🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
Documentation
Get a demo
Home
/
Web Application Vulnerabilities
/ Medium Severity
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.3.2229
Medium Severity Vulnerabilities
Found
8644 vulnerabilities
at
Medium
severity.
Vulnerability Name
CVE
CWE
Severity
Microsoft Access Database File Detected
-
CWE-538
Medium
Apache Proxy HTTP CONNECT method enabled
-
CWE-441
Medium
Apache configured to run as proxy
-
CWE-441
Medium
Apache httpOnly cookie disclosure
CVE-2012-0053
CWE-264
Medium
Apache Server-Info Detected
-
CWE-200
Medium
Apache Server-Status Detected
-
CWE-200
Medium
[Possible] AWStats Detected
-
CWE-538
Medium
HTTP Header Injection
-
CWE-113
Medium
CRLF injection/HTTP response splitting (Web Server)
-
CWE-113
Medium
CVS Detected
-
CWE-527
Medium
Cross frame scripting
-
CWE-79
Medium
Directory listings
-
CWE-538
Medium
Frontpage authors.pwd available
-
CWE-538
Medium
PHPinfo pages
-
CWE-200
Medium
Reverse proxy bypass
CVE-2011-3368
CWE-20
Medium
SQLite Database File Found
-
CWE-538
Medium
Source Code Disclosure
-
CWE-538
Medium
Webalizer script
-
CWE-538
Medium
apc.php page found
-
CWE-538
Medium
HTTP response splitting with cloud storage
-
CWE-113
Medium
Open Redirection
-
CWE-601
Medium
User controllable tag parameter
-
CWE-79
Medium
User-controlled form action
-
CWE-20
Medium
Nginx Redirect Header Injection
-
CWE-93
Medium
ASP.NET diagnostic page
-
CWE-200
Medium
Amazon S3 public bucket
-
CWE-264
Medium
Apache Axis2 information disclosure
-
CWE-200
Medium
Apache JServ protocol service
-
CWE-200
Medium
Apache Tomcat version older than 7.0.32
CVE-2012-4431
CWE-264
Medium
Apache Tomcat sample files
-
CWE-538
Medium
XSS on Apache HTTP Server 413 error pages via malformed HTTP method
CVE-2007-6203
CWE-79
Medium
Arbitrary file existence disclosure in Action Pack
CVE-2014-7829
CWE-200
Medium
ASP.NET cookieless authentication enabled
-
CWE-598
Medium
ASP.NET Cookieless session state enabled
-
CWE-598
Medium
ASP.NET cookies accessible from client-side scripts
-
CWE-1004
Medium
ASP.NET CustomErrors Is Disabled
-
CWE-12
Medium
ASP.NET ASPX debugging enabled
-
CWE-11
Medium
ASP.NET: Failure To Require SSL For Authentication Cookies
-
CWE-319
Medium
ASP.NET login credentials stored in plain text
-
CWE-256
Medium
ASP.NET application-level tracing enabled
-
CWE-215
Medium
ASP.NET ValidateRequest Is Globally Disabled
-
CWE-707
Medium
ViewState MAC Disabled
-
CWE-642
Medium
PHP errors enabled
-
CWE-209
Medium
PHP enable_dl enabled
-
CWE-470
Medium
PHP register_globals enabled
-
CWE-1108
Medium
PHP session.use_trans_sid enabled
-
CWE-598
Medium
Full public read access Azure blob storage
-
CWE-264
Medium
Misconfigured Access-Control-Allow-Origin Header
-
CWE-942
Medium
Apache Cassandra Unauthorized Access Vulnerability
-
CWE-200
Medium
Chrome Logger information disclosure
-
CWE-200
Medium
Core dump checker PHP script
-
CWE-200
Medium
HTTPS connection uses outdated TLS version
-
CWE-310
Medium
HTTPS connection with weak key length
-
CWE-310
Medium
Insecure transition from HTTP to HTTPS in form post
-
CWE-200
Medium
[Possible] Password Transmitted over Query String
-
CWE-200
Medium
Password transmitted over HTTP
-
CWE-523
Medium
[Possible] Database Connection String Detected
-
CWE-200
Medium
Development configuration files
-
CWE-538
Medium
Django Debug Mode Enabled
-
CWE-200
Medium
File tampering
-
CWE-20
Medium
HTML form susceptible to spam
-
CWE-20
Medium
Grails database console
-
CWE-200
Medium
HTTP parameter pollution
-
CWE-88
Medium
HTML Injection
-
CWE-80
Medium
Hadoop cluster web interface
-
CWE-200
Medium
Host header attack
-
CWE-20
Medium
Hostile subdomain takeover
-
CWE-16
Medium
Global.asa backup file found
-
CWE-538
Medium
JBoss status servlet information leak
CVE-2010-1429
CWE-200
Medium
Java Management Extensions (JMX/RMI) service detected
-
CWE-200
Medium
JSF ViewState client side storage
-
CWE-693
Medium
Jenkins dashboard
-
CWE-200
Medium
Memcached Unauthorized Access Vulnerability
-
CWE-200
Medium
MySQL utf8 4-byte truncation
-
CWE-176
Medium
Oracle applications logs publicy available
-
CWE-200
Medium
1
2
3
4
5
6
7
8
9
...
116
Next »
