🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Invicti vs. Competitors
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
MSSP
Documentation
Vulnerability Database
Get a demo
Home
/
Web Application Vulnerabilities
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
Web Application Vulnerabilities
This page lists
24652 vulnerabilities
in
62 categories
.
Critical: 1632
High: 13204
Medium: 8857
Low: 888
Information: 71
Vulnerability Name
CVE
CWE
Severity
Roundcube Deserialization of Untrusted Data Vulnerability (CVE-2026-35537)
CVE-2026-35537
CWE-502
High
Roundcube Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-0464)
CVE-2010-0464
CWE-200
Medium
Roundcube Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5382)
CVE-2015-5382
CWE-200
Medium
Roundcube Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5383)
CVE-2015-5383
CWE-200
High
Roundcube Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-19205)
CVE-2018-19205
CWE-200
High
Roundcube Files or Directories Accessible to External Parties Vulnerability (CVE-2017-16651)
CVE-2017-16651
CWE-552
High
Roundcube Improper Access Control Vulnerability (CVE-2016-9920)
CVE-2016-9920
CWE-284
High
Roundcube Improper Encoding or Escaping of Output Vulnerability (CVE-2025-68460)
CVE-2025-68460
CWE-116
High
Roundcube Improper Input Validation Vulnerability (CVE-2011-1491)
CVE-2011-1491
CWE-20
Low
Roundcube Improper Input Validation Vulnerability (CVE-2011-1492)
CVE-2011-1492
CWE-20
Medium
Roundcube Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2013-1904)
CVE-2013-1904
CWE-22
Medium
Roundcube Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2020-12640)
CVE-2020-12640
CWE-22
Critical
Roundcube Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') Vulnerability (CVE-2020-12641)
CVE-2020-12641
CWE-707
Critical
Roundcube Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') Vulnerability (CVE-2026-35538)
CVE-2026-35538
CWE-707
Low
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-0413)
CVE-2009-0413
CWE-707
Medium
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-2937)
CVE-2011-2937
CWE-707
Medium
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-1253)
CVE-2012-1253
CWE-707
Low
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-3507)
CVE-2012-3507
CWE-707
Low
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-3508)
CVE-2012-3508
CWE-707
Medium
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-4668)
CVE-2012-4668
CWE-707
Medium
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-6121)
CVE-2012-6121
CWE-707
Medium
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-5645)
CVE-2013-5645
CWE-707
Medium
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-5381)
CVE-2015-5381
CWE-707
Medium
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-6820)
CVE-2017-6820
CWE-707
Medium
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-19206)
CVE-2018-19206
CWE-707
Medium
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-12625)
CVE-2020-12625
CWE-707
Medium
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13964)
CVE-2020-13964
CWE-707
Medium
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13965)
CVE-2020-13965
CWE-707
Medium
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-15562)
CVE-2020-15562
CWE-707
Medium
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-16145)
CVE-2020-16145
CWE-707
Medium
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-18670)
CVE-2020-18670
CWE-707
Medium
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-18671)
CVE-2020-18671
CWE-707
Medium
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-35730)
CVE-2020-35730
CWE-707
Medium
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-26925)
CVE-2021-26925
CWE-707
Medium
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-44025)
CVE-2021-44025
CWE-707
Medium
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-46144)
CVE-2021-46144
CWE-707
Medium
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-43770)
CVE-2023-43770
CWE-707
Medium
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-47272)
CVE-2023-47272
CWE-707
Medium
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-5631)
CVE-2023-5631
CWE-707
Medium
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-37383)
CVE-2024-37383
CWE-707
Medium
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-37384)
CVE-2024-37384
CWE-707
Medium
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-42008)
CVE-2024-42008
CWE-707
Critical
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-42009)
CVE-2024-42009
CWE-707
Critical
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-68461)
CVE-2025-68461
CWE-707
Medium
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-35539)
CVE-2026-35539
CWE-707
Medium
Roundcube Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) Vulnerability (CVE-2024-57004)
CVE-2024-57004
CWE-707
Medium
Roundcube Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2024-37385)
CVE-2024-37385
CWE-138
Critical
Roundcube Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-6172)
CVE-2013-6172
CWE-138
High
Roundcube Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-44026)
CVE-2021-44026
CWE-138
Critical
Roundcube Improper Privilege Management Vulnerability (CVE-2017-8114)
CVE-2017-8114
CWE-269
High
Roundcube Incorrect Resource Transfer Between Spheres Vulnerability (CVE-2026-35540)
CVE-2026-35540
CWE-669
Medium
Roundcube Incorrect Resource Transfer Between Spheres Vulnerability (CVE-2026-35542)
CVE-2026-35542
CWE-669
Medium
Roundcube Incorrect Resource Transfer Between Spheres Vulnerability (CVE-2026-35543)
CVE-2026-35543
CWE-669
Medium
Roundcube Incorrect Resource Transfer Between Spheres Vulnerability (CVE-2026-35544)
CVE-2026-35544
CWE-669
Medium
Roundcube Incorrect Resource Transfer Between Spheres Vulnerability (CVE-2026-35545)
CVE-2026-35545
CWE-669
High
Roundcube Multiple Buffer Overflow Vulnerabilities (CVE-2015-2181)
CVE-2015-2181
-
High
Roundcube Multiple Cross-site Request Forgery (CSRF) Vulnerabilities (CVE-2014-9587)
CVE-2014-9587
-
Medium
Roundcube Resource Management Errors Vulnerability (CVE-2008-5620)
CVE-2008-5620
-
High
Roundcube Resource Management Errors Vulnerability (CVE-2011-4078)
CVE-2011-4078
-
Medium
Roundcube security updates 0.8.6 and 0.7.3
CVE-2013-1904
CWE-22
High
Roundcube Unspesificed Vulnerability (CVE-2018-1000071)
CVE-2018-1000071
-
High
Roundcube Unspesificed Vulnerability (CVE-2018-9846)
CVE-2018-9846
-
High
Roundcube Unspesificed Vulnerability (CVE-2019-10740)
CVE-2019-10740
-
Medium
Roundcube Unspesificed Vulnerability (CVE-2019-15237)
CVE-2019-15237
-
High
RSA Private Key Detected
-
CWE-200
High
Ruby 7PK - Security Features Vulnerability (CVE-2015-3900)
CVE-2015-3900
-
Medium
Ruby Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2026-46727)
CVE-2026-46727
CWE-362
High
Ruby Cryptographic Issues Vulnerability (CVE-2011-2686)
CVE-2011-2686
-
Medium
Ruby Cryptographic Issues Vulnerability (CVE-2012-5371)
CVE-2012-5371
-
Medium
Ruby Cryptographic Issues Vulnerability (CVE-2013-4073)
CVE-2013-4073
-
Medium
Ruby Cryptographic Issues Vulnerability (CVE-2013-4287)
CVE-2013-4287
-
Medium
Ruby Cryptographic Issues Vulnerability (CVE-2013-4363)
CVE-2013-4363
-
Medium
Ruby CVE-2018-16395 Vulnerability (CVE-2018-16395)
CVE-2018-16395
-
Critical
Ruby CVE-2018-16396 Vulnerability (CVE-2018-16396)
CVE-2018-16396
-
High
Ruby CVE-2019-15845 Vulnerability (CVE-2019-15845)
CVE-2019-15845
-
Medium
«
1
...
176
177
178
...
329
»