Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

Configuration

This page lists 403 vulnerabilities in this category.

Critical: 4 High: 129 Medium: 175 Low: 49 Information: 46
Vulnerability Name
CVE
CWE
Severity
ASP.NET ViewState Weak Validation Key
-
CWE-321
Critical
Kentico Staging API Authentication Bypass
-
CWE-287
Critical
Unrestricted access to Apache HugeGraph
-
CWE-200
Critical
Lucee Unset Admin Password
-
CWE-200
Critical
Trace.axd Detected
-
CWE-215
High
Nginx PHP code execution via FastCGI
-
CWE-94
High
Padding oracle attack
-
CWE-209
High
XML entity injection
-
CWE-611
High
XML external entity injection and XML injection
-
CWE-611
High
XML external entity injection
-
CWE-611
High
XML External Entity Injection via external file
-
CWE-611
High
XML external entity injection via File Upload
-
CWE-611
High
XML external entity injection (variant)
-
CWE-611
High
Elmah.axd / Errorlog.axd Detected
-
CWE-209
High
Atlassian Jira insecure REST permissions
-
-
High
Insecure Transportation Security Protocol Supported (TLS 1.0)
-
CWE-326
High
Joomla! Core Security Bypass
CVE-2017-11364
CWE-264
High
Unprotected phpMyAdmin interface
-
CWE-205
High
Web Cache Poisoning
-
CWE-44
High
Adobe Experience Manager Misconfiguration
CVE-2016-0957
CWE-693
High
CouchDB REST API publicly accessible
-
CWE-285
High
Hadoop YARN ResourceManager publicly accessible
-
CWE-200
High
Jupyter Notebook publicly accessible
-
CWE-78
High
OSGi Management Console Default Credentials
-
CWE-521
High
Apache solr service exposed
-
CWE-200
High
JBoss Server MBean
-
CWE-200
High
JBoss Web Console JMX Invoker
-
CWE-200
High
Roundcube security updates 0.8.6 and 0.7.3
CVE-2013-1904
CWE-22
High
RoR Database Configuration File Detected
-
CWE-538
High
Insecure Transportation Security Protocol Supported (SSLv2)
-
CWE-326
High
Insecure Transportation Security Protocol Supported (SSLv3)
-
CWE-326
High
Reachable SharePoint interface
-
CWE-200
High
SharePoint user enumeration
-
CWE-200
High
Struts 2 development mode
-
CWE-489
High
Elasticsearch service accessible
-
CWE-200
High
nginx SPDY heap buffer overflow
CVE-2014-0133
CWE-122
High
CodeIgniter weak encryption key
-
CWE-200
High
JBoss JMX Console Unrestricted Access
-
CWE-200
High
Ruby on Rails weak/known secret token
CVE-2013-0156
CWE-200
High
Apache Geronimo default administrative credentials
-
CWE-693
High
Apache Tomcat insecure default administrative password
CVE-2009-3548
CWE-284
High
JBoss BSHDeployer MBean
-
CWE-200
High
JBoss HttpAdaptor JMXInvokerServlet
-
CWE-94
High
JBoss JMX management console
-
CWE-200
High
JBoss ServerInfo MBean
CVE-2010-0738
CWE-200
High
BottlePy weak secret key
-
CWE-693
High
Xdebug remote code execution via xdebug.remote_connect_back
-
CWE-200
High
Ruby framework weak secret key
-
CWE-693
High
JWT Signature Bypass via None Algorithm
-
CWE-345
High
Jenkins Git Plugin missing permission check (CVE-2022-36883)
CVE-2022-36883
CWE-862
High
Web Cache Poisoning through HTTP/2 pseudo-headers
-
CWE-44
High
Unrestricted access to Kong Gateway API
-
CWE-200
High
Node.js Debugger Unauthorized Access Vulnerability
-
CWE-200
High
Node.js Inspector Unauthorized Access Vulnerability
-
CWE-200
High
Python Debugger Unauthorized Access Vulnerability
-
CWE-200
High
qdPM Information Disclosure
-
CWE-260
High
Virtual Host locations misconfiguration
-
CWE-200
High
ASP.NET connection strings stored in plaintext
-
CWE-16
High
Pentaho API Auth bypass (CVE-2021-31602)
CVE-2021-31602
CWE-863
High
Delve Debugger Unauthorized Access Vulnerability
-
CWE-200
High
Struts2 Development Mode Enabled
-
CWE-16
High
Weak WordPress security key
-
CWE-16
High
Consul API publicly exposed
-
CWE-200
High
TorchServe Management API publicly exposed
CVE-2023-43654
CWE-200
High
Case-Insensitive Routing Bypass in Express.js Application
-
CWE-287
High
Web Cache Deception
-
-
High
Harbor Unauthorized Access Vulnerability
CVE-2022-46463
CWE-200
High
JWT Signature is not Verified
-
CWE-287
High
Unrestricted access to Haproxy Data Plane API
-
CWE-200
High
Unrestricted access to Caddy API interface
-
CWE-200
High
Weak Secret is Used to Sign JWT
-
CWE-345
High
Docker Registry API is accessible without authentication
-
CWE-287
High
MediaWiki remote code execution
CVE-2014-1610
CWE-20
High
SAP Management Console list logfiles
-
CWE-200
High
SAP Management Console get user list
-
CWE-200
High