Platform
Solutions
Pricing
Why Invicti
Resources Library
Get a demo
Home
/
Web Application Vulnerabilities
/ High Severity
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
High Severity Vulnerabilities
Found
12791 vulnerabilities
at
High
severity.
Vulnerability Name
CVE
CWE
Severity
TeamCity Authentication Bypass (CVE-2024-27199)
CVE-2024-27199
CWE-288
High
XWiki Platform RCE (CVE-2023-37462)
CVE-2023-37462
CWE-74
High
Apache HTTP Server Confusion Attacks
CVE-2023-38709
CWE-436
High
ColdFusion PMS Arbitrary File Read (CVE-2024-20767)
CVE-2024-20767
CWE-284
High
ColdFusion Access Control bypass (CVE-2023-29298/CVE-2023-38205)
CVE-2023-38205
CWE-284
High
GeoServer SSRF (CVE-2021-40822)
CVE-2021-40822
CWE-918
High
GeoServer WMS SSRF (CVE-2023-43795)
CVE-2023-43795
CWE-918
High
Harbor Unauthorized Access Vulnerability
CVE-2022-46463
CWE-200
High
Horizontal Broken Function Level Authorization (BFLA)
-
CWE-639
High
Unauthenticated Access to Sensitive Functions
-
CWE-306
High
Horizontal IDOR/BOLA (Broken Object Level Authorization)
-
CWE-639
High
API Authentication Bypass Using a Test/Staging Host Header
-
-
High
Broken Object Property Level Authorization (Mass Assignment)
-
CWE-285
High
Microservice Directory Traversal
-
CWE-22
High
SAP BO BIP XXE (CVE-2022-28213)
CVE-2022-28213
CWE-112
High
Vertical Broken Function Level Authorization (BFLA)
-
CWE-639
High
Vertical IDOR/BOLA (Broken Object Level Authorization)
-
CWE-639
High
Grafana Open Redirect (CVE-2025-4123)
CVE-2025-4123
CWE-601
High
LLM Insecure Output Handling
-
CWE-116
High
LLM Prompt Injection
-
CWE-74
High
LLM Server-Side Request Forgery (SSRF)
-
CWE-918
High
Server-Side Request Forgery (localhost)
-
CWE-918
High
SimpleHelp Path Traversal (CVE-2024-57727)
CVE-2024-57728
CWE-22
High
Vite Arbitrary File Read (CVE-2025-30208, CVE-2025-31125)
CVE-2025-31125
CWE-200
High
JWT Signature is not Verified
-
CWE-287
High
JWT Signature Bypass via unvalidated jku parameter
-
CWE-287
High
JWT Signature Bypass via unvalidated jwk parameter
-
CWE-287
High
JWT Signature Bypass via kid Path Traversal
-
CWE-287
High
JWT Signature Bypass via kid SQL injection
-
CWE-287
High
JWT Signature Bypass via unvalidated x5c parameter
-
CWE-287
High
JWT Signature Bypass via unvalidated x5u parameter
-
CWE-287
High
Unvalidated JWT jku parameter
-
CWE-287
High
Unvalidated JWT x5u parameter
-
CWE-287
High
Next.js Middleware Authorization Bypass
CVE-2025-29927
CWE-285
High
Weak Session ID in cookie Detected
-
CWE-287
High
Drupal Core 4.5.x Cross-Site Scripting (4.5.0 - 4.5.7)
CVE-2006-1226
CWE-79
High
Drupal Core 4.5.x Cross-Site Scripting (4.5.0 - 4.5.1)
CVE-2005-0682
CWE-79
High
Drupal Core 4.5.x Cross-Site Scripting (4.5.0 - 4.5.5)
CVE-2005-3973
CWE-79
High
Drupal Core 4.5.x Mail Header Injection (4.5.0 - 4.5.7)
-
CWE-20
High
Drupal Core 4.5.x Multiple Vulnerabilities (4.5.0 - 4.5.5)
-
CWE-113
High
Drupal Core 4.5.x Security Bypass (4.5.0 - 4.5.7)
