Invicti

Web Application Vulnerabilities Index

This page lists 144 vulnerabilities categorized as medium severity that can be detected by Invicti.

Select Category

Select Vulnerability

Vulnerability Name

Classification

Severity

ActiveMQ - Remote Code Execution (CVE-2023-46604)

Critical

Bash Command Injection Vulnerability (Shellshock Bug)

Critical

Blind Command Injection

Critical

Blind SQL Injection

Critical

Boolean Based SQL Injection

Critical

CVE-2024-6297 WordPress Plugin Backdoor

Critical

Code Evaluation (ASP)

Critical

Code Evaluation (Apache Struts S02-53)

Critical

Code Evaluation (Apache Struts)

Critical

Code Evaluation (Apache Struts) S2-016

Critical

Code Evaluation (Apache Struts) S2-045

Critical

Code Evaluation (Apache Struts) S2-046

Critical

Code Evaluation (Node.js)

Critical

Code Evaluation (PHP)

Critical

Code Evaluation (PHP) - IAST

Critical

Code Evaluation (Perl)

Critical

Code Evaluation (Python)

Critical

Code Evaluation (RoR - JSON)

Critical

Code Evaluation (RoR)

Critical

Code Evaluation (Ruby)

Critical

Code Evaluation via Local File Inclusion (PHP)

Critical

Code Execution via File Upload

Critical

Code Execution via Local File Inclusion

Critical

Code Execution via SSTI

Critical

Code Execution via SSTI (ASP.NET Razor)

Critical

Code Execution via SSTI (Java FreeMarker)

Critical

Code Execution via SSTI (Java Pebble)

Critical

Code Execution via SSTI (Java Velocity)

Critical

Code Execution via SSTI (JinJava)

Critical

Code Execution via SSTI (Node.js Dot)

Critical

Code Execution via SSTI (Node.js EJS)

Critical

Code Execution via SSTI (Node.js Marko)

Critical

Code Execution via SSTI (Node.js Nunjucks)

Critical

Code Execution via SSTI (Node.js Pug (Jade))

Critical

Code Execution via SSTI (PHP Smarty)

Critical

Code Execution via SSTI (PHP Twig)

Critical

Code Execution via SSTI (Python Jinja)

Critical

Code Execution via SSTI (Python Mako)

Critical

Code Execution via SSTI (Python Tornado)

Critical

Code Execution via SSTI (Ruby ERB)

Critical

Code Execution via SSTI (Ruby Slim)

Critical

Code Execution via WebDAV

Critical

Command Injection

Critical

Command Injection (IAST)

Critical

Drupal Core - Remote Code Execution (CVE-2019-6340)

Critical

Ivanti ICS and IPS Command Injection - CVE-2024-2188

Critical

JWT kid Parameter Out of Band Command Injection

Critical

LDAP Injection (IAST)

Critical

Mail Header Injection (IAST)

Critical

Malware Identified

Critical

MongoDB Injection (IAST)

Critical

OpenSSL Heartbleed

Critical

Oracle EBS - Unauthenticated Remote Code Execution

Critical

Oracle WebLogic Remote Code Execution (CVE-2020-14882)

Critical

Out of Band Code Evaluation (ASP)

Critical

Out of Band Code Evaluation (Apache Struts 2)

Critical

Out of Band Code Evaluation (Apache Struts 2) S2-053

Critical

Out of Band Code Evaluation (Log4j)

Critical

Out of Band Code Evaluation (Node.js)

Critical

Out of Band Code Evaluation (PHP)

Critical

Out of Band Code Evaluation (Perl)

Critical

Out of Band Code Evaluation (Python)

Critical

Out of Band Code Evaluation (RoR - JSON)

Critical

Out of Band Code Evaluation (RoR)

Critical

Out of Band Code Evaluation (Ruby)

Critical

Out of Band Code Execution via SSTI

Critical

Out of Band Code Execution via SSTI (Java FreeMarker)

Critical

Out of Band Code Execution via SSTI (Java Velocity)

Critical

Out of Band Code Execution via SSTI (Node.js Dot)

Critical

Out of Band Code Execution via SSTI (Node.js EJS)

Critical

Out of Band Code Execution via SSTI (Node.js Marko)

Critical

Out of Band Code Execution via SSTI (Node.js Nunjucks)

Critical

Out of Band Code Execution via SSTI (Node.js Pug (Jade))

Critical

Out of Band Code Execution via SSTI (PHP Smarty)

Critical