🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
Documentation
Get a demo
Home
/
Web Application Vulnerabilities
/ Low Severity
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
Low Severity Vulnerabilities
Found
875 vulnerabilities
at
Low
severity.
Vulnerability Name
CVE
CWE
Severity
HTML Attribute Injection
-
CWE-80
Low
IIS Path disclosure
-
CWE-200
Low
Kentico Staging API publicly accessible
-
CWE-200
Low
Symfony debug mode enabled
-
CWE-200
Low
Typo3 debug mode enabled
-
CWE-200
Low
Typo3 sensitive files
-
CWE-200
Low
Whoops error handler component detected
-
CWE-200
Low
Broken Link Hijacking
-
CWE-610
Low
Cookies with missing, inconsistent or contradictory properties
-
CWE-732
Low
H2 console publicly accessible
-
CWE-287
Low
Insecure Frame (External)
-
CWE-829
Low
Unrestricted access to NGINX+ Status module
-
CWE-200
Low
Version Disclosure (PHP)
-
-
Low
Jira Projects accessible anonymously
-
CWE-200
Low
Jira Unauthorized User Enumeration via UserPickerBrowser
-
CWE-200
Low
Gitlab user disclosure
-
CWE-200
Low
Unrestricted access to ImageResizer Diagnotics plugin
-
CWE-200
Low
OData feed accessible anonymously
-
CWE-200
Low
Unrestricted access to a monitoring system
-
CWE-200
Low
Unrestricted access to Prometheus
-
CWE-200
Low
Unrestricted access to Prometheus Metrics
-
CWE-200
Low
Vulnerable package dependencies [low]
-
CWE-1104
Low
Jenkins open people list
-
CWE-200
Low
Spring Boot Misconfiguration: Spring Boot Actuator shutdown endpoint is web exposed
-
CWE-749
Low
Symfony ESI (Edge-Side Includes) enabled
-
CWE-200
Low
F5 BIG-IP Cookie Information Disclosure
-
CWE-200
Low
Arbitrary File Read on Nuxt.js Development Server
-
CWE-200
Low
Nuxt.js Running in Development Mode
-
CWE-200
Low
Passive Mixed Content over HTTPS
-
CWE-1428
Low
LLM Tool Usage Exposure
-
CWE-200
Low
Possible Database Name Disclosure
-
CWE-200
Low
Wing FTP Anonymous access
-
CWE-200
Low
Internet Information Services Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-1999-0861)
CVE-1999-0861
CWE-362
Low
PostgreSQL Other Vulnerability (CVE-1999-0862)
CVE-1999-0862
-
Low
Internet Information Services Other Vulnerability (CVE-1999-1538)
CVE-1999-1538
-
Low
Internet Information Services Other Vulnerability (CVE-2000-0167)
CVE-2000-0167
-
Low
Microsoft SQL Server Other Vulnerability (CVE-2000-0402)
CVE-2000-0402
-
Low
Microsoft SQL Server Other Vulnerability (CVE-2000-0485)
CVE-2000-0485
-
Low
Internet Information Services Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2000-0649)
CVE-2000-0649
CWE-200
Low
Microsoft SQL Server Other Vulnerability (CVE-2000-1083)
CVE-2000-1083
-
Low
Apache HTTP Server Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2001-0131)
CVE-2001-0131
CWE-59
Low
Internet Information Services Other Vulnerability (CVE-2001-0544)
CVE-2001-0544
-
Low
Oracle Database Server Other Vulnerability (CVE-2001-0832)
CVE-2001-0832
-
Low
Oracle Database Server Other Vulnerability (CVE-2001-1041)
CVE-2001-1041
-
Low
Apache HTTP Server Session Fixation Vulnerability (CVE-2001-1534)
CVE-2001-1534
CWE-384
Low
PHP Other Vulnerability (CVE-2002-0121)
CVE-2002-0121
-
Low
Mailman Other Vulnerability (CVE-2002-0389)
CVE-2002-0389
-
Low
Internet Information Services Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2002-0422)
CVE-2002-0422
CWE-200
Low
Oracle Application Server Other Vulnerability (CVE-2002-0568)
CVE-2002-0568
-
Low
Apache HTTP Server Other Vulnerability (CVE-2002-1233)
CVE-2002-1233
-
Low
Oracle Database Server Other Vulnerability (CVE-2003-0727)
CVE-2003-0727
-
Low
Apache HTTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2003-1581)
CVE-2003-1581
CWE-707
Low
Internet Information Services Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2003-1582)
CVE-2003-1582
CWE-707
Low
MySQL Other Vulnerability (CVE-2004-0381)
CVE-2004-0381
-
Low
MySQL Other Vulnerability (CVE-2004-0388)
CVE-2004-0388
-
Low
MySQL Other Vulnerability (CVE-2004-0837)
CVE-2004-0837
-
Low
PHP Other Vulnerability (CVE-2004-0959)
CVE-2004-0959
-
Low
OpenSSL Other Vulnerability (CVE-2004-0975)
CVE-2004-0975
-
Low
PostgreSQL Other Vulnerability (CVE-2004-0977)
CVE-2004-0977
-
Low
Apache HTTP Server Other Vulnerability (CVE-2004-1387)
CVE-2004-1387
-
Low
Apache HTTP Server Other Vulnerability (CVE-2004-1834)
CVE-2004-1834
-
Low
Oracle Application Server Other Vulnerability (CVE-2004-1877)
CVE-2004-1877
-
Low
Oracle HTTP Server Other Vulnerability (CVE-2004-1877)
CVE-2004-1877
-
Low
PHP Other Vulnerability (CVE-2005-0596)
CVE-2005-0596
-
Low
MySQL Other Vulnerability (CVE-2005-0711)
CVE-2005-0711
-
Low
PostgreSQL Other Vulnerability (CVE-2005-1410)
CVE-2005-1410
-
Low
PHP Other Vulnerability (CVE-2005-3054)
CVE-2005-3054
-
Low
Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2005-3164)
CVE-2005-3164
CWE-200
Low
PHP Other Vulnerability (CVE-2005-3319)
CVE-2005-3319
-
Low
Moodle Other Vulnerability (CVE-2005-3649)
CVE-2005-3649
-
Low
PHP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2006-0208)
CVE-2006-0208
CWE-707
Low
MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2006-0369)
CVE-2006-0369
CWE-200
Low
PostgreSQL Other Vulnerability (CVE-2006-0678)
CVE-2006-0678
-
Low
WordPress Other Vulnerability (CVE-2006-0733)
CVE-2006-0733
-
Low
Lighttpd Other Vulnerability (CVE-2006-0760)
CVE-2006-0760
-
Low
« Previous
1
2
3
4
5
6
7
8
9
...
12
Next »
