Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Web Application Vulnerabilities

This page lists 24302 vulnerabilities in 62 categories.

Critical: 1589 High: 13053 Medium: 8721 Low: 870 Information: 69
Vulnerability Name
CVE
CWE
Severity
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8902)
CVE-2016-8902
CWE-138
Critical
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8903)
CVE-2016-8903
CWE-138
High
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8904)
CVE-2016-8904
CWE-138
High
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8905)
CVE-2016-8905
CWE-138
High
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8906)
CVE-2016-8906
CWE-138
High
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8907)
CVE-2016-8907
CWE-138
High
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8908)
CVE-2016-8908
CWE-138
High
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-5344)
CVE-2017-5344
CWE-138
Critical
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-12872)
CVE-2019-12872
CWE-138
High
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-27848)
CVE-2020-27848
CWE-138
High
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-11165)
CVE-2025-11165
CWE-138
Critical
Dot CMS Insertion of Sensitive Information into Log File Vulnerability (CVE-2024-3165)
CVE-2024-3165
CWE-532
Medium
Dot CMS Other Vulnerability (CVE-2016-4803)
CVE-2016-4803
-
High
Dot CMS Other Vulnerability (CVE-2022-26352)
CVE-2022-26352
-
Critical
Dot CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1826)
CVE-2012-1826
CWE-264
Medium
Dot CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-8600)
CVE-2016-8600
CWE-264
High
Dot CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2022-37033)
CVE-2022-37033
CWE-918
Medium
Dot CMS Uncontrolled Recursion Vulnerability (CVE-2022-37034)
CVE-2022-37034
CWE-674
Medium
Dot CMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-11466)
CVE-2017-11466
CWE-434
High
Dot CMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-3189)
CVE-2017-3189
CWE-434
High
Dot CMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-19138)
CVE-2020-19138
CWE-434
Critical
Dot CMS URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2018-17422)
CVE-2018-17422
CWE-601
Medium
Dot CMS Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Vulnerability (CVE-2022-45782)
CVE-2022-45782
CWE-338
High
Dotclear Improper Access Control Vulnerability (CVE-2015-8832)
CVE-2015-8832
CWE-284
High
Dotclear Improper Authentication Vulnerability (CVE-2014-3781)
CVE-2014-3781
CWE-287
Medium
Dotclear Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-3232)
CVE-2008-3232
CWE-94
Critical
Dotclear Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-1613)
CVE-2014-1613
CWE-94
High
Dotclear Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-0933)
CVE-2009-0933
CWE-707
Medium
Dotclear Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-1039)
CVE-2012-1039
CWE-707
Medium
Dotclear Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-5316)
CVE-2014-5316
CWE-707
Medium
Dotclear Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-5651)
CVE-2015-5651
CWE-707
Medium
Dotclear Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-8831)
CVE-2015-8831
CWE-707
Medium
Dotclear Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-6523)
CVE-2016-6523
CWE-707
Medium
Dotclear Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9891)
CVE-2016-9891
CWE-707
Medium
Dotclear Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-6446)
CVE-2017-6446
CWE-707
Medium
Dotclear Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-16358)
CVE-2018-16358
CWE-707
Medium
Dotclear Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-5689)
CVE-2018-5689
CWE-707
Medium
Dotclear Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-5690)
CVE-2018-5690
CWE-707
Medium
Dotclear Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-27626)
CVE-2024-27626
CWE-707
Medium
Dotclear Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-3783)
CVE-2014-3783
CWE-138
Medium
Dotclear Other Vulnerability (CVE-2005-3957)
CVE-2005-3957
-
Critical
Dotclear Other Vulnerability (CVE-2005-3963)
CVE-2005-3963
-
High
Dotclear Other Vulnerability (CVE-2006-2866)
CVE-2006-2866
-
Medium
Dotclear Other Vulnerability (CVE-2006-3938)
CVE-2006-3938
-
Medium
Dotclear Other Vulnerability (CVE-2007-1989)
CVE-2007-1989
-
Medium
Dotclear Other Vulnerability (CVE-2007-3672)
CVE-2007-3672
-
Medium
Dotclear Other Vulnerability (CVE-2007-3688)
CVE-2007-3688
-
Low
Dotclear Other Vulnerability (CVE-2014-3782)
CVE-2014-3782
-
Medium
Dotclear Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-1584)
CVE-2011-1584
CWE-264
Medium
Dotclear Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-5083)
CVE-2011-5083
CWE-264
High
Dotclear Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-7903)
CVE-2016-7903
CWE-264
Low
Dotclear Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2016-7902)
CVE-2016-7902
CWE-434
High
Dotclear Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2016-9268)
CVE-2016-9268
CWE-434
High
Dotclear Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-53952)
CVE-2023-53952
CWE-434
High
Dotclear Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2024-58281)
CVE-2024-58281
CWE-434
High
DotCMS unrestricted file upload (CVE-2022-26352)
CVE-2022-26352
CWE-434
High
Dotenv .env file
-
CWE-538
High
DotNetNuke multiple vulnerabilities
CVE-2012-1030
CWE-79
High
Dragonfly Arbitrary File Read/Write (CVE-2021-33564)
CVE-2021-33564
CWE-20
High
Drupal 7 arbitrary PHP code execution and information disclosure
CVE-2012-4554
CWE-434
High
Drupal 7PK - Security Features Vulnerability (CVE-2016-3163)
CVE-2016-3163
-
High
Drupal 7PK - Security Features Vulnerability (CVE-2016-3168)
CVE-2016-3168
-
Medium
Drupal Backup Migrate directory publicly accessible
-
CWE-538
High
Drupal configuration file weak file permissions
-
CWE-732
Medium
Drupal Configuration Vulnerability (CVE-2008-6171)
CVE-2008-6171
-
Critical
Drupal Core 4.5.x Cross-Site Scripting (4.5.0 - 4.5.1)
CVE-2005-0682
CWE-79
High
Drupal Core 4.5.x Cross-Site Scripting (4.5.0 - 4.5.5)
CVE-2005-3973
CWE-79
High
Drupal Core 4.5.x Cross-Site Scripting (4.5.0 - 4.5.7)
CVE-2006-1226
CWE-79
High
Drupal Core 4.5.x Mail Header Injection (4.5.0 - 4.5.7)
-
CWE-20
High
Drupal Core 4.5.x Multiple Vulnerabilities (4.5.0 - 4.5.5)
-
CWE-113
High
Drupal Core 4.5.x Security Bypass (4.5.0 - 4.5.7)
-
CWE-264
High
Drupal Core 4.5.x Session Fixation (4.5.0 - 4.5.7)
-
CWE-384
High
Drupal Core 4.6.x Arbitrary Code Execution (4.6.0 - 4.6.6)
CVE-2006-2743
CWE-95
High
Drupal Core 4.6.x Arbitrary Code Execution (4.6.0 - 4.6.7)
CVE-2006-2831
CWE-95
High
Drupal Core 4.6.x Cross-Site Request Forgery (4.6.0 - 4.6.9)
CVE-2006-5476
CWE-352
High