Invicti

Web Application Vulnerabilities Index

This page lists 144 vulnerabilities categorized as medium severity that can be detected by Invicti.

Select Category

Select Vulnerability

Vulnerability Name

Classification

Severity

Sensitive Data Exposure - Jenkins Secret

Medium

Sensitive Data Exposure - LinkedIn API Key

Medium

Sensitive Data Exposure - MailChimp API Key

Medium

Sensitive Data Exposure - MailGun API Key

Medium

Sensitive Data Exposure - Mapbox Token

Medium

Sensitive Data Exposure - NPM Access Token

Medium

Sensitive Data Exposure - Nexmo Secret

Medium

Sensitive Data Exposure - NuGet API Key

Medium

Sensitive Data Exposure - Okta Secret Key

Medium

Sensitive Data Exposure - Omise Secret Key

Medium

Sensitive Data Exposure - Paypal Access Token

Medium

Sensitive Data Exposure - Picatic API key

Medium

Sensitive Data Exposure - SSH Key

Medium

Sensitive Data Exposure - SendGrid API Key

Medium

Sensitive Data Exposure - Sentry Auth Token

Medium

Sensitive Data Exposure - Slack Token

Medium

Sensitive Data Exposure - Slack Webhook

Medium

Sensitive Data Exposure - Slack v1.x Token

Medium

Sensitive Data Exposure - SonarQube User Token

Medium

Sensitive Data Exposure - Square OAuth Secret

Medium

Sensitive Data Exposure - Square Personal Access Token

Medium

Sensitive Data Exposure - Stripe API key

Medium

Sensitive Data Exposure - Symfony Application Secret

Medium

Sensitive Data Exposure - Teams Webhook

Medium

Sensitive Data Exposure - Telegram Bot API Token

Medium

Sensitive Data Exposure - Twilio API Key

Medium

Sensitive Data Exposure - Twitter API Secret Key

Medium

Sensitive Data Exposure - Twitter Access Token Secret

Medium

Sensitive Data Exposure - WordPress Authentication Key/Salt

Medium

Server-Side Request Forgery

Medium

Server-Side Request Forgery (Time Based)

Medium

Session Cookie Not Marked as Secure

Medium

Source Code Disclosure (ASP.NET)

Medium

Source Code Disclosure (ColdFusion)

Medium

Source Code Disclosure (Generic)

Medium

Source Code Disclosure (JSP)

Medium

Source Code Disclosure (Java Servlet)

Medium

Source Code Disclosure (Java)

Medium

Source Code Disclosure (PHP)

Medium

Source Code Disclosure (Perl)

Medium

Source Code Disclosure (Python)

Medium

Source Code Disclosure (Ruby)

Medium

Source Code Disclosure (Tomcat)

Medium

Spring Boot Actuator Endpoint Detected

Medium

Spring Boot Misconfiguration: Actuator endpoint security disabled

Medium

Spring Boot Misconfiguration: Admin MBean enabled

Medium

Spring Boot Misconfiguration: All Spring Boot Actuator endpoints are web exposed

Medium

Spring Boot Misconfiguration: Datasource credentials stored in the properties file

Medium

Spring Boot Misconfiguration: Developer tools enabled on production

Medium

Spring Boot Misconfiguration: H2 console enabled

Medium

Spring Boot Misconfiguration: MongoDB credentials stored in the properties file

Medium

Spring Boot Misconfiguration: Overly long session timeout

Medium

Spring Boot Misconfiguration: Spring Boot Actuator shutdown endpoint is web exposed

Medium

Spring Boot Misconfiguration: Unsafe value for session tracking

Medium

Spring Misconfiguration: HTML Escaping disabled

Medium

Stack Trace Disclosure (ColdFusion)

Medium

Stack Trace Disclosure (Django)

Medium

Stack Trace Disclosure (Java)

Medium

Stack Trace Disclosure (Laravel)

Medium

Stack Trace Disclosure (Python)

Medium

Stack Trace Disclosure (RoR)

Medium

Stack Trace Disclosure (Ruby-Sinatra Framework)

Medium

Struts 2 Config Browser plugin enabled

Medium

Struts 2 Development Mode Enabled

Medium

Sublime SFTP Config File Detected

Medium

TLS/SSL Certificate Key Size Too Small

Medium

Unicode Transformation (Best-Fit Mapping)

Medium

Unsafe value for session tracking in WEB-INF/web.xml

Medium

ViewState MAC Disabled

Medium

Weak Ciphers Enabled

Medium

WordPress Setup Configuration File

Medium

ZSH History File Detected

Medium