Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.3.2229

Critical Severity Vulnerabilities

Found 1560 vulnerabilities at Critical severity.

Vulnerability Name
CVE
CWE
Severity
Command Injection
-
CWE-94
Critical
SQL Injection
-
CWE-89
Critical
SQL injection in the authentication header
-
CWE-89
Critical
Code Evaluation (ASP)
-
CWE-95
Critical
Code Evaluation (PHP)
-
CWE-94
Critical
Code Evaluation (Perl)
-
CWE-94
Critical
Code Evaluation (Ruby)
-
CWE-94
Critical
Bash code injection vulnerability
CVE-2014-6271
CWE-78
Critical
Malware Identified (SB)
-
CWE-506
Critical
Server-Side Request Forgery
-
CWE-918
Critical
Server-Side Template Injection
-
CWE-20
Critical
Code Evaluation (Apache Struts) S2-016
CVE-2013-2251
CWE-20
Critical
Apache Struts2 remote code execution vulnerability
CVE-2016-0785
CWE-78
Critical
Code Evaluation (Apache Struts) S2-045
CVE-2017-5638
CWE-94
Critical
Apache Struts2 Remote Command Execution (S2-053)
CVE-2017-12611
CWE-94
Critical
GhostScript RCE (Remote Code Execution)
CVE-2016-3714
CWE-78
Critical
Apache Log4j socket receiver deserialization vulnerability
CVE-2017-5645
CWE-502
Critical
Code Evaluation (Python)
-
CWE-95
Critical
Oracle WebLogic Remote Code Execution (CVE-2020-14882)
CVE-2020-14883
CWE-78
Critical
Apache Log4j2 JNDI Remote Code Execution
CVE-2021-44228
CWE-78
Critical
Apache Log4j2 JNDI Remote Code Execution (404 page handler)
CVE-2021-44228
CWE-78
Critical
Apache Log4j2 JNDI Remote Code Execution (per folder)
CVE-2021-44228
CWE-78
Critical
Apache Log4j2 JNDI Remote Code Execution (delayed)
CVE-2021-44228
CWE-78
Critical
Remote Code Execution (Spring4Shell)
CVE-2022-22965
CWE-94
Critical
Text4shell: Apache Commons Text RCE via insecure interpolation
CVE-2022-42889
CWE-94
Critical
ActiveMQ OpenWire RCE (CVE-2023-46604)
CVE-2023-46604
CWE-502
Critical
Cisco IOS XE Web UI Authentication Bypass (CVE-2023-20198)
CVE-2023-20198
CWE-287
Critical
Cisco IOS XE Web UI Implant (CVE-2023-20198)
CVE-2023-20198
CWE-912
Critical
Broken access control in Confluence Server and Data Center (CVE-2023-22515)
CVE-2023-22515
CWE-284
Critical
Improper Authorization in Confluence Server and Data Center (CVE-2023-22518)
CVE-2023-22518
CWE-284
Critical
Craft CMS RCE (CVE-2023-41892)
CVE-2023-41892
CWE-94
Critical
F5 BIG-IP Request Smuggling (CVE-2023-46747)
CVE-2023-46747
CWE-288
Critical
Juniper Junos OS J-Web RCE (CVE-2023-36845/CVE-2023-36846)
CVE-2023-36846
CWE-473
Critical
OwnCloud phpinfo Information Disclosure (CVE-2023-49103)
CVE-2023-49103
CWE-200
Critical
SharePoint Authentication bypass (CVE-2023-29357)
CVE-2023-29357
CWE-287
Critical
Sitecore XP TemplateParser RCE (CVE-2023-35813)
CVE-2023-35813
CWE-94
Critical
TeamCity Authentication Bypass (CVE-2023-42793)
CVE-2023-42793
CWE-287
Critical
TorchServe Management API SSRF (CVE-2023-43654)
CVE-2023-43654
CWE-918
Critical
WS_FTP AHT Deserialization RCE (CVE-2023-40044)
CVE-2023-40044
CWE-502
Critical
Citrix NetScaler Memory Disclosure 'Citrix Bleed' (CVE-2023-4966)
