🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
Documentation
Get a demo
Home
/
Web Application Vulnerabilities
/ High Severity
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
High Severity Vulnerabilities
Found
13053 vulnerabilities
at
High
severity.
Vulnerability Name
CVE
CWE
Severity
Apache Solr Deserialization of untrusted data via jmx.serviceUrl
CVE-2019-0192
-
High
Atlassian Crowd Remote Code Execution
CVE-2019-11580
CWE-78
High
Malware Identified
-
-
High
Remote code execution in bootstrap-sass 3.2.0.3
CVE-2019-10842
CWE-95
High
Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability
CVE-2018-15440
CWE-80
High
Client-Side Prototype Pollution
-
-
High
Custom Vulnerability Alert
-
CWE-0
High
Docker Engine API is accessible without authentication
-
CWE-287
High
Docker Registry API is accessible without authentication
-
CWE-287
High
Drupal REST Remote Code Execution
CVE-2019-6340
CWE-78
High
FastCGI Unauthorized Access Vulnerability
-
CWE-78
High
Horde Imp Unauthenticated Remote Command Execution
CVE-2018-19518
CWE-94
High
Magento (2.2.0 to 2.3.0) Unauthenticated SQL Injection Vulnerability
CVE-2019-7139
CWE-89
High
Nagios XI Magpie_debug.php Unauthenticated RCE
CVE-2018-15708
CWE-94
High
Nagios XI Unauthenticated SQLi CVE-2018-8734
CVE-2018-8734
CWE-89
High
Arbitrary File Read in Next.js
-
CWE-22
High
File Content Disclosure in Action View
CVE-2019-5418
CWE-200
High
ThinkPHP v5.0.22/5.1.29 Remote Code Execution Vulnerability
-
CWE-94
High
Typo3 Restler 1.7.0 Local File Disclosure
-
CWE-22
High
uWSGI Unauthorized Access Vulnerability
-
CWE-78
High
vBulletin routestring Local File Inclusion
-
CWE-98
High
vBulletin 5.x 0day pre-auth RCE
-
CWE-94
High
Webmin v1.920 Unauhenticated Remote Command Execution
CVE-2019-15107
CWE-94
High
BigIP iRule Tcl code injection
-
CWE-78
High
Cisco Adaptive Security Appliance (ASA) Path Traversal CVE-2020-3452
CVE-2020-3452
CWE-20
High
DNN (DotNetNuke) CMS Cookie Deserialization RCE CVE-2017-9822
CVE-2017-9822
CWE-502
High
Deserialization of Untrusted Data (.NET BinaryFormatter Object Deserialization)
-
CWE-502
High
.NET HTTP Remoting publicly exposed
-
CWE-502
High
Kentico CMS Deserialization RCE
CVE-2019-10068
CWE-502
High
Kentico CMS RCE CVE-2017-17736
CVE-2017-17736
CWE-425
High
Oracle Business Intelligence AMF Deserialization RCE CVE-2020-2950
CVE-2020-2950
CWE-502
High
Oracle E-Business Suite Deserialization RCE
-
CWE-502
High
Oracle E-Business Suite SQL injection (CVE-2017-3549)
CVE-2017-3549
CWE-89
High
Oracle E-Business Suite SSRF (CVE-2017-10246)
CVE-2017-10246
CWE-918
High
Apache OFBiz XMLRPC Deserialization RCE (CVE-2020-9496/CVE-2023-49070)
CVE-2023-49070
CWE-502
High
Odoo LFI (CVE-2019-14322)
CVE-2019-14322
CWE-22
High
Unrestricted access to Odoo DB manager
-
CWE-200
High
Ruby on Rails DoubleTap RCE (CVE-2019-5420)
CVE-2019-5420
CWE-502
High
SAP IGS XXE (CVE-2018-2392, CVE-2018-2393)
CVE-2018-2393
CWE-611
High
SAP NetWeaver RECON CVE-2020-6287
CVE-2020-6287
CWE-287
High
Telerik Web UI Unrestricted File Upload (CVE-2014-2217)
CVE-2014-2217
CWE-78
High
Telerik Web UI Unrestricted File Upload (CVE-2017-11317)
CVE-2017-11317
CWE-78
High
Telerik Web UI Insecure Direct Object Reference
CVE-2017-11357
CWE-78
High
Telerik Web UI RadAsyncUpload Deserialization
CVE-2019-18935
CWE-78
High
Total.js Directory Traversal (CVE-2019-8903)
CVE-2019-8903
CWE-22
High
Apache Unomi MVEL RCE (CVE-2020-13942)
CVE-2020-13942
CWE-20
High
Web Cache Poisoning via Fat GET Request
-
CWE-44
High
Web Cache Poisoning via Host Header
-
CWE-44
High
Web Cache Poisoning via JSONP and UTM_ parameter
-
CWE-44
High
Web Cache Poisoning via POST Request
-
CWE-44
High
Oracle WebLogic Remote Code Execution via IIOP
CVE-2020-2551
CWE-502
High
Citrix ADC/Gateway Unauthenticated Remote Code Execution
CVE-2019-19781
CWE-22
High
Citrix XenMobile Server Path Traversal
CVE-2020-8209
CWE-22
High
F5 BIG-IP Traffic Management User Interface (TMUI) RCE
CVE-2020-5902
CWE-78
High
Grafana avatar SSRF
CVE-2020-13379
CWE-78
High
Jolokia XML External Entity (XXE) vulnerability
-
CWE-611
High
Unauthenticated Remote Code Execution via JSONWS in Liferay 6.1 (LPS-88051)
-
CWE-78
High
Unauthenticated Remote Code Execution via JSONWS in Liferay 7.2.0 CE GA1
CVE-2020-7961
CWE-78
High
MobileIron Remote Code Execution via LogService
CVE-2020-15505
CWE-78
High
Nette framework PHP code injection via callback
CVE-2020-15227
CWE-94
High
Unrestricted access to NGINX+ API interface (read write)
-
CWE-200
High
Openfire Admin Console Full Read SSRF
CVE-2019-18394
CWE-918
High
Remote code execution of user-provided local names in Rails
CVE-2020-8163
CWE-94
High
RCE in SQL Server Reporting Services (SSRS)
CVE-2020-0618
CWE-78
High
SonarQube default credentials
-
CWE-798
High
Directory Traversal with spring-cloud-config-server
CVE-2020-5410
CWE-22
High
Symfony RCE via weak/predictable APP_SECRET
-
CWE-94
High
vBulletin Pre-Auth RCE Vulnerability
CVE-2020-17496
CWE-94
High
vBulletin 5.6.1 nodeId SQL injection
CVE-2020-12720
CWE-94
High
Unauthenticated Arbitrary File Read vulnerability in VMware vCenter
-
CWE-22
High
WordPress Duplicator plugin Unauthenticated Arbitrary File Download
-
CWE-22
High
WordPress Theme OneTone: Unauthenticated Stored Cross-Site Scripting (XSS)
CVE-2019-17231
CWE-79
High
Cross site scripting (XSS) in ASP.NET via ResolveUrl
-
CWE-79
High
Agentejo Cockpit CMS resetpassword NoSQLi (CVE-2020-35847)
CVE-2020-35847
CWE-89
High
AppWeb Authentication Bypass (CVE-2018-8715)
CVE-2018-8715
CWE-287
High
« Previous
1
...
3
4
5
6
7
8
9
10
...
175
Next »
