Platform
Solutions
Pricing
Why Invicti
Resources Library
Get a demo
Home
/
Web Application Vulnerabilities
/ High Severity
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
High Severity Vulnerabilities
Found
12791 vulnerabilities
at
High
severity.
Vulnerability Name
CVE
CWE
Severity
Metabase Local File Inclusion (CVE-2021-41277)
CVE-2021-41277
CWE-200
High
MongoDB $where operator JavaScript injection
-
CWE-943
High
Unsafe use of Reflection
-
CWE-470
High
Apache Solr Log4Shell RCE
CVE-2021-44228
CWE-78
High
BillQuick Web Suite SQL injection (CVE-2021-42258)
CVE-2021-42258
CWE-89
High
elFinder RCE (CVE-2021-32682)
CVE-2021-32682
CWE-22
High
Fortinet Authentication bypass on administrative interface
CVE-2022-40684
CWE-288
High
MobileIron Log4Shell RCE
CVE-2021-44228
CWE-78
High
node-serialize Insecure Deserialization
CVE-2017-5941
CWE-502
High
Apache OFBiz Log4Shell RCE
CVE-2021-44228
CWE-78
High
Oracle ADF Faces 'Miracle' RCE (CVE-2022-21445)
CVE-2022-21445
CWE-502
High
Pentaho API Auth bypass (CVE-2021-31602)
CVE-2021-31602
CWE-863
High
Struts2 Development Mode Enabled
-
CWE-16
High
Symfony weak application secret
-
CWE-94
High
Weak WordPress security key
-
CWE-16
High
SolarWinds Orion API Auth bypass (CVE-2020-10148)
CVE-2020-10148
CWE-287
High
Swagger UI DOM XSS vulnerability
-
CWE-80
High
Ubiquiti Unifi Log4Shell RCE
CVE-2021-44228
CWE-78
High
VMware Horizon Log4Shell RCE
CVE-2021-44228
CWE-78
High
VMware vCenter Log4Shell RCE
CVE-2021-44228
CWE-78
High
VMware vCenter vcavbootstrap Arbitrary File Read
-
-
High
VMware Workspace ONE Access SSTI (CVE-2022-22954)
CVE-2022-22954
CWE-94
High
Appwrite favicon SSRF (CVE-2023-27159)
CVE-2023-27159
CWE-918
High
Cloud metadata publicly exposed
-
CWE-918
High
Consul API publicly exposed
-
CWE-200
High
Metabase RCE (CVE-2023-38646)
CVE-2023-38646
CWE-20
High
OpenCms Chemistry Solr XML External Entity (XXE) vulnerability (CVE-2023-42346)
CVE-2023-42346
CWE-611
High
OpenCms Chemistry XML External Entity (XXE) vulnerability (CVE-2023-42344)
CVE-2023-42344
CWE-611
High
Openfire Path Traversal (CVE-2023-32315)
CVE-2023-32315
CWE-22
High
Oracle Access Manager 'opensso' Deserialization RCE (CVE-2021-35587)
CVE-2021-35587
CWE-502
High
Qlik Sense Enterprise Auth Bypass (CVE-2023-41266)
CVE-2023-41266
CWE-20
High
SAP NW DI SSRF vulnerability (CVE-2021-33690)
CVE-2021-33690
CWE-918
High
Database User Has Admin Privileges
-
CWE-267
High
SSRF in Server-Side Rendering
-
CWE-918
High
Sangfor NGAF Authentication Bypass
-
CWE-287
High
Strapi Cognito provider Authentication Bypass (CVE-2023-22893)
CVE-2023-22893
CWE-287
High
TorchServe Management API publicly exposed
CVE-2023-43654
CWE-200
High
ZK Framework AuUploader Information Disclosure (CVE-2022-36537)
CVE-2022-36537
CWE-200
High
Code Evaluation (Apache Struts) S2-046
CVE-2017-5638
CWE-94
High
API Sensitive Info(PII) accessible without authentication
-
CWE-284
High
Citrix Gateway Open Redirect and XSS
CVE-2023-24487
CWE-79
High
ColdFusion CFC Deserialization RCE (CVE-2023-26359/CVE-2023-26360)
CVE-2023-26360
CWE-502
High
Fortinet FortiNAC RCE via arbitrary file upload
CVE-2022-39952
CWE-610
High
GeoServer SQLi (CVE-2023-25157)
CVE-2023-25157
CWE-89
High
Ivanti EPMM API Authentication bypass (CVE-2023-35078/CVE-2023-35082)
CVE-2023-35082
CWE-287
High
MinIO Information Disclosure (CVE-2023-28432)
CVE-2023-28432
CWE-200
High
Progress MOVEit Transfer SQL Injection
CVE-2023-34362
CWE-89
High
Case-Insensitive Routing Bypass in Express.js Application
-
CWE-287
High
Oracle E-Business Suite Unauthenticated Remote Code Execution
CVE-2022-21587
CWE-94
High
ROBOT Attack Detected (Strong Oracle)
-
-
High
ROBOT Attack Detected (Weak Oracle)
-
-
High
SAML Consumer Service XSLT injection
-
CWE-91
High
SAML Consumer Service XSS vulnerability
-
CWE-80
High
SAML Response without signature
-
CWE-16
High
No SAML Respose signature check
-
CWE-16
High
SAML Respose signature exclusion
-
CWE-16
High
Certificate is Signed Using a Weak Signature Algorithm
-
-
High
Web Cache Deception
-
-
High
WooCommerce Payments Authentication Bypass and Privilege Escalation
CVE-2023-28121
CWE-287
High
CRMEB SQL Injection (CVE-2024-36837)
CVE-2024-36837
CWE-89
High
Dolibarr Information Disclosure (CVE-2023-33568)
CVE-2023-33568
CWE-552
High
FastAdmin Path Traversal (CVE-2024-7928)
CVE-2024-7928
CWE-22
High
Ghost CMS Theme Path Traversal (CVE-2023-32235)
CVE-2023-32235
CWE-22
High
Grafana Snapshot Authentication Bypass (CVE-2021-39226)
CVE-2021-39226
CWE-287
High
Ivanti EPM SQLi RCE (CVE-2024-29824)
CVE-2024-29824
CWE-89
High
Authentication Bypass in Ivanti Connect Secure and Policy Secure (CVE-2023-46805)
CVE-2023-46805
CWE-287
High
SSRF in Ivanti Connect Secure, Policy Secure and Neurons (CVE-2024-21893)
CVE-2024-21893
CWE-918
High
Nexus Repository Manager 3 Path Traversal (CVE-2024-4956)
CVE-2024-4956
CWE-22
High
Apache OFBiz SSRF (CVE-2023-50968)
CVE-2023-50968
CWE-918
High
Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (CVE-2024-6387)
CVE-2024-6387
CWE-362
High
Polyfill.io Supply Chain Attack
-
-
High
Securepoint UTM (CVE-2023-22620, CVE-2023-22897)
CVE-2023-22897
CWE-863
High
Sitecore Arbitrary File Read (CVE-2024-46938)
CVE-2024-46938
CWE-200
High
Skype for Business SSRF (CVE-2023-41763)
CVE-2023-41763
CWE-918
High
SolarWinds Serv-U Directory Traversal (CVE-2024-28995)
CVE-2024-28995
CWE-22
High
« Previous
1
...
5
6
7
8
9
10
11
12
...
171
Next »