CVE-2023-4966
CWE-119
Critical
ColdFusion WDDX Deserialization RCE (CVE-2023-29300/CVE-2023-38203/CVE-2023-38204)
CVE-2023-38204
CWE-502
Critical
Adobe Commerce/Magento "CosmicSting" XXE (CVE-2024-34102)
CVE-2024-34102
CWE-611
Critical
IBM Aspera Faspex RCE (CVE-2022-47986)
CVE-2022-47986
CWE-502
Critical
Jira Seraph Authentication Bypass (CVE-2022-0540)
CVE-2022-0540
CWE-288
Critical
CData Jetty Path Traversal (CVE-2024-31848/CVE-2024-31849/CVE-2024-31850/CVE-2024-31851)
CVE-2024-31851
CWE-22
Critical
Cacti Unauthenticated Command Injection (CVE-2022-46169)
CVE-2022-46169
CWE-77
Critical
ChatGPT-Next-Web SSRF (CVE-2023-49785)
CVE-2023-49785
CWE-918
Critical
Check Point Gateway Path Traversal (CVE-2024-24919)
CVE-2024-24919
CWE-22
Critical
Cleo Harmony/VLTrader/LexiCom RCE (CVE-2024-50623, CVE-2024-55956)
CVE-2024-55956
CWE-434
Critical
CloudPanel file-manager Auth bypass (CVE-2023-35885)
CVE-2023-35885
CWE-565
Critical
Unauthenticated OGNL injection in Confluence Server and Data Center (CVE-2023-22527)
CVE-2023-22527
CWE-917
Critical
CrushFTP SSTI (CVE-2024-4040)
CVE-2024-4040
CWE-94
Critical
CyberPanel RCE (CVE-2024-51567/CVE-2024-51568/CVE-2024-51378)
CVE-2024-51378
CWE-306
Critical
D-Link NAS Backdoor Account RCE (CVE-2024-3273, CVE-2024-3272)
CVE-2024-3272
CWE-77
Critical
Flowise Authentication Bypass (CVE-2024-31621)
CVE-2024-31621
CWE-287
Critical
Fortinet Out-Of-Bound Memory Write RCE (CVE-2024-21762)
CVE-2024-21762
CWE-787
Critical
GeoServer RCE (CVE-2024-36401)
CVE-2024-36401
CWE-94
Critical
GlobalProtect PAN-OS RCE (CVE-2024-3400)
CVE-2024-3400
CWE-77
Critical
GoAnywhere MFT Authentication Bypass (CVE-2024-0204)
CVE-2024-0204
CWE-425
Critical
IBM ODM JNDI injection (CVE-2024-22319)
CVE-2024-22319
CWE-74
Critical
Ivanti CSA Path Traversal (CVE-2024-8963/CVE-2024-8190)
CVE-2024-8190
CWE-22
Critical
RCE in Ivanti Connect Secure and Policy Secure (CVE-2024-21887)
CVE-2024-21887
CWE-77
Critical
Ivanti Sentry Authentication Bypass (CVE-2023-38035)
CVE-2023-38035
CWE-863
Critical
Ivanti vTM Auth bypass (CVE-2024-7593)
CVE-2024-7593
CWE-287
Critical
Mura/Masa CMS SQLi (CVE-2024-32640)
CVE-2024-32640
CWE-89
Critical
Mura/Masa CMS JSON API RCE
-
CWE-200
Critical
Apache OFBiz Authentication Bypass (CVE-2023-51467)
CVE-2023-51467
CWE-287
Critical
Apache OFBiz RCE (CVE-2024-32113/CVE-2024-36104/CVE-2024-38856)
CVE-2024-38856
CWE-22
Critical
Apache OFBiz RCE (CVE-2024-45195)
CVE-2024-45195
CWE-425
Critical
Apache OFBiz SSRF (CVE-2024-45507)
CVE-2024-45507
CWE-918
Critical
OpenMetadata Authentication Bypass (CVE-2024-28255)
CVE-2024-28255
CWE-287
Critical
PHP CGI Argument Injection (CVE-2024-4577)
CVE-2024-4577
CWE-78
Critical
PaloAlto Networks Expedition RCE (CVE-2024-9463)
CVE-2024-9465
CWE-918
Critical
Palo Alto PAN-OS Management Interface Auth Bypass (CVE-2024-0012/CVE-2024-9474)
CVE-2024-9474
CWE-306
Critical
PaperCut NG/MF Path Traversal (CVE-2023-39143)
CVE-2023-39143
CWE-22
Critical