Potential Denial of Service Vulnerability
-
CWE-400
Medium
GraphQL Array-based Query Batching Allowed: Potential Batching Attack Vulnerability
-
CWE-770
Medium
GraphQL Circular-Query via Introspection Allowed: Potential DoS Vulnerability
-
CWE-400
Medium
GraphQL Field Suggestions Enabled
-
CWE-200
Medium
GraphQL Introspection Query Enabled
-
CWE-200
Medium
GraphQL Non-JSON Mutations over GET: Potential CSRF Vulnerability
-
CWE-352
Medium
GraphQL Non-JSON Queries over GET: Potential CSRF Vulnerability
-
CWE-352
Medium
GraphQL Non-JSON Queries over POST: Potential CSRF Vulnerability
-
CWE-352
Medium
GraphQL Unauthenticated Mutation Detected
-
CWE-306
Medium
GraphQL Unhandled Error Leakage
-
CWE-209
Medium
Grav CMS Unauthenticated RCE (CVE-2021-21425)
CVE-2021-21425
CWE-284
High