🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
Documentation
Get a demo
Home
/
Web Application Vulnerabilities
/ Configuration
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.3.2229
Configuration
This page lists
407 vulnerabilities
in this category.
Critical: 4
High: 133
Medium: 174
Low: 51
Information: 45
Vulnerability Name
CVE
CWE
Severity
Spring Boot Misconfiguration: Developer tools enabled on production
-
CWE-16
Medium
Spring Misconfiguration: HTML Escaping disabled
-
CWE-16
Medium
Spring Boot Misconfiguration: Overly long session timeout
-
CWE-16
Medium
Spring Boot Misconfiguration: Unsafe value for session tracking
-
CWE-16
Medium
Spring Boot Misconfiguration: Datasource credentials stored in the properties file
-
CWE-16
Medium
Spring Boot Misconfiguration: MongoDB credentials stored in the properties file
-
CWE-16
Medium
Struts 2 Config Browser plugin enabled
-
CWE-16
Medium
Spring Boot Misconfiguration: Actuator endpoint security disabled
-
CWE-16
Medium
SAP NetWeaver server info information disclosure BCB
-
CWE-200
Medium
Web Cache Poisoning DoS (for javascript)
-
CWE-400
Medium
PHP enable_dl enabled
-
CWE-470
Medium
PHP session.use_trans_sid enabled
-
CWE-598
Medium
Yii2 debug toolkit
-
CWE-200
Medium
Yii2 Gii extension
-
CWE-200
Medium
PHP register_globals enabled
-
CWE-1108
Medium
Spring Boot Actuator
-
CWE-489
Medium
Firebase database accessible without authentication
-
CWE-200
Medium
Httpoxy vulnerability
-
CWE-16
Medium
PHP errors enabled
-
CWE-209
Medium
Symfony web debug toolbar
-
CWE-489
Medium
Django weak secret key
-
CWE-693
Medium
Express cookie-session weak secret key
-
CWE-693
Medium
SharePoint exposed web services
-
CWE-200
Medium
Flask weak secret key
-
CWE-693
Medium
Same site scripting
-
CWE-16
Medium
Grails database console
-
CWE-200
Medium
Mojolicious weak secret key
-
CWE-693
Medium
Spring Boot Actuator v2
-
CWE-489
Medium
Tornado debug mode
-
CWE-489
Medium
ASP.NET application-level tracing enabled
-
CWE-215
Medium
[Possible] Password Transmitted over Query String
-
CWE-200
Medium
Hostile subdomain takeover
-
CWE-16
Medium
Apache perl-status enabled
-
CWE-200
Medium
Java Management Extensions (JMX/RMI) service detected
-
CWE-200
Medium
Web Cache Poisoning DoS
-
CWE-400
Medium
JSF ViewState client side storage
-
CWE-693
Medium
PHP session.use_only_cookies Is Disabled
-
CWE-598
Medium
PHP register_globals Is Enabled
-
CWE-1108
Medium
CRIME SSL/TLS attack
CVE-2012-4929
CWE-310
Medium
JavaMelody publicly accessible
-
CWE-200
Medium
The POODLE attack (SSLv3 with CBC cipher suites)
CVE-2014-3566
CWE-326
Medium
Chrome Logger information disclosure
-
CWE-200
Medium
Apache Tomcat examples directory vulnerabilities
-
CWE-264
Medium
Apache Cassandra Unauthorized Access Vulnerability
-
CWE-200
Medium
Misconfigured Access-Control-Allow-Origin Header
-
CWE-942
Medium
WebDAV directory listing
-
CWE-538
Medium
W3 total cache debug mode
-
CWE-489
Medium
Unicode Transformation (Best-Fit Mapping)
-
CWE-176
Medium
ASP.NET ValidateRequest Is Globally Disabled
-
CWE-707
Medium
ViewState MAC Disabled
-
CWE-642
Medium
SAP ICF /sap/public/info sensitive information disclosure
-
CWE-200
Medium
Laravel debug mode enabled
-
CWE-200
Medium
Apache Tomcat version older than 7.0.32
CVE-2012-4431
CWE-264
Medium
Invalid SSL Certificate
-
CWE-298
Medium
Apache Proxy HTTP CONNECT method enabled
-
CWE-441
Medium
TLS/SSL certificate key size too small
-
CWE-310
Medium
HTTP Strict Transport Security (HSTS) Policy Not Enabled
-
CWE-16
Medium
Redis Unauthorized Access Vulnerability
-
CWE-200
Medium
Memcached Unauthorized Access Vulnerability
-
CWE-200
Medium
Laravel Health Monitor open
-
CWE-200
Medium
TLS/SSL LOGJAM attack
CVE-2015-4000
CWE-310
Medium
Laravel Horizon open
-
CWE-200
Medium
Rails application running in development mode
-
CWE-200
Medium
Pyramid debug mode
-
CWE-489
Medium
Oracle applications logs publicy available
-
CWE-200
Medium
Laravel LogViewer open
-
CWE-200
Medium
MySQL utf8 4-byte truncation
-
CWE-176
Medium
TLS/SSL Sweet32 attack
CVE-2016-6329
CWE-310
Medium
The FREAK attack
CVE-2015-0204
CWE-310
Medium
SSL Certificate Is About To Expire
-
CWE-298
Medium
ASP.NET cookieless authentication enabled
-
CWE-598
Medium
Apache Spark Web UI Unauthorized Access Vulnerability
-
CWE-200
Medium
ASP.NET login credentials stored in plain text
-
CWE-256
Medium
ASP.NET: Failure To Require SSL For Authentication Cookies
-
CWE-319
Medium
SAP NetWeaver server info information disclosure
-
CWE-200
Medium
«
1
...
3
4
5
6
»
