Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Web Application Vulnerabilities

This page lists 24302 vulnerabilities in 62 categories.

Critical: 1589 High: 13053 Medium: 8721 Low: 870 Information: 69
Vulnerability Name
CVE
CWE
Severity
jPlayer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-1942)
CVE-2013-1942
CWE-707
Medium
jPlayer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-2022)
CVE-2013-2022
CWE-707
Medium
jPlayer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-2023)
CVE-2013-2023
CWE-707
Medium
jQuery File Upload unauthenticated arbitrary file upload
CVE-2018-9206
CWE-434
High
jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4969)
CVE-2011-4969
CWE-707
Medium
jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-6708)
CVE-2012-6708
CWE-707
Medium
jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-6071)
CVE-2014-6071
CWE-707
Medium
jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-9251)
CVE-2015-9251
CWE-707
Medium
jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-18405)
CVE-2018-18405
CWE-707
Medium
jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-11022)
CVE-2020-11022
CWE-707
Medium
jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-11023)
CVE-2020-11023
CWE-707
Medium
jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-23064)
CVE-2020-23064
CWE-707
Medium
jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-7656)
CVE-2020-7656
CWE-707
Medium
jQuery Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2019-11358)
CVE-2019-11358
CWE-1321
Medium
jQuery PrettyPhoto Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-9478)
CVE-2015-9478
CWE-707
Medium
jQuery UI Autocomplete Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-5312)
CVE-2010-5312
CWE-707
Medium
jQuery UI Autocomplete Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41182)
CVE-2021-41182
CWE-707
Medium
jQuery UI Autocomplete Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41183)
CVE-2021-41183
CWE-707
Medium
jQuery UI Autocomplete Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41184)
CVE-2021-41184
CWE-707
Medium
jQuery UI Autocomplete Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-31160)
CVE-2022-31160
CWE-707
Medium
JQuery UI Cross-site Scripting (XSS) Vulnerability (CVE-2016-7103)
CVE-2016-7103
-
Medium
jQuery UI Dialog Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-5312)
CVE-2010-5312
CWE-707
Medium
jQuery UI Dialog Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41182)
CVE-2021-41182
CWE-707
Medium
jQuery UI Dialog Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41183)
CVE-2021-41183
CWE-707
Medium
jQuery UI Dialog Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41184)
CVE-2021-41184
CWE-707
Medium
jQuery UI Dialog Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-31160)
CVE-2022-31160
CWE-707
Medium
jQuery UI Tooltip Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-5312)
CVE-2010-5312
CWE-707
Medium
jQuery UI Tooltip Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41182)
CVE-2021-41182
CWE-707
Medium
jQuery UI Tooltip Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41183)
CVE-2021-41183
CWE-707
Medium
jQuery UI Tooltip Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41184)
CVE-2021-41184
CWE-707
Medium
jQuery UI Tooltip Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-31160)
CVE-2022-31160
CWE-707
Medium
jQuery Validation Other Vulnerability (CVE-2021-43306)
CVE-2021-43306
-
High
jQuery Validation Other Vulnerability (CVE-2022-31147)
CVE-2022-31147
-
High
jQuery Validation Uncontrolled Resource Consumption Vulnerability (CVE-2021-21252)
CVE-2021-21252
CWE-400
High
JSF ViewState client side storage
-
CWE-693
Medium
JSONP enabled by default in MappingJackson2JsonView
CVE-2018-11040
CWE-538
Medium
JSP authentication bypass
-
CWE-287
High
jszip CVE-2021-23413 Vulnerability (CVE-2021-23413)
CVE-2021-23413
-
Medium
jszip Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-48285)
CVE-2022-48285
CWE-22
High
Juniper Junos OS J-Web RCE (CVE-2023-36845/CVE-2023-36846)
CVE-2023-36846
CWE-473
Critical
Jupyter Notebook publicly accessible
-
CWE-78
High
JVM version leakage
-
CWE-200
Information
JWT Signature Bypass via kid Path Traversal
-
CWE-287
High
JWT Signature Bypass via kid SQL injection
-
CWE-287
High
JWT Signature Bypass via None Algorithm
-
CWE-345
High
JWT Signature Bypass via unvalidated jku parameter
-
CWE-287
High
JWT Signature Bypass via unvalidated jwk parameter
-
CWE-287
High
JWT Signature Bypass via unvalidated x5c parameter
-
CWE-287
High
JWT Signature Bypass via unvalidated x5u parameter
-
CWE-287
High
JWT Signature is not Verified
-
CWE-287
High
Kayako Fusion v4.51.1891 - multiple web vulnerabilities
-
CWE-79
High
Kentico CMS Deserialization RCE
CVE-2019-10068
CWE-502
High
Kentico CMS RCE CVE-2017-17736
CVE-2017-17736
CWE-425
High
Kentico Staging API Authentication Bypass
CVE-2025-2746
CWE-287
Critical
Kentico Staging API publicly accessible
-
CWE-200
Low
Keycloak clients-registrations XSS (CVE-2021-20323)
CVE-2021-20323
CWE-79
Medium
KeyCloak Information Disclosure (CVE-2020-27838)
CVE-2020-27838
CWE-287
Medium
Keycloak request_uri SSRF (CVE-2020-10770)
CVE-2020-10770
CWE-918
Medium
Knockout.js Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14862)
CVE-2019-14862
CWE-707
Medium
Kong Server Incorrect Authorization Vulnerability (CVE-2021-27306)
CVE-2021-27306
CWE-863
High
Kong Server Uncontrolled Resource Consumption Vulnerability (CVE-2023-44487)
CVE-2023-44487
CWE-400
High
Kramer VIAware RCE (CVE-2021-36356/CVE-2021-35064)
CVE-2021-35064
CWE-434
Critical
Laravel debug mode enabled
-
CWE-200
Medium
Laravel debug mode enabled (Invicti IAST)
-
CWE-489
Medium
Laravel framework weak secret key
-
CWE-693
Medium
Laravel Health Monitor open
-
CWE-200
Medium
Laravel Horizon open
-
CWE-200
Medium
Laravel Ignition Reflected Cross-Site Scripting
-
CWE-80
Medium
Laravel Livewire RCE (CVE-2025-54068)
CVE-2025-54068
CWE-94
Critical
Laravel log file publicly accessible
-
CWE-538
Medium
Laravel log viewer local file download (LFD)
CVE-2018-8947
CWE-22
High
Laravel LogViewer open
-
CWE-200
Medium
Laravel Telescope open
-
CWE-200
Medium
Laravel Terminal open
-
CWE-200
High
LDAP injection
-
CWE-20
High