Platform
Solutions
Pricing
Why Invicti
Resources Library
Get a demo
Home
/
Web Application Vulnerabilities
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
Web Application Vulnerabilities
This page lists
23441 vulnerabilities
in
68 categories
.
Critical: 1499
High: 12791
Medium: 8230
Low: 857
Information: 64
Vulnerability Name
CVE
CWE
Severity
IBM WebSEAL Other Vulnerability (CVE-2023-30998)
CVE-2023-30998
-
High
IBM WebSEAL Session Fixation Vulnerability (CVE-2018-1804)
CVE-2018-1804
CWE-384
Low
IBM WebSEAL Session Fixation Vulnerability (CVE-2019-4152)
CVE-2019-4152
CWE-384
Medium
IBM WebSEAL URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-1489)
CVE-2017-1489
CWE-601
Medium
IBM WebSEAL URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-4153)
CVE-2019-4153
CWE-601
Medium
IBM WebSEAL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2019-4156)
CVE-2019-4156
CWE-327
Medium
IBM WebSEAL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2023-38371)
CVE-2023-38371
CWE-327
High
IBM WebSEAL Use of Hard-coded Credentials Vulnerability (CVE-2018-1887)
CVE-2018-1887
CWE-798
High
IBM WebSEAL Weak Password Requirements Vulnerability (CVE-2024-35137)
CVE-2024-35137
CWE-521
Medium
IBM WebSphere administration console weak password
-
CWE-200
High
IBM WebSphere RCE Java Deserialization Vulnerability
CVE-2015-7450
CWE-502
High
IBM WebSphere/WebLogic application source file exposure
-
CWE-200
High
IBMHttpServer CVE-2010-0425 Vulnerability (CVE-2010-0425)
CVE-2010-0425
-
Critical
IBMHttpServer CVE-2012-5955 Vulnerability (CVE-2012-5955)
CVE-2012-5955
-
Critical
IBMHttpServer Improper Input Validation Vulnerability (CVE-2023-26281)
CVE-2023-26281
CWE-20
High
IBMHttpServer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-1360)
CVE-2011-1360
CWE-707
Medium
IBMHttpServer Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2015-4947)
CVE-2015-4947
CWE-119
Critical
IBMHttpServer Observable Discrepancy Vulnerability (CVE-2023-32342)
CVE-2023-32342
CWE-203
High
IBMHttpServer Other Vulnerability (CVE-2000-0505)
CVE-2000-0505
-
Medium
IBMHttpServer Other Vulnerability (CVE-2000-1168)
CVE-2000-1168
-
High
IBMHttpServer Other Vulnerability (CVE-2001-0122)
CVE-2001-0122
-
Medium
IBMHttpServer Other Vulnerability (CVE-2002-1822)
CVE-2002-1822
-
Medium
IBMHttpServer Other Vulnerability (CVE-2004-0263)
CVE-2004-0263
-
Medium
IBMHttpServer Other Vulnerability (CVE-2004-0492)
CVE-2004-0492
-
Critical
IBMHttpServer Other Vulnerability (CVE-2004-0493)
CVE-2004-0493
-
Medium
IBMHttpServer Other Vulnerability (CVE-2004-1082)
CVE-2004-1082
-
High
IBMHttpServer Other Vulnerability (CVE-2006-3918)
CVE-2006-3918
-
Medium
IIS extended unicode directory traversal vulnerability
CVE-2000-0884
CWE-22
High
IIS Path disclosure
-
CWE-200
Low
ImageMagick remote code execution
CVE-2016-3714
CWE-78
High
imgproxy SSRF (CVE-2023-30019)
CVE-2023-30019
CWE-918
Medium
Improper Authorization in Confluence Server and Data Center (CVE-2023-22518)
CVE-2023-22518
CWE-284
Critical
Incorrect Content Security Policy (CSP) Implementation
-
CWE-16
Information
InfluxDB Unauthorized Access Vulnerability
-
CWE-200
Medium
Ingress-Nginx "IngressNightmare" RCE (CVE-2025-1974)
CVE-2025-1974
CWE-653
Critical
Insecure crossdomain.xml policy
-
CWE-284
Medium
Insecure Frame (External)
-
CWE-829
Low
Insecure HTTP Usage
-
CWE-16
Medium
Insecure Protocol Detected in Content Security Policy (CSP)
-
CWE-16
Information
Insecure Referrer Policy
-
CWE-16
Information
Insecure transition from HTTP to HTTPS in form post
-
CWE-200
Medium
Insecure transition from HTTPS to HTTP in form post
