Web Application Vulnerabilities Index

This page lists 144 vulnerabilities categorized as medium severity that can be detected by Invicti.

Select Category
Critical
High
Medium
Low
Best Practice
Information
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Vulnerability Name
Classification
Severity
Authentication Bypass in Fortra's GoAnywhere MFT (CVE-2024-0204)
Authentication Bypass in Fortra's GoAnywhere MFT (CVE-2024-0204)
High
Authentication Bypass in Ivanti Connect Secure and Policy Secure (CVE-2023-46805)
Authentication Bypass in Ivanti Connect Secure and Policy Secure (CVE-2023-46805)
High
Boolean Based MongoDB Injection
Boolean Based MongoDB Injection
High
Fortigate SSL VPN Arbitrary File reading (CVE-2018-13379)
Fortigate SSL VPN Arbitrary File reading (CVE-2018-13379)
High
Insecure Transportation Security Protocol Supported (SSLv2)
Insecure Transportation Security Protocol Supported (SSLv2)
High
Insecure Transportation Security Protocol Supported (SSLv3)
Insecure Transportation Security Protocol Supported (SSLv3)
High
Insecure Transportation Security Protocol Supported (TLS 1.0)
Insecure Transportation Security Protocol Supported (TLS 1.0)
High
JWT Forgery via Chaining Jku Parameter with Open Redirect
JWT Forgery via Chaining Jku Parameter with Open Redirect
High
JWT Forgery via Path Traversal
JWT Forgery via Path Traversal
High
JWT Forgery via SQL Injection
JWT Forgery via SQL Injection
High
JWT Forgery via unvalidated jku parameter
JWT Forgery via unvalidated jku parameter
High
JWT Signature Bypass via None Algorithm
JWT Signature Bypass via None Algorithm
High
JWT Signature is not Verified
JWT Signature is not Verified
High
MongoDB Operator Injection
MongoDB Operator Injection
High
No SAML Response Signature Check
No SAML Response Signature Check
High
Out of Band SAML Consumer Service XML Entity Injection
Out of Band SAML Consumer Service XML Entity Injection
High
Out of Band SAML Consumer Service XSLT Injection
Out of Band SAML Consumer Service XSLT Injection
High
Out-of-date Version (HSQLDB)
Out-of-date Version (HSQLDB)
High
Out-of-date Version (MongoDb)
Out-of-date Version (MongoDb)
High
Out-of-date Version (SQLite)
Out-of-date Version (SQLite)
High
Polyfill.io Supply Chain Attack
Polyfill.io Supply Chain Attack
High
Progress MOVEit Transfer SQL Injection
Progress MOVEit Transfer SQL Injection
High
SAML Response Signature Exclusion
SAML Response Signature Exclusion
High
SAML Response Without Signature
SAML Response Without Signature
High
TorchServe Management API Publicly Exposed
TorchServe Management API Publicly Exposed
High
WebDAV Directory Has Write Permissions (IIS)
WebDAV Directory Has Write Permissions (IIS)
High