Web Application Vulnerabilities Index

This page lists 144 vulnerabilities categorized as medium severity that can be detected by Invicti.

Select Category
Critical
High
Medium
Low
Best Practice
Information
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Vulnerability Name
Classification
Severity
GraphQL Library Detected (GqlGen)
GraphQL Library Detected (GqlGen)
Information
GraphQL Library Detected (GraphQL API for Wordpress)
GraphQL Library Detected (GraphQL API for Wordpress)
Information
GraphQL Library Detected (Graphene)
GraphQL Library Detected (Graphene)
Information
GraphQL Library Detected (Graphql-Go)
GraphQL Library Detected (Graphql-Go)
Information
GraphQL Library Detected (Hasura)
GraphQL Library Detected (Hasura)
Information
GraphQL Library Detected (Hot Chocolate)
GraphQL Library Detected (Hot Chocolate)
Information
GraphQL Library Detected (Juniper)
GraphQL Library Detected (Juniper)
Information
GraphQL Library Detected (Ruby-graphql)
GraphQL Library Detected (Ruby-graphql)
Information
GraphQL Library Detected (Sangria)
GraphQL Library Detected (Sangria)
Information
GraphQL Library Detected (Tartiflette)
GraphQL Library Detected (Tartiflette)
Information
GraphQL Library Detected (WPGraphQL)
GraphQL Library Detected (WPGraphQL)
Information
GraphQL Library Detected (graphql-java)
GraphQL Library Detected (graphql-java)
Information
GraphQL Library Detected (graphql-php)
GraphQL Library Detected (graphql-php)
Information
Gsap Identified
Gsap Identified
Information
Gunicorn Python WSGI HTTP Server Identified
Gunicorn Python WSGI HTTP Server Identified
Information
HTTP Header Injection
HTTP Header Injection
Medium
HTTP Header Injection (IAST)
HTTP Header Injection (IAST)
Medium
HTTP Parameter Pollution
HTTP Parameter Pollution
Medium
HTTP Strict Transport Security (HSTS) Errors and Warnings
HTTP Strict Transport Security (HSTS) Errors and Warnings
Medium
HTTP Strict Transport Security (HSTS) Max-Age Value Too Low
HTTP Strict Transport Security (HSTS) Max-Age Value Too Low
Information
HTTP Strict Transport Security (HSTS) Policy Not Enabled
HTTP Strict Transport Security (HSTS) Policy Not Enabled
Medium
HTTP Strict Transport Security (HSTS) via HTTP
HTTP Strict Transport Security (HSTS) via HTTP
Information
Hammerjs Identified
Hammerjs Identified
Information
Handlebarsjs Identified
Handlebarsjs Identified
Information
Hesk Detected
Hesk Detected
Information
Hiawatha Identified
Hiawatha Identified
Information
Highcharts Identified
Highcharts Identified
Information
Html5Shiv Identified
Html5Shiv Identified
Information
HubSpot Identified
HubSpot Identified
Information
I'm a Teapot
I'm a Teapot
Information
IBM Business Process Manager (BPM) Identified
IBM Business Process Manager (BPM) Identified
Information
IBM HTTP Server Identified
IBM HTTP Server Identified
Information
IBM Rational Team Concert (RTC) Identified
IBM Rational Team Concert (RTC) Identified
Information
IBM Security Access Manager (WebSEAL) Identified
IBM Security Access Manager (WebSEAL) Identified
Information
IIS Identified
IIS Identified
Information
ImagePicker Identified
ImagePicker Identified
Information
Incorrect Content Security Policy (CSP) Implementation
Incorrect Content Security Policy (CSP) Implementation
Information
Inferno Identified
Inferno Identified
Information
Information Disclosure (Microsoft Office)
Information Disclosure (Microsoft Office)
Low
Insecure Frame (External)
Insecure Frame (External)
Low
Insecure HTTP Usage
Insecure HTTP Usage
Medium
Insecure JSONP Endpoint
Insecure JSONP Endpoint
Low
Insecure Protocol Detected in Content Security Policy (CSP)
Insecure Protocol Detected in Content Security Policy (CSP)
Information
Insecure Reflected Content
Insecure Reflected Content
Low
Insecure Transportation Security Protocol Supported (SSLv2)
Insecure Transportation Security Protocol Supported (SSLv2)
High
Insecure Transportation Security Protocol Supported (SSLv3)
Insecure Transportation Security Protocol Supported (SSLv3)
High
Insecure Transportation Security Protocol Supported (TLS 1.0)
Insecure Transportation Security Protocol Supported (TLS 1.0)
High
Insecure Transportation Security Protocol Supported (TLS 1.1)
Insecure Transportation Security Protocol Supported (TLS 1.1)
Best Practice
Insecure Usage of Version 1 GUID
Insecure Usage of Version 1 GUID
Information
Installation File Detected
Installation File Detected
Information
Intermediate Certificate is Signed Using a Weak Signature Algorithm
Intermediate Certificate is Signed Using a Weak Signature Algorithm
Information
Internal IP Address Disclosure
Internal IP Address Disclosure
Low
Internal Path Disclosure (*nix)
Internal Path Disclosure (*nix)
Information
Internal Path Disclosure (Windows)
Internal Path Disclosure (Windows)
Information
Internal Server Error
Internal Server Error
Low
Introjs Identified
Introjs Identified
Information
Invalid Content Security Policy (CSP) Directive Identified in meta Elements
Invalid Content Security Policy (CSP) Directive Identified in meta Elements
Information
Invalid SSL Certificate
Invalid SSL Certificate
Medium
IonRangeSlider Identified
IonRangeSlider Identified
Information
Ivanti ICS and IPS Command Injection - CVE-2024-2188
Ivanti ICS and IPS Command Injection - CVE-2024-2188
Critical
JBoss Application Server Identified
JBoss Application Server Identified
Information
JBoss Core Services Identified
JBoss Core Services Identified
Information
JBoss Enterprise Application Platform Identified
JBoss Enterprise Application Platform Identified
Information
JBoss Web Console JMX Invoker
JBoss Web Console JMX Invoker
High
JQuery placeholder.js Identified
JQuery placeholder.js Identified
Information
JSP Identified
JSP Identified
Information
JWT Detected
JWT Detected
Information
JWT Forgery via Chaining Jku Parameter with Open Redirect
JWT Forgery via Chaining Jku Parameter with Open Redirect
High
JWT Forgery via Path Traversal
JWT Forgery via Path Traversal
High
JWT Forgery via SQL Injection
JWT Forgery via SQL Injection
High
JWT Forgery via unvalidated jku parameter
JWT Forgery via unvalidated jku parameter
High
JWT Signature Bypass via None Algorithm
JWT Signature Bypass via None Algorithm
High
JWT Signature is not Verified
JWT Signature is not Verified
High
JWT kid Parameter Out of Band Command Injection
JWT kid Parameter Out of Band Command Injection
Critical