🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
Documentation
Get a demo
Home
/
Web Application Vulnerabilities
/ Medium Severity
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
Medium Severity Vulnerabilities
Found
8734 vulnerabilities
at
Medium
severity.
Vulnerability Name
CVE
CWE
Severity
Redis Unauthorized Access Vulnerability
-
CWE-200
Medium
TLS/SSL certificate key size too small
-
CWE-326
Medium
SSL Certificate Is About To Expire
-
CWE-298
Medium
Invalid SSL Certificate
-
CWE-298
Medium
The FREAK attack
CVE-2015-0204
CWE-327
Medium
TLS/SSL LOGJAM attack
CVE-2015-4000
CWE-326
Medium
TLS/SSL Weak Cipher Suites
-
CWE-327
Medium
Same origin method execution (SOME)
-
CWE-20
Medium
Same site scripting
-
CWE-350
Medium
SharePoint exposed web services
-
CWE-200
Medium
Spring Boot Actuator
-
CWE-489
Medium
Spring Boot Actuator v2
-
CWE-489
Medium
Symfony web debug toolbar
-
CWE-489
Medium
Tornado debug mode
-
CWE-489
Medium
Unicode Transformation (Best-Fit Mapping)
-
CWE-176
Medium
User controllable charset
-
CWE-20
Medium
Vulnerable JavaScript libraries
-
CWE-1395
Medium
W3 total cache debug mode
-
CWE-489
Medium
WebDAV directory listing
-
CWE-538
Medium
WordPress username enumeration
-
CWE-200
Medium
WordPress XML-RPC authentication brute force
-
CWE-521
Medium
WordPress pingback scanner
CVE-2013-0235
CWE-918
Medium
Apache Tomcat examples directory vulnerabilities
-
-
Medium
CRIME SSL/TLS attack
CVE-2012-4929
CWE-311
Medium
Drupal Views module information disclosure vulnerability
-
CWE-200
Medium
Java object deserialization of user-supplied data
-
CWE-20
Medium
MongoDB HTTP status interface
-
CWE-200
Medium
Password found in server response
-
CWE-312
Medium
PHP object deserialization of user-supplied data
-
CWE-20
Medium
PHP register_globals Is Enabled
-
CWE-1108
Medium
PHP session.use_only_cookies Is Disabled
-
CWE-598
Medium
Python object deserialization of user-supplied data
-
CWE-20
Medium
Virtual host directory listing
-
CWE-538
Medium
FCKeditor arbitrary file upload
CVE-2009-2265
CWE-22
Medium
JetBrains .idea project directory
-
CWE-538
Medium
PHP curl_exec() url is controlled by user
CVE-2009-0037
CWE-352
Medium
PHP eval() used on user input
-
CWE-95
Medium
PHP preg_replace used on user input
-
CWE-20
Medium
PHP super-globals-overwrite
-
CWE-1108
Medium
PHP unserialize() used on user input
-
CWE-20
Medium
Sensitive Data Exposure
-
CWE-200
Medium
WordPress database credentials disclosure
-
CWE-538
Medium
Unprotected JSON file leaking secrets
-
CWE-200
Medium
Apache perl-status enabled
-
CWE-200
Medium
The POODLE attack (SSLv3 with CBC cipher suites)
CVE-2014-3566
CWE-326
Medium
[Possible] Backup Folder
-
CWE-538
Medium
Local File Inclusion (CMS Made Simple)
-
CWE-94
Medium
Cross-Site Request Forgery (CSRF) (CMS Made Simple)
CVE-2016-7904
CWE-352
Medium
Cross Site Scripting (Category Description) (CMS Made Simple)
CVE-2017-6555
CWE-79
Medium
Cross Site Scripting (globalmetadata) (CMS Made Simple)
CVE-2017-6556
CWE-79
Medium
Atlassian Confluence Access Restriction Bypass
CVE-2017-9505
-
Medium
Atlassian Confluence Stored Cross Site Scripting
CVE-2016-6283
-
Medium
ColdFusion Request Debugging information disclosure
-
CWE-200
Medium
ColdFusion Robust Exception enabled
-
CWE-200
Medium
JavaMelody publicly accessible
-
CWE-200
Medium
Laravel log file publicly accessible
-
CWE-538
Medium
Liferay XMLRPC Blind SSRF
-
CWE-918
Medium
Liferay version older than 7.1
-
CWE-918
Medium
PHP-FPM Status Page
-
CWE-200
Medium
JSONP enabled by default in MappingJackson2JsonView
CVE-2018-11040
CWE-538
Medium
Test CGI script leaking environment variables
-
-
Medium
URL rewrite vulnerability
CVE-2018-14773
CWE-436
Medium
Yii2 debug toolkit
-
CWE-200
Medium
Yii2 Gii extension
-
CWE-200
Medium
Apache mod_jk access control bypass
CVE-2018-11759
CWE-918
Medium
Firebase database accessible without authentication
-
CWE-200
Medium
Httpoxy vulnerability
-
CWE-918
Medium
nginx range filter integer overflow
CVE-2017-7529
CWE-200
Medium
Source Code Disclosure (Node.js)
-
CWE-540
Medium
npm log file publicly accessible (npm-debug.log)
-
CWE-200
Medium
PHP-CS-Fixer cache file publicly accessible (.php_cs.cache)
-
CWE-200
Medium
Source Code Disclosure (Python)
-
CWE-540
Medium
[Possible] Source Code Disclosure (Ruby)
-
CWE-540
Medium
Apache Solr Parameter Injection
-
CWE-88
Medium
Django weak secret key
-
CWE-693
Medium
« Previous
1
2
3
4
5
6
7
8
9
...
117
Next »
