🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Invicti vs. Competitors
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
MSSP
Documentation
Vulnerability Database
Get a demo
Home
/
Web Application Vulnerabilities
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
Web Application Vulnerabilities
This page lists
24652 vulnerabilities
in
62 categories
.
Critical: 1632
High: 13204
Medium: 8857
Low: 888
Information: 71
Vulnerability Name
CVE
CWE
Severity
qdPM Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-26180)
CVE-2022-26180
CWE-352
High
qdPM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2020-26165)
CVE-2020-26165
CWE-94
High
qdPM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2020-7246)
CVE-2020-7246
CWE-22
High
qdPM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-45855)
CVE-2023-45855
CWE-22
High
qdPM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8390)
CVE-2019-8390
CWE-707
Medium
qdPM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8391)
CVE-2019-8391
CWE-707
Medium
qdPM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-18468)
CVE-2020-18468
CWE-707
Medium
qdPM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-19515)
CVE-2020-19515
CWE-707
Medium
qdPM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-26166)
CVE-2020-26166
CWE-707
Medium
qdPM Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2020-11814)
CVE-2020-11814
CWE-138
Medium
qdPM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-25208)
CVE-2018-25208
CWE-138
High
qdPM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-25669)
CVE-2019-25669
CWE-138
High
qdPM Information Disclosure
-
CWE-260
High
qdPM Multiple Cross-site Scripting (XSS) Vulnerabilities (CVE-2015-3883)
CVE-2015-3883
-
Medium
qdPM Sensitive Information Disclosure Vulnerability (CVE-2015-3881)
CVE-2015-3881
-
High
qdPM Sensitive Information Disclosure Vulnerability (CVE-2015-3882)
CVE-2015-3882
-
Medium
qdPM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-11811)
CVE-2020-11811
CWE-434
Critical
qdPM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-45856)
CVE-2023-45856
CWE-434
Critical
Qlik Sense Enterprise Auth Bypass (CVE-2023-41266)
CVE-2023-41266
CWE-20
High
Question2Answer Improper Input Validation Vulnerability (CVE-2017-12775)
CVE-2017-12775
CWE-20
High
rack-mini-profiler environment variables disclosure
-
CWE-287
Medium
Railo administration panel cross-site scripting
-
CWE-80
High
Rails Asset Pipeline Directory Traversal Vulnerability
CVE-2018-3760
CWE-22
High
Rails controller possible sensitive information disclosure
-
CWE-200
Medium
Rails Devise authentication password reset
CVE-2013-0233
CWE-287
High
Rails mass assignment
-
CWE-915
High
Rails remote code execution using render :inline
CVE-2016-2098
CWE-94
High
Ramda Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2021-42581)
CVE-2021-42581
CWE-1321
Critical
RCE in Ivanti Connect Secure and Policy Secure (CVE-2024-21887)
CVE-2024-21887
CWE-77
Critical
RCE in SQL Server Reporting Services (SSRS)
CVE-2020-0618
CWE-78
High
RCE with Spring Data Commons
CVE-2018-1273
CWE-94
High
Reachable SharePoint interface
-
CWE-200
High
React CVE-2025-55183 Vulnerability (CVE-2025-55183)
CVE-2025-55183
-
Medium
React Deserialization of Untrusted Data Vulnerability (CVE-2025-55182)
CVE-2025-55182
CWE-502
Critical
React Deserialization of Untrusted Data Vulnerability (CVE-2025-55184)
CVE-2025-55184
CWE-502
High
React Deserialization of Untrusted Data Vulnerability (CVE-2025-67779)
CVE-2025-67779
CWE-502
High
React Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-6341)
CVE-2018-6341
CWE-707
Medium
React Uncontrolled Resource Consumption Vulnerability (CVE-2026-23864)
CVE-2026-23864
CWE-400
High
Redis Unauthorized Access Vulnerability
-
CWE-200
Medium
Reflected Cross-Site Scripting (XSS) vulnerability in PAN-OS management web interface
CVE-2020-2036
CWE-79
High
Rejetto HTTP File Server SSTI RCE (CVE-2024-23692)
CVE-2024-23692
CWE-1336
Critical
Remote Code Execution (RCE) in Spring Security OAuth
CVE-2016-4977
CWE-94
High
Remote Code Execution (Spring4Shell)
CVE-2022-22965
CWE-94
Critical
Remote code execution in bootstrap-sass 3.2.0.3
CVE-2019-10842
CWE-95
High
Remote code execution of user-provided local names in Rails
CVE-2020-8163
CWE-94
High
Remote code execution vulnerability in WordPress Duplicator
-
CWE-98
High
Remote File Inclusion
-
CWE-98
Critical
Remote File Inclusion (admin/lang.php) (CMS Made Simple)
CVE-2005-2846
-
High
Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (CVE-2024-6387)
CVE-2024-6387
CWE-362
High
Request Smuggling
-
CWE-444
High
Resin Application Server Improper Input Validation Vulnerability (CVE-2012-2965)
CVE-2012-2965
CWE-20
High
Resin Application Server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2012-2968)
CVE-2012-2968
CWE-22
Medium
Resin Application Server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-44138)
CVE-2021-44138
CWE-22
High
Resin Application Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-2462)
CVE-2008-2462
CWE-707
Medium
Resin Application Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-2032)
CVE-2010-2032
CWE-707
Medium
Resin Application Server Other Vulnerability (CVE-2004-0281)
CVE-2004-0281
-
Medium
Resin Application Server Other Vulnerability (CVE-2012-2966)
CVE-2012-2966
-
High
Resin Application Server Other Vulnerability (CVE-2012-2967)
CVE-2012-2967
-
High
Resin Application Server Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2969)
CVE-2012-2969
CWE-264
Medium
Resin Application Server Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-2966)
CVE-2014-2966
CWE-264
Medium
Resource Accessible Without Required Authentication
-
CWE-287
Medium
Restlet Framework Deserialization of Untrusted Data Vulnerability (CVE-2013-4271)
CVE-2013-4271
CWE-502
High
Restlet Framework Improper Restriction of XML External Entity Reference Vulnerability (CVE-2017-14868)
CVE-2017-14868
CWE-611
High
Restlet Framework Improper Restriction of XML External Entity Reference Vulnerability (CVE-2017-14949)
CVE-2017-14949
CWE-611
High
Restlet Framework XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2013-4221)
CVE-2013-4221
CWE-91
High
RethinkDB administrative interface publicly exposed
-
CWE-200
High
Retired hash function in SAML Response
-
CWE-327
Information
reveal.js Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-8127)
CVE-2020-8127
CWE-707
Medium
reveal.js Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-0776)
CVE-2022-0776
CWE-707
Medium
Reverse proxy bypass
CVE-2011-3368
CWE-20
Medium
Reverse Proxy Detected
-
-
Information
Reverse proxy misrouting
-
CWE-918
High
Reverse proxy misrouting through HTTP/2 pseudo-headers (SSRF)
-
CWE-918
Medium
ReviveAdserver 7PK - Security Features Vulnerability (CVE-2016-9470)
CVE-2016-9470
-
Critical
ReviveAdserver Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-52670)
CVE-2025-52670
CWE-639
Medium
«
1
...
174
175
176
...
329
»