🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
Documentation
Get a demo
Home
/
Web Application Vulnerabilities
/ High Severity
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
High Severity Vulnerabilities
Found
13053 vulnerabilities
at
High
severity.
Vulnerability Name
CVE
CWE
Severity
Apache Tomcat insecure default administrative password
CVE-2009-3548
CWE-798
High
Bazaar repository found
-
CWE-538
High
ColdFusion 8 FCKEditor file upload vulnerability
CVE-2009-2265
CWE-22
High
Unrestricted File Upload
-
CWE-434
High
Cross-site Scripting via File Upload
-
CWE-79
High
GIT Detected exposed
-
CWE-527
High
JBoss BSHDeployer MBean
-
CWE-200
High
JBoss HttpAdaptor JMXInvokerServlet
-
CWE-94
High
JBoss JMX management console
-
CWE-200
High
JBoss ServerInfo MBean
CVE-2010-0738
CWE-200
High
JBoss Server MBean
-
CWE-200
High
JBoss JMX Console Unrestricted Access
-
CWE-200
High
JBoss Web Console JMX Invoker
-
CWE-200
High
Mercurial repository found
-
CWE-538
High
RSA Private Key Detected
-
CWE-200
High
SVN Detected
-
CWE-538
High
TinyMCE ajax_create_folder remote code execution vulnerability
-
CWE-94
High
Unprotected phpMyAdmin interface
-
CWE-205
High
Uploadify arbitrary file upload
-
CWE-434
High
phpThumb() fltr[] parameter command injection vulnerability
CVE-2010-1598
CWE-20
High
Apache solr service exposed
-
CWE-200
High
ColdFusion 9 solr service exposed
CVE-2010-0185
CWE-306
High
VMware directory traversal and privilege escalation vulnerabilities
CVE-2009-3733
CWE-22
High
Padding oracle attack
-
CWE-209
High
OpenX arbitrary file upload
CVE-2009-4140
CWE-434
High
XML entity injection
-
CWE-611
High
XML external entity injection and XML injection
-
CWE-611
High
XML external entity injection
-
CWE-611
High
XML External Entity Injection via external file
-
CWE-611
High
XML external entity injection via File Upload
-
CWE-611
High
XML external entity injection (variant)
-
CWE-611
High
Elmah.axd / Errorlog.axd Detected
-
CWE-209
High
Nginx PHP code execution via FastCGI
-
CWE-94
High
Insecure Transportation Security Protocol Supported (TLS 1.0)
-
CWE-326
High
Remote File Inclusion (admin/lang.php) (CMS Made Simple)
CVE-2005-2846
-
High
SQL Injection (stylesheet.php) (CMS Made Simple)
CVE-2007-2473
CWE-89
High
Web Server Cache Poisoning (CMS Made Simple) v2.x
CVE-2016-2784
CWE-20
High
Directory Traversal (lib/translation.functions.php) (CMS Made Simple) v1.6.x
CVE-2010-2797
CWE-22
High
Directory Traversal (lib/translation.functions.php) (CMS Made Simple) v1.8.x
CVE-2010-2797
CWE-22
High
Microsoft IIS 6.0 WebDAV Buffer Overflow
CVE-2017-7269
CWE-287
High
Apache Struts2 Remote Command Execution (S2-048)
CVE-2017-9791
CWE-94
High
Apache Struts2 Remote Command Execution (S2-052)
CVE-2017-9805
CWE-94
High
Atlassian Confluence information disclosure
CVE-2017-7415
-
High
Joomla! Core Security Bypass
CVE-2017-11364
-
High
Tiki Wiki CMS: Arbitrary File Download
-
-
High
Tiki Wiki CMS: Remote Code Execution via Calendar Module
-
-
High
Tiki Wiki CMS: Arbitrary Code Execution
-
-
High
Amazon S3 publicly writable bucket
-
CWE-732
High
Apache Shiro Deserialization RCE
CVE-2016-4437
CWE-78
High
Apache Tomcat Information Disclosure CVE-2017-7674
CVE-2017-12616
CWE-200
High
Atlassian Jira insecure REST permissions
-
-
High
Atlassian OAuth Plugin IconUriServlet SSRF
CVE-2017-9506
CWE-918
High
Auxiliary systems SSRF
-
CWE-918
High
Flex BlazeDS AMF Deserialization RCE
CVE-2017-5641
CWE-502
High
Cisco Adaptive Security Appliance (ASA) Path Traversal (CVE-2018-0296)
CVE-2018-0296
CWE-22
High
ColdFusion AMF Deserialization RCE
CVE-2017-3066
CWE-502
High
ColdFusion Arbitrary File Upload
CVE-2018-15961
CWE-434
High
ColdFusion JNDI injection RCE
CVE-2018-15957
CWE-502
High
Drupal Backup Migrate directory publicly accessible
-
CWE-538
High
Drupal Remote Code Execution (SA-CORE-2018-002)
CVE-2018-7600
CWE-94
High
Drupal Remote Code Execution (SA-CORE-2018-004)
CVE-2018-7602
CWE-94
High
JBoss InvokerTransformer Remote Code Execution
CVE-2015-7501
CWE-502
High
Jboss Application Server HTTPServerILServlet.java remote code execution
CVE-2017-7504
CWE-502
High
JavaMelody XML External Entity (XXE) vulnerability
CVE-2018-15531
CWE-611
High
Deserialization of Untrusted Data (Java JSON Deserialization) Fastjson
-
CWE-502
High
Deserialization of Untrusted Data (Java JSON Deserialization) Genson
-
CWE-502
High
Deserialization of Untrusted Data (Java JSON Deserialization) Jackson
CVE-2017-7525
CWE-502
High
Deserialization of Untrusted Data (Java JSON Deserialization) JsonIO
-
CWE-502
High
Deserialization of Untrusted Data (Java Object Deserialization)
-
CWE-502
High
Liferay TunnelServlet Deserialization Remote Code Execution
-
CWE-502
High
Liferay version older than 7.0
-
CWE-502
High
Path traversal via misconfigured NGINX alias
-
CWE-22
High
Paperclip gem SSRF (Server side request forgery)
CVE-2017-0889
CWE-918
High
Python pickle serialization
-
CWE-502
High
Rails Asset Pipeline Directory Traversal Vulnerability
CVE-2018-3760
CWE-22
High
« Previous
1
2
3
4
5
6
7
8
9
...
175
Next »
