Web Vulnerability & Security Check

Web Application Vulnerabilities Index

This page lists 144 vulnerabilities categorized as medium severity that can be detected by Invicti.

Select Category

Select Vulnerability

Vulnerability Name

Classification

Severity

Server-Side Request Forgery

Medium

Server-Side Request Forgery (Apache Server Status)

High

Server-Side Request Forgery (AWS)

High

Server-Side Request Forgery (elmah)

High

Server-Side Request Forgery (elmah MVC)

High

Server-Side Request Forgery (Equinix)

Critical

Server-Side Request Forgery (MySQL)

High

Server-Side Request Forgery (Oracle Cloud)

Critical

Server-Side Request Forgery (Packet Cloud)

Critical

Server-Side Request Forgery (SSH)

High

Server-Side Request Forgery (Time Based)

Medium

Server-Side Request Forgery (trace.axd)

Critical

Server-Side Template Injection

Critical

Server-Side Template Injection (ASP.NET Razor)

Critical

Server-Side Template Injection (IAST)

High

Server-Side Template Injection (Java FreeMarker)

Critical

Server-Side Template Injection (Java Pebble)

Critical

Server-Side Template Injection (Java Velocity)

Critical

Server-Side Template Injection (JinJava)

Critical

Server-Side Template Injection (Node.js Dot)

Critical

Server-Side Template Injection (Node.js EJS)

Critical

Server-Side Template Injection (Ruby ERB)

Critical

Session Cookie Not Marked as Secure

Medium

SharePoint Identified

Information

SharePoint "ToolShell" RCE (CVE-2025-49704/CVE-2025-49706/CVE-2025-53770/CVE-2025-53771)

Critical

Shell Script Detected

Information

Shopify Identified

Information

Silverlight Client Access Policy Detected

Information

Silverstripe CMS Detected

Information

SimpleHelp Path Traversal (CVE-2024-57727)

High

Sitecore Arbitrary File Read (CVE-2024-46938)

High

Sitecore XM/XP Insecure Deserialization (CVE-2025-27218)

Critical

Sitemap Detected

Information

Slick Identified

Information

SnapSvg Identified

Information

Social Security Number Disclosure

Low

SonicWall SSL-VPN Server Identified

Information

Sortablejs Identified

Information

Source Code Disclosure (ASP.NET)

Medium

Source Code Disclosure (ColdFusion)

Medium

Source Code Disclosure (Generic)

Medium

Source Code Disclosure (Java)

Medium

Source Code Disclosure (Java Servlet)

Medium

Source Code Disclosure (JSP)

Medium

Source Code Disclosure (Perl)

Medium

Source Code Disclosure (PHP)

Medium

Source Code Disclosure (Python)

Medium

Source Code Disclosure (Ruby)

Medium

Source Code Disclosure (Tomcat)

Medium

Spring Boot Actuator Endpoint Detected

Medium

Spring Boot Misconfiguration: Actuator endpoint security disabled

Medium

Spring Boot Misconfiguration: Admin MBean enabled

Medium

Spring Boot Misconfiguration: All Spring Boot Actuator endpoints are web exposed

Medium

Spring Boot Misconfiguration: Datasource credentials stored in the properties file

Medium

Spring Boot Misconfiguration: Developer tools enabled on production

Medium

Spring Boot Misconfiguration: H2 console enabled

Medium

Spring Boot Misconfiguration: MongoDB credentials stored in the properties file

Medium

Spring Boot Misconfiguration: Overly long session timeout

Medium

Spring Boot Misconfiguration: Spring Boot Actuator shutdown endpoint is web exposed

Medium

Spring Boot Misconfiguration: Unsafe value for session tracking

Medium

Spring Framework Identified

Information

Spring Misconfiguration: HTML Escaping disabled

Medium

SQL File Detected

Information

Critical

SQL Injection (IAST)

Critical

SQLite Database File Found

Medium

Squarespace Identified

Information

Squid Identified

Information

SSL Certificate Is About To Expire

Medium

SSL Certificate Name Hostname Mismatch

Medium

SSL/TLS Not Implemented

Medium

SSL Untrusted Root Certificate

Medium

Stack Trace Disclosure (Apache MyFaces)

Low

Stack Trace Disclosure (Apache Shiro)

Low