Web Vulnerability & Security Check

Web Application Vulnerabilities Index

This page lists 144 vulnerabilities categorized as medium severity that can be detected by Invicti.

Select Category

Select Vulnerability

Vulnerability Name

Classification

Severity

Sensitive Data Exposure - Consul Token

Medium

Sensitive Data Exposure - Database Connection String - MongoDB - MySQL

Medium

Sensitive Data Exposure - Database Connection String - PostgreSQL

Medium

Sensitive Data Exposure - Devise Secret Key

Medium

Sensitive Data Exposure - Facebook Access Token

Medium

Sensitive Data Exposure - Facebook App ID

Medium

Sensitive Data Exposure - Facebook App Secret

Medium

Sensitive Data Exposure - Gitlab Personal Access Token

Medium

Sensitive Data Exposure - Google Cloud API Key

Medium

Sensitive Data Exposure - Google OAuth Access Token

Medium

Sensitive Data Exposure - Heroku API Key

Medium

Sensitive Data Exposure - JDBC Database Connection String

Medium

Sensitive Data Exposure - Jenkins Secret

Medium

Sensitive Data Exposure - LinkedIn API Key

Medium

Sensitive Data Exposure - MailChimp API Key

Medium

Sensitive Data Exposure - MailGun API Key

Medium

Sensitive Data Exposure - Mapbox Token

Medium

Sensitive Data Exposure - NPM Access Token

Medium

Sensitive Data Exposure - Nexmo Secret

Medium

Sensitive Data Exposure - NuGet API Key

Medium

Sensitive Data Exposure - Okta Secret Key

Medium

Sensitive Data Exposure - Omise Secret Key

Medium

Sensitive Data Exposure - Paypal Access Token

Medium

Sensitive Data Exposure - Picatic API key

Medium

Sensitive Data Exposure - SSH Key

Medium

Sensitive Data Exposure - SendGrid API Key

Medium

Sensitive Data Exposure - Sentry Auth Token

Medium

Sensitive Data Exposure - Slack Token

Medium

Sensitive Data Exposure - Slack Webhook

Medium

Sensitive Data Exposure - Slack v1.x Token

Medium

Sensitive Data Exposure - SonarQube User Token

Medium

Sensitive Data Exposure - Square OAuth Secret

Medium

Sensitive Data Exposure - Square Personal Access Token

Medium

Sensitive Data Exposure - Stripe API key

Medium

Sensitive Data Exposure - Symfony Application Secret

Medium

Sensitive Data Exposure - Teams Webhook

Medium

Sensitive Data Exposure - Telegram Bot API Token

Medium

Sensitive Data Exposure - Twilio API Key

Medium

Sensitive Data Exposure - Twitter API Secret Key

Medium

Sensitive Data Exposure - Twitter Access Token Secret

Medium

Sensitive Data Exposure - WordPress Authentication Key/Salt

Medium

Sensitive Pages Could Be Cached

Low

SeoPanel Detected

Information

Serendipity Detected

Information

Server-Side Request Forgery

Medium

Server-Side Request Forgery (AWS)

High

Server-Side Request Forgery (Apache Server Status)

High

Server-Side Request Forgery (Equinix)

Critical

Server-Side Request Forgery (MySQL)

High

Server-Side Request Forgery (Oracle Cloud)

Critical

Server-Side Request Forgery (Packet Cloud)

Critical

Server-Side Request Forgery (SSH)

High

Server-Side Request Forgery (Time Based)

Medium

Server-Side Request Forgery (elmah MVC)

High

Server-Side Request Forgery (elmah)

High

Server-Side Request Forgery (trace.axd)

Critical

Server-Side Template Injection

Critical

Server-Side Template Injection (ASP.NET Razor)

Critical

Server-Side Template Injection (IAST)

High

Server-Side Template Injection (Java FreeMarker)

Critical

Server-Side Template Injection (Java Pebble)

Critical

Server-Side Template Injection (Java Velocity)

Critical

Server-Side Template Injection (JinJava)

Critical

Server-Side Template Injection (Node.js Dot)

Critical

Server-Side Template Injection (Node.js EJS)

Critical

Server-Side Template Injection (Ruby ERB)

Critical

Session Cookie Not Marked as Secure

Medium

SharePoint Identified

Information

Shell Script Detected

Information

Shopify Identified

Information

Silverlight Client Access Policy Detected

Information

Sitemap Detected

Information

Slick Identified

Information

SnapSvg Identified

Information