Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

High Severity Vulnerabilities

Found 13053 vulnerabilities at High severity.

Vulnerability Name
CVE
CWE
Severity
Gunicorn Improper Neutralization of CRLF Sequences ('CRLF Injection') Vulnerability (CVE-2018-1000164)
CVE-2018-1000164
CWE-707
High
Jboss EAP Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-1000180)
CVE-2018-1000180
CWE-327
High
WebLogic Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-1000180)
CVE-2018-1000180
CWE-327
High
Jenkins Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-1000194)
CVE-2018-1000194
CWE-22
High
Artifactory Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-1000206)
CVE-2018-1000206
CWE-352
High
MODX Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2018-1000207)
CVE-2018-1000207
CWE-732
High
MODX Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-1000208)
CVE-2018-1000208
CWE-22
High
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1000410)
CVE-2018-1000410
CWE-200
High
Artifactory Insufficiently Protected Credentials Vulnerability (CVE-2018-1000424)
CVE-2018-1000424
CWE-522
High
MyBB Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2018-1000502)
CVE-2018-1000502
CWE-829
High
Artifactory Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-1000623)
CVE-2018-1000623
CWE-22
High
Jboss EAP XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2018-1000632)
CVE-2018-1000632
CWE-91
High
LimeSurvey Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-1000658)
CVE-2018-1000658
CWE-434
High
LimeSurvey Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-1000659)
CVE-2018-1000659
CWE-22
High
WordPress Improper Input Validation Vulnerability (CVE-2018-1000773)
CVE-2018-1000773
CWE-20
High
Jenkins Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-1000863)
CVE-2018-1000863
CWE-22
High
WeBid Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-1000867)
CVE-2018-1000867
CWE-138
High
WeBid Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-1000882)
CVE-2018-1000882
CWE-22
High
Frontaccounting Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-1000890)
CVE-2018-1000890
CWE-138
High
Dolibarr Missing Authorization Vulnerability (CVE-2018-10092)
CVE-2018-10092
CWE-862
High
phpMyAdmin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-10188)
CVE-2018-10188
CWE-352
High
PHP Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-10546)
CVE-2018-10546
CWE-835
High
PHP NULL Pointer Dereference Vulnerability (CVE-2018-10548)
CVE-2018-10548
CWE-476
High
PHP Out-of-bounds Read Vulnerability (CVE-2018-10549)
CVE-2018-10549
CWE-125
High
Liferay Portal Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-10795)
CVE-2018-10795
CWE-434
High
Moodle CVE-2018-10891 Vulnerability (CVE-2018-10891)
CVE-2018-10891
-
High
Jolokia Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-10899)
CVE-2018-10899
CWE-352
High
PostgreSQL Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-10915)
CVE-2018-10915
CWE-138
High
PostgreSQL Incorrect Authorization Vulnerability (CVE-2018-10925)
CVE-2018-10925
CWE-863
High
WebLogic Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2018-11040)
CVE-2018-11040
CWE-829
High
Joomla Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-11322)
CVE-2018-11322
CWE-434
High
Joomla Improper Privilege Management Vulnerability (CVE-2018-11323)
CVE-2018-11323
CWE-269
High
Opencart Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-11494)
CVE-2018-11494
CWE-22
High
Apache Traffic Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-11783)
CVE-2018-11783
CWE-200
High
Perl Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2018-12015)
CVE-2018-12015
CWE-59
High
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2018-12022)
CVE-2018-12022
CWE-502
High
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2018-12023)
CVE-2018-12023
CWE-502
High
Phusion Passenger Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-12027)
CVE-2018-12027
CWE-200
High
Phusion Passenger Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2018-12028)
CVE-2018-12028
CWE-732
High
Phusion Passenger Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2018-12029)
CVE-2018-12029
CWE-362
High
Jetty Session Fixation Vulnerability (CVE-2018-12538)
CVE-2018-12538
CWE-384
High
phpMyAdmin Improper Authentication Vulnerability (CVE-2018-12613)
CVE-2018-12613
CWE-287
High
Joomla Improper Input Validation Vulnerability (CVE-2018-12712)
CVE-2018-12712
CWE-20
High
WordPress Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-12895)
CVE-2018-12895
CWE-22
High
Opencart Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-13067)
CVE-2018-13067
CWE-352
High
concrete5 Server-Side Request Forgery (SSRF) Vulnerability (CVE-2018-13790)
CVE-2018-13790
CWE-918
High
Play Framework Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-13864)
CVE-2018-13864
CWE-22
High
WordPress Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-14028)
CVE-2018-14028
CWE-434
High
Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-14630)
CVE-2018-14630
CWE-94
High
Python Missing Initialization of Resource Vulnerability (CVE-2018-14647)
CVE-2018-14647
CWE-909
High
PHP Integer Overflow or Wraparound Vulnerability (CVE-2018-14883)
CVE-2018-14883
CWE-190
High
PHP NULL Pointer Dereference Vulnerability (CVE-2018-14884)
CVE-2018-14884
CWE-476
High
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-15132)
CVE-2018-15132
CWE-200
High
WebLogic CVE-2018-15756 Vulnerability (CVE-2018-15756)
CVE-2018-15756
-
High
Joomla CVE-2018-15881 Vulnerability (CVE-2018-15881)
CVE-2018-15881
-
High
e107 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-15901)
CVE-2018-15901
CWE-352
High
e107 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-16388)
CVE-2018-16388
CWE-434
High
Ruby CVE-2018-16396 Vulnerability (CVE-2018-16396)
CVE-2018-16396
-
High
Ruby on Rails Deserialization of Untrusted Data Vulnerability (CVE-2018-16476)
CVE-2018-16476
CWE-502
High
Nexus Repository Manager Incorrect Authorization Vulnerability (CVE-2018-16620)
CVE-2018-16620
CWE-863
High
Nexus Repository Manager Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') Vulnerability (CVE-2018-16621)
CVE-2018-16621
CWE-138
High
phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-16650)
CVE-2018-16650
CWE-352
High
phpMyFAQ Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2018-16651)
CVE-2018-16651
CWE-1236
High
Nginx Uncontrolled Resource Consumption Vulnerability (CVE-2018-16843)
CVE-2018-16843
CWE-400
High
Nginx Uncontrolled Resource Consumption Vulnerability (CVE-2018-16844)
CVE-2018-16844
CWE-400
High
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-16854)
CVE-2018-16854
CWE-352
High
Oracle HTTP Server Out-of-bounds Read Vulnerability (CVE-2018-16890)
CVE-2018-16890
CWE-125
High
Apache HTTP Server Session Fixation Vulnerability (CVE-2018-17199)
CVE-2018-17199
CWE-384
High
Joomla Improper Privilege Management Vulnerability (CVE-2018-17855)
CVE-2018-17855
CWE-269
High
Joomla CVE-2018-17856 Vulnerability (CVE-2018-17856)
CVE-2018-17856
-
High
Joomla Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-17858)
CVE-2018-17858
CWE-352
High
osCommerce Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-18572)
CVE-2018-18572
CWE-434
High
osCommerce Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-18573)
CVE-2018-18573
CWE-94
High
Jenkins Improper Input Validation Vulnerability (CVE-2018-1999001)
CVE-2018-1999001
CWE-20
High
Jenkins Improper Input Validation Vulnerability (CVE-2018-1999002)
CVE-2018-1999002
CWE-20
High