Platform
Solutions
Pricing
Why Invicti
Resources Library
Get a demo
Home
/
Web Application Vulnerabilities
/ Medium Severity
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
Medium Severity Vulnerabilities
Found
8230 vulnerabilities
at
Medium
severity.
Vulnerability Name
CVE
CWE
Severity
GraphQL Circular-Query via Introspection Allowed: Potential DoS Vulnerability
-
CWE-400
Medium
GraphQL Field Suggestions Enabled
-
CWE-200
Medium
GraphQL Non-JSON Queries over GET: Potential CSRF Vulnerability
-
CWE-352
Medium
GraphQL Non-JSON Mutations over GET: Potential CSRF Vulnerability
-
CWE-352
Medium
GraphiQL Explorer/Playground Enabled
-
CWE-200
Medium
GraphQL Introspection Query Enabled
-
CWE-200
Medium
Unchecked GraphQL Query Length: Potential Denial of Service Vulnerability
-
CWE-400
Medium
GraphQL Non-JSON Queries over POST: Potential CSRF Vulnerability
-
CWE-352
Medium
GraphQL Array-based Query Batching Allowed: Potential Batching Attack Vulnerability
-
CWE-770
Medium
GraphQL Unauthenticated Mutation Detected
-
CWE-306
Medium
GraphQL Unhandled Error Leakage
-
CWE-209
Medium
Joomla! Core improper access check in webservice endpoints
CVE-2023-23752
CWE-200
Medium
Keycloak clients-registrations XSS (CVE-2021-20323)
CVE-2021-20323
CWE-79
Medium
Path Traversal in Next.js up to 9.3.1
CVE-2020-5284
CWE-22
Medium
Node.js Running in Development Mode
-
CWE-215
Medium
PHP X Prober publicly accessible
-
CWE-200
Medium
RoR Development Mode enabled
-
CWE-200
Medium
Revoked SSL Certificate
-
CWE-295
Medium
SAML Consumer Service External Dereference SSRF
-
CWE-918
Medium
SOAP WS-Addressing SSRF
-
CWE-918
Medium
SSL Certificate Name Hostname Mismatch
-
CWE-295
Medium
SSL Untrusted Root Certificate
-
CWE-295
Medium
Argo CD Information Disclosure (CVE-2024-37152)
CVE-2024-37152
CWE-287
Medium
Jira QueryComponent Information Disclosure (CVE-2020-14179)
CVE-2020-14179
CWE-288
Medium
BeyondTrust Secure Remote Access Base XSS (CVE-2021-31589)
CVE-2021-31589
CWE-79
Medium
XXE in Ivanti Connect Secure, Policy Secure and Neurons (CVE-2024-22024)
CVE-2024-22024
CWE-112
Medium
KeyCloak Information Disclosure (CVE-2020-27838)
CVE-2020-27838
CWE-287
Medium
LISTSERV XSS (CVE-2022-39195)
CVE-2022-39195
CWE-79
Medium
Odoo XSS (CVE-2023-1434)
CVE-2023-1434
CWE-79
Medium
TestRail Information Disclosure (CVE-2021-40875)
CVE-2021-40875
CWE-425
Medium
WSO2 Management Console XSS (CVE-2022-29548)
CVE-2022-29548
CWE-79
Medium
Zimbra Collaboration XSS (CVE-2022-27926)
CVE-2022-27926
CWE-79
Medium
Resource Accessible Without Required Authentication
-
CWE-287
Medium
cPanel XSS (CVE-2023-29489)
CVE-2023-29489
CWE-79
Medium
ColdFusion XSS (CVE-2023-44352)
CVE-2023-44352
CWE-79
Medium
imgproxy SSRF (CVE-2023-30019)
CVE-2023-30019
CWE-918
Medium
Lucee Stacktrace Information Disclosure
-
CWE-200
Medium
Next.js image Blind SSRF
-
CWE-918
Medium
Unrestricted access to AnythingLLM API
CVE-2024-6842
CWE-200
Medium
Unrestricted access to MLflow
-
CWE-200
Medium