-
CWE-200
Low
Insecure Transportation Security Protocol Supported (SSLv2)
-
CWE-326
High
Insecure Transportation Security Protocol Supported (SSLv3)
-
CWE-326
High
Insecure Transportation Security Protocol Supported (TLS 1.0)
-
CWE-326
High
Insecure Transportation Security Protocol Supported (TLS 1.1)
-
CWE-326
Low
Insecure usage of Version 1 UUID/GUID
-
CWE-328
Medium
Internet Information Server returns IP address in HTTP header (Content-Location)
-
CWE-200
Low
Internet Information Services Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2009-3023)
CVE-2009-3023
CWE-120
Critical
Internet Information Services Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-1999-0861)
CVE-1999-0861
CWE-362
Low
Internet Information Services Configuration Vulnerability (CVE-1999-0725)
CVE-1999-0725
-
High
Internet Information Services Configuration Vulnerability (CVE-2003-1566)
CVE-2003-1566
-
Medium
Internet Information Services CVE-2001-0146 Vulnerability (CVE-2001-0146)
CVE-2001-0146
-
Medium
Internet Information Services CVE-2002-1790 Vulnerability (CVE-2002-1790)
CVE-2002-1790
-
Medium
Internet Information Services CVE-2006-6578 Vulnerability (CVE-2006-6578)
CVE-2006-6578
-
High
Internet Information Services CVE-2008-0074 Vulnerability (CVE-2008-0074)
CVE-2008-0074
-
High
Internet Information Services CVE-2009-4444 Vulnerability (CVE-2009-4444)
CVE-2009-4444
-
Medium
Internet Information Services Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-1999-0348)
CVE-1999-0348
CWE-200
Medium
Internet Information Services Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2000-0649)
CVE-2000-0649
CWE-200
Low
Internet Information Services Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2002-0419)
CVE-2002-0419
CWE-200
Medium
Internet Information Services Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2002-0422)
CVE-2002-0422
CWE-200
Low
Internet Information Services Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2002-1717)
CVE-2002-1717
CWE-200
Medium
Internet Information Services Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2002-1718)
CVE-2002-1718
CWE-200
Medium
Internet Information Services Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2003-1567)
CVE-2003-1567
CWE-200
Medium
Internet Information Services Improper Authentication Vulnerability (CVE-2009-1122)
CVE-2009-1122
CWE-287
High
Internet Information Services Improper Authentication Vulnerability (CVE-2009-1535)
CVE-2009-1535
CWE-287
High
Internet Information Services Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-0075)
CVE-2008-0075
CWE-94
Critical
Internet Information Services Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2010-1256)
CVE-2010-1256
CWE-94
High
Internet Information Services Improper Input Validation Vulnerability (CVE-1999-0867)
CVE-1999-0867
CWE-20
Medium
Internet Information Services Improper Input Validation Vulnerability (CVE-2000-0258)
CVE-2000-0258
CWE-20
High
Internet Information Services Improper Input Validation Vulnerability (CVE-2009-4445)
CVE-2009-4445
CWE-20
Medium
Internet Information Services Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2002-1700)
CVE-2002-1700
CWE-707
Medium
Internet Information Services Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2003-1582)
CVE-2003-1582
CWE-707
Low
Internet Information Services Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-1999-0349)
CVE-1999-0349
CWE-119
High
Internet Information Services Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-1999-0874)
CVE-1999-0874
CWE-119
Critical
«
1
...
44
45
46
...
313
»
