Platform
Solutions
Pricing
Why Invicti
Resources Library
Get a demo
Home
/
Web Application Vulnerabilities
/ Medium Severity
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
Medium Severity Vulnerabilities
Found
8230 vulnerabilities
at
Medium
severity.
Vulnerability Name
CVE
CWE
Severity
Source Code Disclosure (Python)
-
CWE-540
Medium
[Possible] Source Code Disclosure (Ruby)
-
CWE-540
Medium
Apache Solr Parameter Injection
-
CWE-88
Medium
Django weak secret key
-
CWE-693
Medium
Express cookie-session weak secret key
-
CWE-693
Medium
Flask weak secret key
-
CWE-693
Medium
Mojolicious weak secret key
-
CWE-693
Medium
SAP ICF /sap/public/info sensitive information disclosure
-
CWE-200
Medium
SAP NetWeaver server info information disclosure BCB
-
CWE-200
Medium
SAP NetWeaver server info information disclosure
-
CWE-200
Medium
SAP NetWeaver Java AS WD_CHAT information disclosure vulnerability
-
CWE-200
Medium
SharePoint Reflected Cross-Site Scripting (CVE-2017-8514)
CVE-2017-8514
CWE-80
Medium
Apache Spark Web UI Unauthorized Access Vulnerability
-
CWE-200
Medium
Stack Trace Disclosure (ColdFusion)
-
CWE-209
Medium
Stack Trace Disclosure (Java)
-
CWE-209
Medium
Stack Trace Disclosure (Laravel)
-
CWE-209
Medium
Stack Trace Disclosure (Python)
-
CWE-209
Medium
Stack Trace Disclosure (RoR)
-
CWE-209
Medium
Tornado weak secret key
-
CWE-693
Medium
Cookie signed with weak secret key
-
CWE-693
Medium
Web2py weak secret key
-
CWE-693
Medium
Yii2 weak secret key
-
CWE-693
Medium
Apache balancer-manager application publicly accessible
-
CWE-200
Medium
Apache mod_rewrite open redirect
CVE-2019-10098
CWE-601
Medium
Apache Solr SSRF CVE-2017-3164
CVE-2017-3164
CWE-918
Medium
Golang runtime profiling data
-
CWE-200
Medium
SSL/TLS Not Implemented
-
CWE-319
Medium
PHP opcache-status page publicly accessible
-
CWE-200
Medium
Bitrix server test script publicly accessible
-
CWE-200
Medium
Clockwork PHP dev tool enabled
-
CWE-200
Medium
HTTP Strict Transport Security (HSTS) Policy Not Enabled
-
CWE-16
Medium
Laravel debug mode enabled
-
CWE-200
Medium
Laravel Health Monitor open
-
CWE-200
Medium
Laravel Horizon open
-
CWE-200
Medium
Laravel Ignition Reflected Cross-Site Scripting
-
CWE-80
Medium
Laravel LogViewer open
-
CWE-200
Medium
Laravel Telescope open
-
CWE-200
Medium
Laravel framework weak secret key
-
CWE-693
Medium
Insecure HTTP Usage
-
CWE-16
Medium
Oracle E-Business Suite SSRF (CVE-2018-3167)
CVE-2018-3167
CWE-918
Medium
PHP Console addon enabled
-
CWE-200
Medium
PHP Debug Bar enabled
-
CWE-200
Medium
PHP opcache-gui publicly accessible
-
CWE-200
Medium
Play framework weak secret key
-
CWE-693
Medium
Pyramid framework weak secret key
-
CWE-693
Medium
TLS/SSL Sweet32 attack
CVE-2016-6329
CWE-310
Medium
Symfony Profiler open
-
CWE-200
Medium
Tracy debugging tool enabled
-
CWE-200
Medium
Typo3 Install Tool publicly accessible
-
CWE-200
Medium
Web Cache Poisoning DoS
-
CWE-400
Medium
Web Cache Poisoning DoS (for javascript)
-
CWE-400
Medium
Zabbix Guest Access
-
CWE-200
Medium
Adobe Experience Manager Information Disclosure via Apache Sling v2.3.6 vulnerability
CVE-2016-0956
CWE-668
Medium
Apache Kafka Unauthorized Access Vulnerability
-
CWE-200
Medium
Apache ZooKeeper Unauthorized Access Vulnerability
-
CWE-200
Medium
HTTP header reflected in cached response
-
CWE-16
Medium
Web Cache Poisoning DoS through HTTP/2 headers
-
CWE-400
Medium
Atlassian JIRA Servicedesk misconfiguration
-
CWE-287
Medium
Unrestricted access to NGINX+ API interface (read only)
-
CWE-200
Medium
Unrestricted access to NGINX+ Dashboard
-
CWE-200
Medium
Unrestricted access to NGINX+ Upstream HTTP interface
-
CWE-200
Medium
rack-mini-profiler environment variables disclosure
-
CWE-287
Medium
Spring Boot Misconfiguration: H2 console enabled
-
CWE-16
Medium
Apache HTTP Server Source Code Disclosure
-
CWE-540
Medium
Limited Remote File Read/Include in Jira Software Server
CVE-2021-26086
CWE-22
Medium
Jira Unauthorized User Enumeration (CVE-2020-14181)
CVE-2020-14181
CWE-200
Medium
Bitrix galleries_recalc.php XSS
-
CWE-601
Medium
Bitrix open redirect
-
CWE-601
Medium
Cisco Adaptive Security Appliance (ASA) XSS (CVE-2020-3580)
CVE-2020-3580
CWE-79
Medium
Cisco RV Series Authentication Bypass (CVE-2021-1472)
CVE-2021-1472
CWE-119
Medium
Gitlab CI Lint SSRF
-
CWE-918
Medium
Gitlab open user registration
-
CWE-200
Medium
Hashicorp Consul API is accessible without authentication
-
CWE-200
Medium
Hasura GraphQL API without authentication
-
CWE-200
Medium
Jenkins open user registration
-
CWE-200
Medium
« Previous
1
2
3
4
5
6
7
8
9
...
110
Next »