SSL Secure renegotiation is not supported
CVE-2009-3555
CWE-295
Medium
Craft CMS Development Mode enabled
-
CWE-200
Medium
ViewStateMac is Not Enabled
-
CWE-16
Medium
LLM System Prompt Leakage
-
CWE-200
Medium
Old API Version Exposed
-
CWE-693
Medium
PAN-OS GlobalProtect XSS (CVE-2025-0133)
CVE-2025-0133
CWE-79
Medium
User controllable tag parameter (DOM-based)
-
CWE-79
Medium
Internet Information Services Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-1999-0007)
CVE-1999-0007
CWE-327
Medium
Internet Information Services Other Vulnerability (CVE-1999-0012)
CVE-1999-0012
-
Medium
Apache HTTP Server CVE-1999-0070 Vulnerability (CVE-1999-0070)
CVE-1999-0070
-
Medium
Apache HTTP Server Other Vulnerability (CVE-1999-0107)
CVE-1999-0107
-
Medium
Internet Information Services Other Vulnerability (CVE-1999-0154)
CVE-1999-0154
-
Medium
Internet Information Services Other Vulnerability (CVE-1999-0191)
CVE-1999-0191
-
Medium
Internet Information Services Other Vulnerability (CVE-1999-0278)
CVE-1999-0278
-
Medium
Internet Information Services Other Vulnerability (CVE-1999-0281)
CVE-1999-0281
-
Medium
Internet Information Services Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-1999-0348)
CVE-1999-0348
CWE-200
Medium
Internet Information Services Other Vulnerability (CVE-1999-0448)
CVE-1999-0448
-
Medium
Internet Information Services Other Vulnerability (CVE-1999-0736)
CVE-1999-0736
-
Medium
Internet Information Services Other Vulnerability (CVE-1999-0737)
CVE-1999-0737
-
Medium
Internet Information Services Other Vulnerability (CVE-1999-0738)
CVE-1999-0738
-
Medium
Internet Information Services Other Vulnerability (CVE-1999-0739)
CVE-1999-0739
-
Medium
Oracle Database Server Other Vulnerability (CVE-1999-0784)
CVE-1999-0784
-
Medium
Internet Information Services Improper Input Validation Vulnerability (CVE-1999-0867)
CVE-1999-0867
CWE-20
Medium
Oracle Database Server Other Vulnerability (CVE-1999-0888)
CVE-1999-0888
-
Medium
Microsoft SQL Server Improper Input Validation Vulnerability (CVE-1999-0999)
CVE-1999-0999
CWE-20
Medium
Internet Information Services Other Vulnerability (CVE-1999-1035)
CVE-1999-1035
-
Medium
Oracle HTTP Server Other Vulnerability (CVE-1999-1068)
CVE-1999-1068
-
Medium
Internet Information Services Other Vulnerability (CVE-1999-1148)
CVE-1999-1148
-
Medium
MySQL Other Vulnerability (CVE-1999-1188)
CVE-1999-1188
-
Medium
Internet Information Services Other Vulnerability (CVE-1999-1223)
CVE-1999-1223
-
Medium
Internet Information Services Other Vulnerability (CVE-1999-1375)
CVE-1999-1375
-
Medium
Perl Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-1999-1386)
CVE-1999-1386
CWE-59
Medium
Internet Information Services Other Vulnerability (CVE-1999-1451)
CVE-1999-1451
-
Medium
Internet Information Services Other Vulnerability (CVE-1999-1478)
CVE-1999-1478
-
Medium
Internet Information Services Other Vulnerability (CVE-1999-1537)
CVE-1999-1537
-
Medium
« Previous
1
2
3
4
5
6
7
8
9
...
110
Next »
