Web Application Vulnerabilities Index

This page lists 144 vulnerabilities categorized as medium severity that can be detected by Invicti.

Select Category
Critical
High
Medium
Low
Best Practice
Information
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Vulnerability Name
Classification
Severity
Stack Trace Disclosure (ASP.NET)
Stack Trace Disclosure (ASP.NET)
Low
Stack Trace Disclosure (CakePHP Framework)
Stack Trace Disclosure (CakePHP Framework)
Low
Stack Trace Disclosure (CherryPy)
Stack Trace Disclosure (CherryPy)
Low
Stack Trace Disclosure (ColdFusion)
Stack Trace Disclosure (ColdFusion)
Medium
Stack Trace Disclosure (Django)
Stack Trace Disclosure (Django)
Medium
Stack Trace Disclosure (Grails)
Stack Trace Disclosure (Grails)
Low
Stack Trace Disclosure (GraphQL)
Stack Trace Disclosure (GraphQL)
Low
Stack Trace Disclosure (Java)
Stack Trace Disclosure (Java)
Medium
Stack Trace Disclosure (Laravel)
Stack Trace Disclosure (Laravel)
Medium
Stack Trace Disclosure (Node.js)
Stack Trace Disclosure (Node.js)
Low
Stack Trace Disclosure (PHP)
Stack Trace Disclosure (PHP)
Low
Stack Trace Disclosure (Python)
Stack Trace Disclosure (Python)
Medium
Stack Trace Disclosure (RoR)
Stack Trace Disclosure (RoR)
Medium
Stack Trace Disclosure (Ruby-Sinatra Framework)
Stack Trace Disclosure (Ruby-Sinatra Framework)
Medium
Static Nonce Identified in Content Security Policy (CSP)
Static Nonce Identified in Content Security Policy (CSP)
Information
Stored Cross-site Scripting
Stored Cross-site Scripting
High
Struts 2 Config Browser plugin enabled
Struts 2 Config Browser plugin enabled
Medium
Struts 2 Development Mode Enabled
Struts 2 Development Mode Enabled
Medium
Struts2 Development Mode Enabled
Struts2 Development Mode Enabled
Low
Sublime SFTP Config File Detected
Sublime SFTP Config File Detected
Medium
Subresource Integrity (SRI) Hash Invalid
Subresource Integrity (SRI) Hash Invalid
Low
Subresource Integrity (SRI) Not Implemented
Subresource Integrity (SRI) Not Implemented
Best Practice
Sugar CRM Identified
Sugar CRM Identified
Information
SVN Detected
SVN Detected
High
swagger.json Detected
swagger.json Detected
Information
SwaggerUI Identified
SwaggerUI Identified
Information
SweetAlert2 Identified
SweetAlert2 Identified
Information
Tableau Server Detected
Tableau Server Detected
Information
Taleo Web Server Identified
Taleo Web Server Identified
Information
TCExam Detected
TCExam Detected
Information
Telerik Web UI Identified
Telerik Web UI Identified
Information
Test File Detected
Test File Detected
Information
Text4Shell Remote Code Execution - (CVE-2022-42889)
Text4Shell Remote Code Execution - (CVE-2022-42889)
Critical
ThreeJs Identified
ThreeJs Identified
Information
TinyMCE Identified
TinyMCE Identified
Information
TLS/SSL Certificate Key Size Too Small
TLS/SSL Certificate Key Size Too Small
Medium
Tomcat Identified
Tomcat Identified
Information
TorchServe Management API Publicly Exposed
TorchServe Management API Publicly Exposed
High
TorchServe Management API SSRF (CVE-2023-43654)
TorchServe Management API SSRF (CVE-2023-43654)
Critical
Tornado Web Server Identified
Tornado Web Server Identified
Information
Trace.axd Detected
Trace.axd Detected
High
TRACE/TRACK Method Detected
TRACE/TRACK Method Detected
Low
Trac Software Project Management Tool Identified
Trac Software Project Management Tool Identified
Information
Tracy Debugging Identified
Tracy Debugging Identified
Information
Travis CI Configuration File Detected
Travis CI Configuration File Detected
Information
TS Web Access Identified
TS Web Access Identified
Information
TwistedWeb HTTP Server Identified
TwistedWeb HTTP Server Identified
Information
Typeaheadjs Identified
Typeaheadjs Identified
Information
Typo3 Identified
Typo3 Identified
Information
UAParser.js Identified
UAParser.js Identified
Information
Unchecked GraphQL Query Length: Potential Denial of Service Vulnerability
Unchecked GraphQL Query Length: Potential Denial of Service Vulnerability
Medium
UNC Server and Share Disclosure
UNC Server and Share Disclosure
Information
Underscorejs Identified
Underscorejs Identified
Information
Undertow Web Server Identified
Undertow Web Server Identified
Information
Unexpected Redirect Response Body (Too Large)
Unexpected Redirect Response Body (Too Large)
Information
Unexpected Redirect Response Body (Two Responses)
Unexpected Redirect Response Body (Two Responses)
Low
Unicode Transformation (Best-Fit Mapping)
Unicode Transformation (Best-Fit Mapping)
Medium
Unknown Option Used In Referrer-Policy
Unknown Option Used In Referrer-Policy
Information
Unrestricted File Upload
Unrestricted File Upload
High
Unsafe CSP (Content Security Policy): Unsafe-eval & Inline
Unsafe CSP (Content Security Policy): Unsafe-eval & Inline
Information
Unsafe value for session tracking in WEB-INF/web.xml
Unsafe value for session tracking in WEB-INF/web.xml
Medium
Unsupported Hash Detected in Content Security Policy (CSP)
Unsupported Hash Detected in Content Security Policy (CSP)
Information
User Controllable Cookie
User Controllable Cookie
Low
Username Disclosure (Microsoft SQL Server)
Username Disclosure (Microsoft SQL Server)
Low
Username Disclosure (MySQL)
Username Disclosure (MySQL)
Low
Vanilla Forums Detected
Vanilla Forums Detected
Information
Varnish HTTP Cache Server Identified
Varnish HTTP Cache Server Identified
Information
Vegur Identified
Vegur Identified
Information
Version Disclosure (AbanteCart)
Version Disclosure (AbanteCart)
Low
Version Disclosure (Ampache)
Version Disclosure (Ampache)
Low
Version Disclosure (Angular)
Version Disclosure (Angular)
Low
Version Disclosure (Angularjs)
Version Disclosure (Angularjs)
Low
Version Disclosure (Apache)
Version Disclosure (Apache)
Low
Version Disclosure (Apache Coyote)
Version Disclosure (Apache Coyote)
Low