Web Application Vulnerabilities Index

This page lists 144 vulnerabilities categorized as medium severity that can be detected by Invicti.

Select Category
Critical
High
Medium
Low
Best Practice
Information
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Vulnerability Name
Classification
Severity
Out of Band Code Execution via SSTI (PHP Twig)
Out of Band Code Execution via SSTI (PHP Twig)
Critical
Out of Band Code Execution via SSTI (Python Jinja)
Out of Band Code Execution via SSTI (Python Jinja)
Critical
Out of Band Code Execution via SSTI (Python Mako)
Out of Band Code Execution via SSTI (Python Mako)
Critical
Out of Band Code Execution via SSTI (Python Tornado)
Out of Band Code Execution via SSTI (Python Tornado)
Critical
Out of Band Command Injection
Out of Band Command Injection
Critical
Out of Band Remote File Inclusion
Out of Band Remote File Inclusion
Critical
Out of Band SQL Injection
Out of Band SQL Injection
Critical
Possible Boolean Mongo Db Injection
Possible Boolean Mongo Db Injection
Critical
PossibleBlindMongoDB
PossibleBlindMongoDB
Critical
Private Json Web Key Set Disclosure
Private Json Web Key Set Disclosure
Critical
RegreSSHion Attack (CVE-2024-6387)
RegreSSHion Attack (CVE-2024-6387)
Critical
Remote Code Execution (Spring4Shell)
Remote Code Execution (Spring4Shell)
Critical
Remote Code Execution and DoS in HTTP.sys (IIS)
Remote Code Execution and DoS in HTTP.sys (IIS)
Critical
Remote File Inclusion
Remote File Inclusion
Critical
SQL Injection
SQL Injection
Critical
SQL Injection (IAST)
SQL Injection (IAST)
Critical
Server-Side Request Forgery (Equinix)
Server-Side Request Forgery (Equinix)
Critical
Server-Side Request Forgery (Oracle Cloud)
Server-Side Request Forgery (Oracle Cloud)
Critical
Server-Side Request Forgery (Packet Cloud)
Server-Side Request Forgery (Packet Cloud)
Critical
Server-Side Request Forgery (trace.axd)
Server-Side Request Forgery (trace.axd)
Critical
Server-Side Template Injection
Server-Side Template Injection
Critical
Server-Side Template Injection (ASP.NET Razor)
Server-Side Template Injection (ASP.NET Razor)
Critical
Server-Side Template Injection (Java FreeMarker)
Server-Side Template Injection (Java FreeMarker)
Critical
Server-Side Template Injection (Java Pebble)
Server-Side Template Injection (Java Pebble)
Critical
Server-Side Template Injection (Java Velocity)
Server-Side Template Injection (Java Velocity)
Critical
Server-Side Template Injection (JinJava)
Server-Side Template Injection (JinJava)
Critical
Server-Side Template Injection (Node.js Dot)
Server-Side Template Injection (Node.js Dot)
Critical
Server-Side Template Injection (Node.js EJS)
Server-Side Template Injection (Node.js EJS)
Critical
Server-Side Template Injection (Ruby ERB)
Server-Side Template Injection (Ruby ERB)
Critical
Text4Shell Remote Code Execution - (CVE-2022-42889)
Text4Shell Remote Code Execution - (CVE-2022-42889)
Critical
TorchServe Management API SSRF (CVE-2023-43654)
TorchServe Management API SSRF (CVE-2023-43654)
Critical
VMware Aria Operations for Networks Remote Code Execution (CVE-2023-20887)
VMware Aria Operations for Networks Remote Code Execution (CVE-2023-20887)
Critical
Web Backdoor Detected
Web Backdoor Detected
Critical
Web Cache Deception
Web Cache Deception
Critical