Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Web Application Vulnerabilities

This page lists 24302 vulnerabilities in 62 categories.

Critical: 1589 High: 13053 Medium: 8721 Low: 870 Information: 69
Vulnerability Name
CVE
CWE
Severity
GSAP CVE-2020-28478 Vulnerability (CVE-2020-28478)
CVE-2020-28478
-
High
Gunicorn Improper Neutralization of CRLF Sequences ('CRLF Injection') Vulnerability (CVE-2018-1000164)
CVE-2018-1000164
CWE-707
High
H2 console publicly accessible
-
CWE-287
Low
Hadoop cluster web interface
-
CWE-200
Medium
Hadoop YARN ResourceManager publicly accessible
-
CWE-200
High
Handlebars CVE-2021-23369 Vulnerability (CVE-2021-23369)
CVE-2021-23369
-
Critical
Handlebars Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2026-33939)
CVE-2026-33939
CWE-754
High
Handlebars Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-20920)
CVE-2019-20920
CWE-94
High
Handlebars Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-33937)
CVE-2026-33937
CWE-94
Critical
Handlebars Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-33938)
CVE-2026-33938
CWE-94
High
Handlebars Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-33940)
CVE-2026-33940
CWE-94
High
Handlebars Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-8861)
CVE-2015-8861
CWE-707
Medium
Handlebars Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-33916)
CVE-2026-33916
CWE-707
Medium
Handlebars Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-33941)
CVE-2026-33941
CWE-707
High
Handlebars Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2019-19919)
CVE-2019-19919
CWE-138
Critical
Handlebars Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2019-20922)
CVE-2019-20922
CWE-835
High
Handlebars Other Vulnerability (CVE-2021-23383)
CVE-2021-23383
-
Critical
Harbor Unauthorized Access Vulnerability
CVE-2022-46463
CWE-200
High
Hashicorp Consul API is accessible without authentication
-
CWE-200
Medium
Hasura GraphQL API without authentication
-
CWE-200
Medium
Hesk Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3743)
CVE-2011-3743
CWE-200
Medium
Hesk Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-5287)
CVE-2011-5287
CWE-707
Medium
Hesk Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13897)
CVE-2020-13897
CWE-707
Medium
Hiawatha CVE-2025-57783 Vulnerability (CVE-2025-57783)
CVE-2025-57783
-
Medium
Hiawatha CVE-2025-57784 Vulnerability (CVE-2025-57784)
CVE-2025-57784
-
Low
Hiawatha Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-8358)
CVE-2019-8358
CWE-22
High
Hibernate Query Language (HQL) Injection
-
CWE-564
High
Highcharts JS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-29489)
CVE-2021-29489
CWE-707
Medium
Highcharts JS Incorrect Regular Expression Vulnerability (CVE-2018-20801)
CVE-2018-20801
CWE-185
High
HipChat for JIRA plugin - Velocity template injection
CVE-2015-5603
CWE-94
High
Horde Imp Unauthenticated Remote Command Execution
CVE-2018-19518
CWE-94
High
Horde remote code execution
CVE-2014-1691
CWE-94
High
Horde/IMP Plesk webmail exploit
-
CWE-20
High
Horizontal Broken Function Level Authorization (BFLA)
-
CWE-639
High
Horizontal IDOR/BOLA (Broken Object Level Authorization)
-
CWE-639
High
Host header attack
-
CWE-20
Medium
Hostile subdomain takeover
-
CWE-346
Medium
HSQLDB CVE-2022-41853 Vulnerability (CVE-2022-41853)
CVE-2022-41853
-
Critical
HTML Attribute Injection
-
CWE-80
Low
HTML Form found in redirect page
-
CWE-287
Low
HTML Injection
-
CWE-80
Medium
HTML Injection (requiring unencoded tag delimiter)
-
CWE-80
Information
HTTP Header Injection
-
CWE-113
Medium
HTTP header reflected in cached response
-
CWE-79
Medium
HTTP parameter pollution
-
CWE-88
Medium
Http redirect security bypass
-
CWE-20
High
HTTP response splitting with cloud storage
-
CWE-113
Medium
HTTP Strict Transport Security (HSTS) Errors and Warnings
-
CWE-319
Information
HTTP Strict Transport Security (HSTS) Policy Not Enabled
-
CWE-1428
Medium
HTTP verb tampering via POST
-
CWE-285
High
HTTP.sys remote code execution vulnerability
CVE-2015-1635
CWE-119
High
HTTP/2 pseudo-header server side request forgery
-
CWE-918
High
Httpoxy vulnerability
-
CWE-918
Medium
HTTPS connection uses outdated TLS version
-
CWE-327
Medium
HTTPS connection with weak key length
-
CWE-326
Medium
IBM Aspera Faspex RCE (CVE-2022-47986)
CVE-2022-47986
CWE-502
Critical
IBM Lotus Domino web server Cross-Site Scripting vulnerabilities
CVE-2012-3302
CWE-79
High
IBM ODM JNDI injection (CVE-2024-22319)
CVE-2024-22319
CWE-943
Critical
IBM RTC Cleartext Storage of Sensitive Information Vulnerability (CVE-2021-29786)
CVE-2021-29786
CWE-312
Medium
IBM RTC Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-0748)
CVE-2012-0748
CWE-352
Medium
IBM RTC Cross-site Scripting (XSS) Vulnerability (CVE-2020-4691)
CVE-2020-4691
-
Medium
IBM RTC Cross-site Scripting (XSS) Vulnerability (CVE-2020-4697)
CVE-2020-4697
-
Medium
IBM RTC Cross-site Scripting (XSS) Vulnerability (CVE-2020-4733)
CVE-2020-4733
-
Medium
IBM RTC CVE-2015-1971 Vulnerability (CVE-2015-1971)
CVE-2015-1971
-
Medium
IBM RTC CVE-2017-1191 Vulnerability (CVE-2017-1191)
CVE-2017-1191
-
Medium
IBM RTC CVE-2018-1694 Vulnerability (CVE-2018-1694)
CVE-2018-1694
-
Medium
IBM RTC CVE-2019-4084 Vulnerability (CVE-2019-4084)
CVE-2019-4084
-
Medium
IBM RTC CVE-2020-4964 Vulnerability (CVE-2020-4964)
CVE-2020-4964
-
Medium
IBM RTC Exposure of Resource to Wrong Sphere Vulnerability (CVE-2020-4989)
CVE-2020-4989
CWE-668
Medium
IBM RTC Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-29701)
CVE-2021-29701
CWE-668
Medium
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3050)
CVE-2014-3050
CWE-200
Low
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3092)
CVE-2014-3092
CWE-200
Medium
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-6131)
CVE-2014-6131
CWE-200
Medium
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-0113)
CVE-2015-0113
CWE-200
Medium
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-4962)
CVE-2015-4962
CWE-200
Low