🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
Documentation
Get a demo
Home
/
Web Application Vulnerabilities
/ Medium Severity
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
Medium Severity Vulnerabilities
Found
8734 vulnerabilities
at
Medium
severity.
Vulnerability Name
CVE
CWE
Severity
GraphiQL Explorer/Playground Enabled
-
CWE-200
Medium
GraphQL Introspection Query Enabled
-
CWE-200
Medium
Unchecked GraphQL Query Length: Potential Denial of Service Vulnerability
-
CWE-400
Medium
GraphQL Non-JSON Queries over POST: Potential CSRF Vulnerability
-
CWE-352
Medium
GraphQL Array-based Query Batching Allowed: Potential Batching Attack Vulnerability
-
CWE-770
Medium
GraphQL Unauthenticated Mutation Detected
-
CWE-306
Medium
GraphQL Unhandled Error Leakage
-
CWE-209
Medium
Joomla! Core improper access check in webservice endpoints
CVE-2023-23752
CWE-200
Medium
Keycloak clients-registrations XSS (CVE-2021-20323)
CVE-2021-20323
CWE-79
Medium
Path Traversal in Next.js up to 9.3.1
CVE-2020-5284
CWE-22
Medium
Node.js Running in Development Mode
-
CWE-215
Medium
PHP X Prober publicly accessible
-
CWE-200
Medium
RoR Development Mode enabled
-
CWE-200
Medium
Revoked SSL Certificate
-
CWE-295
Medium
SAML Consumer Service External Dereference SSRF
-
CWE-918
Medium
SOAP WS-Addressing SSRF
-
CWE-918
Medium
SSL Certificate Name Hostname Mismatch
-
CWE-295
Medium
SSL Untrusted Root Certificate
-
CWE-295
Medium
Argo CD Information Disclosure (CVE-2024-37152)
CVE-2024-37152
CWE-287
Medium
Jira QueryComponent Information Disclosure (CVE-2020-14179)
CVE-2020-14179
CWE-288
Medium
BeyondTrust Secure Remote Access Base XSS (CVE-2021-31589)
CVE-2021-31589
CWE-79
Medium
XXE in Ivanti Connect Secure, Policy Secure and Neurons (CVE-2024-22024)
CVE-2024-22024
CWE-112
Medium
KeyCloak Information Disclosure (CVE-2020-27838)
CVE-2020-27838
CWE-287
Medium
LISTSERV XSS (CVE-2022-39195)
CVE-2022-39195
CWE-79
Medium
Odoo XSS (CVE-2023-1434)
CVE-2023-1434
CWE-79
Medium
TestRail Information Disclosure (CVE-2021-40875)
CVE-2021-40875
CWE-425
Medium
WSO2 Management Console XSS (CVE-2022-29548)
CVE-2022-29548
CWE-79
Medium
Zimbra Collaboration XSS (CVE-2022-27926)
CVE-2022-27926
CWE-79
Medium
Resource Accessible Without Required Authentication
-
CWE-287
Medium
cPanel XSS (CVE-2023-29489)
CVE-2023-29489
CWE-79
Medium
ColdFusion XSS (CVE-2023-44352)
CVE-2023-44352
CWE-79
Medium
imgproxy SSRF (CVE-2023-30019)
CVE-2023-30019
CWE-918
Medium
Lucee Stacktrace Information Disclosure
-
CWE-200
Medium
Next.js image Blind SSRF
-
CWE-918
Medium
Unrestricted access to AnythingLLM API
CVE-2024-6842
CWE-200
Medium
Unrestricted access to MLflow
-
CWE-200
Medium
SSL Secure renegotiation is not supported
CVE-2009-3555
CWE-295
Medium
Citrix NetScaler ADC/Gateway XSS (CVE-2025-12101)
CVE-2025-12101
CWE-79
Medium
Craft CMS Development Mode enabled
-
CWE-200
Medium
ViewStateMac is Not Enabled
-
CWE-354
Medium
LLM System Prompt Leakage
-
CWE-200
Medium
Old API Version Exposed
-
CWE-693
Medium
PAN-OS GlobalProtect XSS (CVE-2025-0133)
CVE-2025-0133
CWE-79
Medium
Unauthenticated OpenAI API Access
-
-
Medium
User controllable tag parameter (DOM-based)
-
CWE-79
Medium
Internet Information Services Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-1999-0007)
CVE-1999-0007
CWE-327
Medium
Internet Information Services Other Vulnerability (CVE-1999-0012)
CVE-1999-0012
-
Medium
Apache HTTP Server CVE-1999-0070 Vulnerability (CVE-1999-0070)
CVE-1999-0070
-
Medium
Apache HTTP Server Other Vulnerability (CVE-1999-0107)
CVE-1999-0107
-
Medium
Internet Information Services Other Vulnerability (CVE-1999-0154)
CVE-1999-0154
-
Medium
Internet Information Services Other Vulnerability (CVE-1999-0191)
CVE-1999-0191
-
Medium
Internet Information Services Other Vulnerability (CVE-1999-0278)
CVE-1999-0278
-
Medium
Internet Information Services Other Vulnerability (CVE-1999-0281)
CVE-1999-0281
-
Medium
Internet Information Services Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-1999-0348)
CVE-1999-0348
CWE-200
Medium
Internet Information Services Other Vulnerability (CVE-1999-0448)
CVE-1999-0448
-
Medium
Internet Information Services Other Vulnerability (CVE-1999-0736)
CVE-1999-0736
-
Medium
Internet Information Services Other Vulnerability (CVE-1999-0737)
CVE-1999-0737
-
Medium
Internet Information Services Other Vulnerability (CVE-1999-0738)
CVE-1999-0738
-
Medium
Internet Information Services Other Vulnerability (CVE-1999-0739)
CVE-1999-0739
-
Medium
Oracle Database Server Other Vulnerability (CVE-1999-0784)
CVE-1999-0784
-
Medium
Internet Information Services Improper Input Validation Vulnerability (CVE-1999-0867)
CVE-1999-0867
CWE-20
Medium
Oracle Database Server Other Vulnerability (CVE-1999-0888)
CVE-1999-0888
-
Medium
Microsoft SQL Server Improper Input Validation Vulnerability (CVE-1999-0999)
CVE-1999-0999
CWE-20
Medium
Internet Information Services Other Vulnerability (CVE-1999-1035)
CVE-1999-1035
-
Medium
Oracle HTTP Server Other Vulnerability (CVE-1999-1068)
CVE-1999-1068
-
Medium
Internet Information Services Other Vulnerability (CVE-1999-1148)
CVE-1999-1148
-
Medium
MySQL Other Vulnerability (CVE-1999-1188)
CVE-1999-1188
-
Medium
Internet Information Services Other Vulnerability (CVE-1999-1223)
CVE-1999-1223
-
Medium
Internet Information Services Other Vulnerability (CVE-1999-1375)
CVE-1999-1375
-
Medium
Perl Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-1999-1386)
CVE-1999-1386
CWE-59
Medium
Internet Information Services Other Vulnerability (CVE-1999-1451)
CVE-1999-1451
-
Medium
Internet Information Services Other Vulnerability (CVE-1999-1478)
CVE-1999-1478
-
Medium
Internet Information Services Other Vulnerability (CVE-1999-1537)
CVE-1999-1537
-
Medium
Internet Information Services Other Vulnerability (CVE-1999-1544)
CVE-1999-1544
-
Medium
Internet Information Services Other Vulnerability (CVE-2000-0024)
CVE-2000-0024
-
Medium
« Previous
1
2
3
4
5
6
7
8
9
...
117
Next »
