Platform
Solutions
Pricing
Why Invicti
Resources Library
Get a demo
Home
/
Web Application Vulnerabilities
/ Medium Severity
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
Medium Severity Vulnerabilities
Found
8230 vulnerabilities
at
Medium
severity.
Vulnerability Name
CVE
CWE
Severity
NodeBB Arbitrary JSON File Read (CVE-2021-43788)
CVE-2021-43788
CWE-22
Medium
Oracle E-Business Suite Frame Injection (CVE-2017-3528)
CVE-2017-3528
CWE-601
Medium
WebPageTest Unauthorized Access Vulnerability
-
CWE-200
Medium
Payara Micro File Read (CVE-2021-41381)
CVE-2021-41381
CWE-22
Medium
Pyramid DebugToolbar enabled
-
CWE-200
Medium
SAP BO BIP SSRF (CVE-2020-6308)
CVE-2020-6308
CWE-918
Medium
SAP ICF URL redirection Vulnerability
-
CWE-601
Medium
Vulnerable package dependencies [medium]
-
CWE-1104
Medium
Adminer Server Side Request Forgery (SSRF)
CVE-2021-21311
CWE-918
Medium
Apache Airflow Exposed configuration
-
CWE-200
Medium
Django Debug Toolbar
-
CWE-200
Medium
Reverse proxy misrouting through HTTP/2 pseudo-headers (SSRF)
-
CWE-918
Medium
Jetty ConcatServlet Information Disclosure (CVE-2021-28169)
CVE-2021-28169
CWE-200
Medium
Jetty Information Disclosure (CVE-2021-34429)
CVE-2021-28164
CWE-200
Medium
Joomla Debug Console enabled
-
CWE-200
Medium
Joomla J!Dump extension enabled
-
CWE-200
Medium
Keycloak request_uri SSRF (CVE-2020-10770)
CVE-2020-10770
CWE-918
Medium
Express Development Mode enabled
-
CWE-200
Medium
Node.js Web Application does not handle uncaughtException
-
CWE-248
Medium
Node.js Web Application does not handle unhandledRejection
-
CWE-248
Medium
Unprotected Apache NiFi API interface
-
CWE-287
Medium
Unprotected Kong Gateway Admin API interface
-
CWE-287
Medium
Unauthorized Access to a web app installer
-
CWE-200
Medium
Apache APISIX default token (CVE-2020-13945/CVE-2022-24112)
CVE-2022-24112
CWE-259
Medium
ASP.NET forms authentication using inadequate protection
-
CWE-16
Medium
ASP.NET header checking is disabled in web.config
-
CWE-16
Medium
ASP.NET potential HTTP Verb Tampering
-
CWE-16
Medium
ASP.NET Deny missing from authorization rule on location
-
CWE-16
Medium
ASP.NET event validation disabled
-
CWE-16
Medium
ASP.NET expired session IDs are not regenerated
-
CWE-16
Medium
ASP.NET viewstate encryption disabled
-
CWE-16
Medium
ASP.NET WCF replay attacks are not detected
-
CWE-16
Medium
ASP.NET WCF metadata enabled for behavior
-
CWE-16
Medium
ASP.NET WCF service include exception details
-
CWE-16
Medium
InfluxDB Unauthorized Access Vulnerability
-
CWE-200
Medium
Magento Config File Disclosure
-
CWE-200
Medium
Oracle E-Business Suite iStore open user registration
CVE-2022-21500
CWE-200
Medium
Citrix ADC NetScaler Local File Inclusion (CVE-2020-8193)
CVE-2020-8193
CWE-284
Medium
Go web application binary disclosure
-
CWE-540
Medium
Insecure usage of Version 1 UUID/GUID
-
CWE-328
Medium
Phpfastcache phpinfo publicly accessible (CVE-2021-37704)
CVE-2021-37704
CWE-200
Medium
Axis development mode enabled in WEB-INF/server-config.wsdd
-
CWE-16
Medium
Axis system configuration listing enabled in WEB-INF/server-config.wsdd
-
CWE-16
Medium
Custom Error Pages Are Not Configured in WEB-INF/web.xml
-
CWE-16
Medium
Overly long session timeout in servlet configuration
-
CWE-16
Medium
Unsafe value for session tracking in WEB-INF/web.xml
-
CWE-16
Medium
Spring Boot Misconfiguration: Actuator endpoint security disabled
-
CWE-16
Medium
Spring Boot Misconfiguration: Admin MBean enabled
-
CWE-16
Medium
Spring Boot Misconfiguration: All Spring Boot Actuator endpoints are web exposed
-
CWE-16
Medium
Spring Boot Misconfiguration: Developer tools enabled on production
-
CWE-16
Medium
Spring Misconfiguration: HTML Escaping disabled
-
CWE-16
Medium
Spring Boot Misconfiguration: Overly long session timeout
-
CWE-16
Medium
Spring Boot Misconfiguration: Unsafe value for session tracking
-
CWE-16
Medium
Spring Boot Misconfiguration: Datasource credentials stored in the properties file
-
CWE-16
Medium
Spring Boot Misconfiguration: MongoDB credentials stored in the properties file
-
CWE-16
Medium
Struts 2 Config Browser plugin enabled
-
CWE-16
Medium
Verb tampering via misconfigured security constraint
-
CWE-16
Medium
CodeIgniter development mode enabled
-
CWE-16
Medium
Drupal configuration file weak file permissions
-
CWE-16
Medium
Drupal trusted_host_patterns setting not configured
-
CWE-16
Medium
Laravel debug mode enabled (Invicti IAST)
-
CWE-16
Medium
Symfony debug mode enabled (Invicti IAST)
-
CWE-16
Medium
Symfony running in dev mode
-
CWE-16
Medium
WordPress configuration file weak file permissions
-
CWE-16
Medium
WordPress allows editing theme/plugin files
-
CWE-16
Medium
Yii debug mode enabled
-
CWE-16
Medium
Yii running in dev mode
-
CWE-16
Medium
Sonicwall SMA 100 Unintended proxy (CVE-2021-20042)
CVE-2021-20042
CWE-441
Medium
SAP NW KW XSS vulnerability (CVE-2021-42063)
CVE-2021-42063
CWE-79
Medium
ServiceNow logout XSS (CVE-2022-38463)
CVE-2022-38463
CWE-79
Medium
Active Mixed Content over HTTPS
-
CWE-284
Medium
ASP.NET Core Development Mode enabled
-
CWE-200
Medium
Open Silverlight Client Access Policy
-
CWE-16
Medium
Insecure crossdomain.xml policy
-
CWE-284
Medium
GraphQL Alias Overloading Allowed: Potential Denial of Service Vulnerability
-
CWE-400
Medium
« Previous
1
2
3
4
5
6
7
8
9
...
110
Next »
