🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
Documentation
Get a demo
Home
/
Web Application Vulnerabilities
/ High Severity
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
High Severity Vulnerabilities
Found
13053 vulnerabilities
at
High
severity.
Vulnerability Name
CVE
CWE
Severity
FCKeditor spellchecker.php cross site scripting vulnerability
CVE-2012-4000
CWE-79
High
Arbitrary local file read via file upload
-
CWE-200
High
Flask debug mode
-
CWE-489
High
The GHOST Vulnerability
CVE-2015-0235
CWE-119
High
Cross-site scripting vulnerability in Google Web Toolkit
CVE-2012-4563
CWE-80
High
Cross-site scripting vulnerability in Google Web Toolkit (CVE-2012-5920)
CVE-2012-5920
CWE-80
High
Multiple XSS vulnerabilities in Google Web Toolkit
CVE-2013-4204
CWE-80
High
Genericons DOM-based XSS vulnerability
-
CWE-80
High
Oracle Sun GlassFish/Java System Application Server Remote Authentication Bypass Vulnerability
CVE-2011-0807
CWE-287
High
Method Tampering
-
CWE-285
High
HTTP verb tampering via POST
-
CWE-285
High
The Heartbleed Bug
CVE-2014-0160
CWE-200
High
Horde remote code execution
CVE-2014-1691
CWE-94
High
IBM Web Content Manager XPath injection
CVE-2013-6735
CWE-643
High
ImageMagick remote code execution
CVE-2016-3714
CWE-78
High
Multiple vulnerabilities in Ioncube loader-wizard.php
-
CWE-552
High
JAAS authentication bypass
-
CWE-693
High
JBoss Seam framework remote code execution
CVE-2010-1871
CWE-94
High
JBoss Seam remoting vulnerabilities
CVE-2013-6448
CWE-611
High
HipChat for JIRA plugin - Velocity template injection
CVE-2015-5603
CWE-94
High
JIRA Security Advisory 2012-08-28
-
CWE-79
High
JIRA Security Advisory 2013-02-21
-
CWE-22
High
JIRA Security Advisory 2014-02-26
-
CWE-22
High
JSP authentication bypass
-
CWE-287
High
Java Debug Wire Protocol remote code execution
-
CWE-94
High
JetLeak vulnerability
CVE-2015-2080
CWE-200
High
Jetpack 2.9.3: Critical Security Update
CVE-2014-0173
CWE-287
High
Joomla 1.5 end of life
-
CWE-1104
High
Joomla! core remote file inclusion
CVE-2014-7228.xml
CWE-98
High
Joomla! remote code execution vulnerability
CVE-2015-8562
CWE-94
High
Joomla! JCE arbitrary file upload
-
CWE-20
High
Joomla! JomSocial remote code execution
-
CWE-94
High
Joomla! component Kunena Forum multiple vulnerabilities
CVE-2014-9103
CWE-89
High
Joomla! 3.2.1 sql injection
-
CWE-89
High
Joomla! v3.2.2 SQL injection
-
CWE-89
High
Joomla! SQL injection vulnerability
CVE-2015-7858
CWE-89
High
Long password denial of service
-
CWE-400
High
HTTP.sys remote code execution vulnerability
CVE-2015-1635
CWE-119
High
Security vulnerability in MySQL/MariaDB sql/password.c
CVE-2012-2122
CWE-287
High
Magento Cacheleak
-
CWE-200
High
Magento remote code execution
CVE-2015-1399
CWE-94
High
MantisBT multiple security issues
CVE-2015-1042
CWE-200
High
MediaWiki remote code execution
CVE-2014-1610
CWE-20
High
MediaWiki SVG cross-site scripting vulnerability
-
CWE-79
High
MediaWiki chunked uploads security issue
CVE-2013-2114
CWE-434
High
Minify arbitrary file disclosure
CVE-2013-6619
CWE-538
High
Misfortune Cookie vulnerability
CVE-2014-9222
CWE-119
High
MongoDB injection
-
CWE-943
High
Moveable Type 4.x unauthenticated remote command execution
CVE-2013-0209
CWE-287
High
MovableType remote code execution
CVE-2015-1592
CWE-94
High
MySQL connection credentials
-
CWE-538
High
Nagios core config manager SQL injection vulnerability
CVE-2013-6875
CWE-89
High
Server-side JavaScript injection
-
CWE-20
High
OpenX xajaxargs SQL injection vulnerability
-
CWE-89
High
Oracle JavaServer Faces multiple vulnerabilities
CVE-2013-3827
CWE-22
High
Oracle Reports rwservlet vulnerabilities
CVE-2012-3153
CWE-20
High
PHP-CGI remote code execution
CVE-2012-2311
CWE-20
High
Multiple vulnerabilities reported in Parallels Plesk Sitebuilder
-
CWE-94
High
Path Traversal in Oracle GlassFish server open source edition
-
CWE-22
High
Parallels Plesk SQL injection vulnerability
CVE-2012-1557
CWE-89
High
Parallels Plesk SSO XML External Entity and Cross-site scripting
-
CWE-611
High
PrimeFaces 5.x Expression Language injection
CVE-2017-1000486
-
High
Railo administration panel cross-site scripting
-
CWE-80
High
Rails Devise authentication password reset
CVE-2013-0233
CWE-287
High
Rails mass assignment
-
CWE-915
High
Ruby on Rails SQL injection
CVE-2012-2695
CWE-89
High
RoR Database Configuration File Detected
-
CWE-538
High
Rails remote code execution using render :inline
CVE-2016-2098
CWE-94
High
Http redirect security bypass
-
CWE-20
High
Ruby on Rails directory traversal vulnerability
CVE-2014-0130
CWE-22
High
[Possible] Sublime SFTP Config File Detected
-
CWE-200
High
Insecure Transportation Security Protocol Supported (SSLv2)
-
CWE-326
High
Insecure Transportation Security Protocol Supported (SSLv3)
-
CWE-326
High
Session fixation
-
CWE-384
High
Microsoft SharePoint XSS spoofing vulnerability
CVE-2015-2522
CWE-80
High
« Previous
1
2
3
4
5
6
7
8
9
...
175
Next »
