🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
Documentation
Get a demo
Home
/
Web Application Vulnerabilities
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.3.2229
Web Application Vulnerabilities
This page lists
24119 vulnerabilities
in
70 categories
.
Critical: 1560
High: 12984
Medium: 8644
Low: 865
Information: 66
Vulnerability Name
CVE
CWE
Severity
ATutor Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-1000004)
CVE-2017-1000004
CWE-138
Critical
ATutor Improper Privilege Management Vulnerability (CVE-2017-1000003)
CVE-2017-1000003
CWE-269
Critical
ATutor Incorrect Authorization Vulnerability (CVE-2019-16114)
CVE-2019-16114
CWE-863
Critical
ATutor Other Vulnerability (CVE-2014-9752)
CVE-2014-9752
-
Medium
ATutor Other Vulnerability (CVE-2015-7712)
CVE-2015-7712
-
Medium
ATutor Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-11446)
CVE-2019-11446
CWE-434
High
ATutor Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-12169)
CVE-2019-12169
CWE-434
High
ATutor Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-12170)
CVE-2019-12170
CWE-434
High
ATutor Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2021-43498)
CVE-2021-43498
CWE-640
High
Authentication Bypass in Ivanti Connect Secure and Policy Secure (CVE-2023-46805)
CVE-2023-46805
CWE-287
High
Authentication bypass via MongoDB operator injection
-
CWE-943
High
Auxiliary systems SSRF
-
CWE-918
High
axios Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2025-58754)
CVE-2025-58754
CWE-770
High
axios Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-45857)
CVE-2023-45857
CWE-352
Medium
axios Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2026-25639)
CVE-2026-25639
CWE-754
High
axios Improper Input Validation Vulnerability (CVE-2019-10742)
CVE-2019-10742
CWE-20
High
axios Origin Validation Error Vulnerability (CVE-2024-57965)
CVE-2024-57965
CWE-346
Critical
axios Server-Side Request Forgery (SSRF) Vulnerability (CVE-2020-28168)
CVE-2020-28168
CWE-918
Medium
axios Server-Side Request Forgery (SSRF) Vulnerability (CVE-2024-39338)
CVE-2024-39338
CWE-918
High
axios Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-27152)
CVE-2025-27152
CWE-918
High
axios Uncontrolled Resource Consumption Vulnerability (CVE-2021-3749)
CVE-2021-3749
CWE-400
High
Axis development mode enabled in WEB-INF/server-config.wsdd
-
CWE-16
Medium
Axis system configuration listing enabled in WEB-INF/server-config.wsdd
-
CWE-16
Medium
Axway Secure Transport Improper Restriction of XML External Entity Reference Vulnerability (CVE-2019-14277)
CVE-2019-14277
CWE-611
Critical
b2evolution Credentials Management Errors Vulnerability (CVE-2016-9479)
CVE-2016-9479
-
High
b2evolution Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-7352)
CVE-2013-7352
CWE-352
Medium
b2evolution Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3709)
CVE-2011-3709
CWE-200
Medium
b2evolution Improper Input Validation Vulnerability (CVE-2017-1000423)
CVE-2017-1000423
CWE-20
Critical
b2evolution Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-5480)
CVE-2017-5480
CWE-22
High
b2evolution Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-5539)
CVE-2017-5539
CWE-22
Critical
b2evolution Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2007-0175)
CVE-2007-0175
CWE-707
Medium
b2evolution Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-5911)
CVE-2012-5911
CWE-707
Medium
b2evolution Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-9599)
CVE-2014-9599
CWE-707
Medium
b2evolution Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-7149)
CVE-2016-7149
CWE-707
Medium
b2evolution Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-7150)
CVE-2016-7150
CWE-707
Medium
b2evolution Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-5494)
CVE-2017-5494
CWE-707
Medium
b2evolution Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-5553)
CVE-2017-5553
CWE-707
Medium
b2evolution Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-22841)
CVE-2020-22841
CWE-707
Medium
b2evolution Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2016-8901)
CVE-2016-8901
CWE-138
Critical
b2evolution Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2021-28242)
CVE-2021-28242
CWE-138
High
b2evolution Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-5910)
CVE-2012-5910
CWE-138
Medium
b2evolution Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-2945)
CVE-2013-2945
CWE-138
Medium
b2evolution Other Vulnerability (CVE-2006-6197)
CVE-2006-6197
-
Medium
b2evolution Other Vulnerability (CVE-2006-6417)
CVE-2006-6417
-
High
b2evolution Other Vulnerability (CVE-2007-2358)
CVE-2007-2358
-
High
b2evolution Other Vulnerability (CVE-2007-2681)
CVE-2007-2681
-
High
b2evolution URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-22840)
CVE-2020-22840
CWE-601
Medium
b2evolution Use of Insufficiently Random Values Vulnerability (CVE-2022-30935)
CVE-2022-30935
CWE-330
Critical
Backbone.js Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-10537)
CVE-2016-10537
CWE-707
Medium
Barracuda networks products multiple directory traversal vulnerabilities
-
CWE-22
High
Bash code injection vulnerability
CVE-2014-6271
CWE-78
Critical
Basic authentication over HTTP
-
CWE-522
High
Bazaar repository found
-
CWE-538
High
Beego Framework CVE-2021-30080 Vulnerability (CVE-2021-30080)
CVE-2021-30080
-
Critical
Beego Framework CVE-2022-31259 Vulnerability (CVE-2022-31259)
CVE-2022-31259
-
Critical
Beego Framework Improper Certificate Validation Vulnerability (CVE-2024-40464)
CVE-2024-40464
CWE-295
High
Beego Framework Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-31836)
CVE-2022-31836
CWE-22
Critical
Beego Framework Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2021-27116)
CVE-2021-27116
CWE-59
High
Beego Framework Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2021-27117)
CVE-2021-27117
CWE-59
High
Beego Framework Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-39391)
CVE-2021-39391
CWE-707
Medium
Beego Framework Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-30223)
CVE-2025-30223
CWE-707
Critical
Beego Framework Incorrect Default Permissions Vulnerability (CVE-2019-16355)
CVE-2019-16355
CWE-276
Medium
Beego Framework Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2019-16354)
CVE-2019-16354
CWE-732
Medium
Beego Framework Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2024-40465)
CVE-2024-40465
CWE-327
High
Beego Framework Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2024-55885)
CVE-2024-55885
CWE-327
High
BeyondTrust Secure Remote Access Base XSS (CVE-2021-31589)
CVE-2021-31589
CWE-79
Medium
BigIP iRule Tcl code injection
-
CWE-78
High
BillQuick Web Suite SQL injection (CVE-2021-42258)
CVE-2021-42258
CWE-89
High
Bitrix galleries_recalc.php XSS
-
CWE-601
Medium
Bitrix open redirect
-
CWE-601
Medium
Bitrix server test script publicly accessible
-
CWE-200
Medium
Blind XSS
-
CWE-80
High
Bonita Authorization Bypass (CVE-2022-25237)
CVE-2022-25237
CWE-863
High
Bootstrap Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-10735)
CVE-2016-10735
CWE-707
Medium
Bootstrap Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-14040)
CVE-2018-14040
CWE-707
Medium
«
1
...
15
16
17
...
322
»
