Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Web Application Vulnerabilities

This page lists 24302 vulnerabilities in 62 categories.

Critical: 1589 High: 13053 Medium: 8721 Low: 870 Information: 69
Vulnerability Name
CVE
CWE
Severity
IBM WebSEAL Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1653)
CVE-2018-1653
CWE-707
Medium
IBM WebSEAL Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1740)
CVE-2018-1740
CWE-707
Medium
IBM WebSEAL Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1815)
CVE-2018-1815
CWE-707
Medium
IBM WebSEAL Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-4157)
CVE-2019-4157
CWE-707
Medium
IBM WebSEAL Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-4725)
CVE-2019-4725
CWE-707
Medium
IBM WebSEAL Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2016-3028)
CVE-2016-3028
CWE-138
Critical
IBM WebSEAL Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2018-1803)
CVE-2018-1803
CWE-1021
Medium
IBM WebSEAL Improper Restriction of XML External Entity Reference Vulnerability (CVE-2019-4707)
CVE-2019-4707
CWE-611
High
IBM WebSEAL Inadequate Encryption Strength Vulnerability (CVE-2018-1814)
CVE-2018-1814
CWE-326
High
IBM WebSEAL Inadequate Encryption Strength Vulnerability (CVE-2019-4151)
CVE-2019-4151
CWE-326
Medium
IBM WebSEAL Incorrect Authorization Vulnerability (CVE-2023-38368)
CVE-2023-38368
CWE-863
Medium
IBM WebSEAL Incorrect Default Permissions Vulnerability (CVE-2023-38370)
CVE-2023-38370
CWE-276
Medium
IBM WebSEAL Incorrect Default Permissions Vulnerability (CVE-2024-35139)
CVE-2024-35139
CWE-276
Medium
IBM WebSEAL Insertion of Sensitive Information into Log File Vulnerability (CVE-2017-1480)
CVE-2017-1480
CWE-532
Medium
IBM WebSEAL Insufficiently Protected Credentials Vulnerability (CVE-2021-20439)
CVE-2021-20439
CWE-522
High
IBM WebSEAL Missing Authorization Vulnerability (CVE-2019-4158)
CVE-2019-4158
CWE-862
Medium
IBM WebSEAL Missing Authorization Vulnerability (CVE-2020-4499)
CVE-2020-4499
CWE-862
Critical
IBM WebSEAL Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2020-4660)
CVE-2020-4660
-
Medium
IBM WebSEAL Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2020-4661)
CVE-2020-4661
-
Medium
IBM WebSEAL Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2020-4699)
CVE-2020-4699
-
Medium
IBM WebSEAL Other Vulnerability (CVE-2019-4552)
CVE-2019-4552
-
Medium
IBM WebSEAL Other Vulnerability (CVE-2023-30997)
CVE-2023-30997
-
High
IBM WebSEAL Other Vulnerability (CVE-2023-30998)
CVE-2023-30998
-
High
IBM WebSEAL Session Fixation Vulnerability (CVE-2018-1804)
CVE-2018-1804
CWE-384
Low
IBM WebSEAL Session Fixation Vulnerability (CVE-2019-4152)
CVE-2019-4152
CWE-384
Medium
IBM WebSEAL URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-1489)
CVE-2017-1489
CWE-601
Medium
IBM WebSEAL URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-4153)
CVE-2019-4153
CWE-601
Medium
IBM WebSEAL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2019-4156)
CVE-2019-4156
CWE-327
Medium
IBM WebSEAL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2023-38371)
CVE-2023-38371
CWE-327
High
IBM WebSEAL Use of Hard-coded Credentials Vulnerability (CVE-2018-1887)
CVE-2018-1887
CWE-798
High
IBM WebSEAL Weak Password Requirements Vulnerability (CVE-2024-35137)
CVE-2024-35137
CWE-521
Medium
IBM WebSphere administration console weak password