-
CWE-264
High
Drupal Core 4.5.x Session Fixation (4.5.0 - 4.5.7)
-
CWE-384
High
Drupal Core 4.6.x Arbitrary Code Execution (4.6.0 - 4.6.6)
CVE-2006-2743
CWE-95
High
Drupal Core 4.6.x Arbitrary Code Execution (4.6.0 - 4.6.7)
CVE-2006-2831
CWE-95
High
Drupal Core 4.6.x Cross-Site Request Forgery (4.6.0 - 4.6.9)
CVE-2006-5476
CWE-352
High
Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.5)
CVE-2006-1226
CWE-79
High
Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.8)
CVE-2006-4002
CWE-79
High
Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.10)
CVE-2007-0136
CWE-79
High
Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.7)
CVE-2006-2833
CWE-79
High
Drupal Core 4.6.x Cross-Site Scripting (4.6.0 - 4.6.3)
CVE-2005-3973
CWE-79
High
Drupal Core 4.6.x Denial of Service (4.6.0 - 4.6.10)
CVE-2007-0124
CWE-400
High
Drupal Core 4.6.x Form Action Attribute Injection (4.6.0 - 4.6.9)
CVE-2006-5477
CWE-20
High
Drupal Core 4.6.x Mail Header Injection (4.6.0 - 4.6.5)
-
CWE-20
High
Drupal Core 4.6.x Multiple Cross-Site Scripting Vulnerabilities (4.6.0 - 4.6.9)
CVE-2006-5475
CWE-79
High
Drupal Core 4.6.x Multiple Vulnerabilities (4.6.0 - 4.6.3)
-
CWE-113
High
Drupal Core 4.6.x Security Bypass (4.6.0 - 4.6.3)
CVE-2005-3974
CWE-264
High
Drupal Core 4.6.x Security Bypass (4.6.0 - 4.6.5)
-
CWE-264
High
Drupal Core 4.6.x Session Fixation (4.6.0 - 4.6.5)
-
CWE-384
High
Drupal Core 4.6.x SQL Injection (4.6.0 - 4.6.6)
CVE-2006-2742
CWE-89
High
Drupal Core 4.7.x Arbitrary Code Execution (4.7.0 - 4.7.5)
CVE-2007-0626
CWE-95
High
Drupal Core 4.7.x Arbitrary Code Execution (4.7.0)
CVE-2006-2743
CWE-95
High
Drupal Core 4.7.x Cross-Site Request Forgery (4.7.0 - 4.7.10)
CVE-2008-0272
CWE-352
High
Drupal Core 4.7.x Cross-Site Request Forgery (4.7.0 - 4.7.3)
CVE-2006-5476
CWE-352
High
Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.7)
CVE-2007-5596
CWE-79
High
Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.10)
CVE-2008-0274
CWE-79
High
Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.4)
CVE-2007-0136
CWE-79
High
Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.1)
CVE-2006-2833
CWE-79
High
Drupal Core 4.7.x Cross-Site Scripting (4.7.0 - 4.7.2)
CVE-2006-4002
CWE-79
High
Drupal Core 4.7.x Denial of Service (4.7.0 - 4.7.4)
CVE-2007-0124
CWE-400
High
Drupal Core 4.7.x Form Action Attribute Injection (4.7.0 - 4.7.3)
CVE-2006-5477
CWE-20
High
Drupal Core 4.7.x HTTP Response Splitting (4.7.0 - 4.7.7)
CVE-2007-5595
CWE-113
High
Drupal Core 4.7.x Multiple Cross-Site Scripting Vulnerabilities (4.7.0 - 4.7.3)
CVE-2006-5475
CWE-79
High
Drupal Core 4.7.x Multiple Cross-Site Scripting Vulnerabilities (4.7.0 - 4.7.6)
CVE-2007-4064
CWE-79
High
Drupal Core 4.7.x Multiple Vulnerabilities (4.7.0 - 4.7.1)
CVE-2006-2832
CWE-95
High
Drupal Core 4.7.x Security Bypass (4.7.0 - 4.7.7)
CVE-2007-5597
CWE-702
High
« Previous
1
...
6
7
8
9
10
11
12
13
...
171
Next »