-
CWE-200
High
IBM WebSphere RCE Java Deserialization Vulnerability
CVE-2015-7450
CWE-502
High
IBM WebSphere/WebLogic application source file exposure
-
CWE-200
High
IBMHttpServer CVE-2010-0425 Vulnerability (CVE-2010-0425)
CVE-2010-0425
-
Critical
IBMHttpServer CVE-2012-5955 Vulnerability (CVE-2012-5955)
CVE-2012-5955
-
Critical
IBMHttpServer Improper Input Validation Vulnerability (CVE-2023-26281)
CVE-2023-26281
CWE-20
High
IBMHttpServer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-1360)
CVE-2011-1360
CWE-707
Medium
IBMHttpServer Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2015-4947)
CVE-2015-4947
CWE-119
Critical
IBMHttpServer Observable Discrepancy Vulnerability (CVE-2023-32342)
CVE-2023-32342
CWE-203
High
IBMHttpServer Other Vulnerability (CVE-2000-0505)
CVE-2000-0505
-
Medium
IBMHttpServer Other Vulnerability (CVE-2000-1168)
CVE-2000-1168
-
High
IBMHttpServer Other Vulnerability (CVE-2001-0122)
CVE-2001-0122
-
Medium
IBMHttpServer Other Vulnerability (CVE-2002-1822)
CVE-2002-1822
-
Medium
IBMHttpServer Other Vulnerability (CVE-2004-0263)
CVE-2004-0263
-
Medium
IBMHttpServer Other Vulnerability (CVE-2004-0492)
CVE-2004-0492
-
Critical
IBMHttpServer Other Vulnerability (CVE-2004-0493)
CVE-2004-0493
-
Medium
IBMHttpServer Other Vulnerability (CVE-2004-1082)
CVE-2004-1082
-
High
IBMHttpServer Other Vulnerability (CVE-2006-3918)
CVE-2006-3918
-
Medium
IIS extended unicode directory traversal vulnerability
CVE-2000-0884
CWE-22
High
IIS Path disclosure
-
CWE-200
Low
ImageMagick remote code execution
CVE-2016-3714
CWE-78
High
imgproxy SSRF (CVE-2023-30019)
CVE-2023-30019
CWE-918
Medium
Improper Authorization in Confluence Server and Data Center (CVE-2023-22518)
CVE-2023-22518
CWE-284
Critical
Incorrect Content Security Policy (CSP) Implementation
-
CWE-942
Information
InfluxDB Unauthorized Access Vulnerability
-
CWE-200
Medium
Ingress-Nginx "IngressNightmare" RCE (CVE-2025-1974)
CVE-2025-1974
CWE-653
Critical
Insecure crossdomain.xml policy
-
CWE-942
Medium
Insecure Frame (External)
-
CWE-829
Low
Insecure HTTP Usage
-
CWE-1428
Medium
Insecure Protocol Detected in Content Security Policy (CSP)
-
CWE-942
Information
Insecure Referrer Policy
-
CWE-200
Information
Insecure transition from HTTP to HTTPS in form post
-
CWE-200
Medium
Insecure transition from HTTPS to HTTP in form post
-
CWE-200
Low
Insecure Transportation Security Protocol Supported (SSLv2)
-
CWE-326
High
Insecure Transportation Security Protocol Supported (SSLv3)
-
CWE-326
High
Insecure Transportation Security Protocol Supported (TLS 1.0)
-
CWE-326
High
Insecure Transportation Security Protocol Supported (TLS 1.1)
-
CWE-326
Low
Insecure usage of Version 1 UUID/GUID
-
CWE-328
Medium
Internet Information Server returns IP address in HTTP header (Content-Location)
-
CWE-200
Low
Internet Information Services Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2009-3023)
CVE-2009-3023
CWE-120
Critical
Internet Information Services Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-1999-0861)
CVE-1999-0861
CWE-362
Low
Internet Information Services Configuration Vulnerability (CVE-1999-0725)
CVE-1999-0725
-
High
Internet Information Services Configuration Vulnerability (CVE-2003-1566)
CVE-2003-1566
-
Medium
Internet Information Services CVE-2001-0146 Vulnerability (CVE-2001-0146)
CVE-2001-0146
-
Medium