🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
Documentation
Get a demo
Home
/
Web Application Vulnerabilities
/ High Severity
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
High Severity Vulnerabilities
Found
13053 vulnerabilities
at
High
severity.
Vulnerability Name
CVE
CWE
Severity
MobileIron Log4Shell RCE
CVE-2021-44228
CWE-78
High
node-serialize Insecure Deserialization
CVE-2017-5941
CWE-502
High
Apache OFBiz Log4Shell RCE
CVE-2021-44228
CWE-78
High
Oracle ADF Faces 'Miracle' RCE (CVE-2022-21445)
CVE-2022-21445
CWE-502
High
Pentaho API Auth bypass (CVE-2021-31602)
CVE-2021-31602
CWE-863
High
Struts2 Development Mode Enabled
-
CWE-489
High
Symfony weak application secret
-
CWE-94
High
Weak WordPress security key
-
CWE-326
High
SolarWinds Orion API Auth bypass (CVE-2020-10148)
CVE-2020-10148
CWE-287
High
Swagger UI DOM XSS vulnerability
-
CWE-80
High
Ubiquiti Unifi Log4Shell RCE
CVE-2021-44228
CWE-78
High
VMware Horizon Log4Shell RCE
CVE-2021-44228
CWE-78
High
VMware vCenter Log4Shell RCE
CVE-2021-44228
CWE-78
High
VMware vCenter vcavbootstrap Arbitrary File Read
-
-
High
VMware Workspace ONE Access SSTI (CVE-2022-22954)
CVE-2022-22954
CWE-94
High
Appwrite favicon SSRF (CVE-2023-27159)
CVE-2023-27159
CWE-918
High
Cloud metadata publicly exposed
-
CWE-918
High
Consul API publicly exposed
-
CWE-200
High
Metabase RCE (CVE-2023-38646)
CVE-2023-38646
CWE-20
High
OpenCms Chemistry Solr XML External Entity (XXE) vulnerability (CVE-2023-42346)
CVE-2023-42346
CWE-611
High
OpenCms Chemistry XML External Entity (XXE) vulnerability (CVE-2023-42344)
CVE-2023-42344
CWE-611
High
Openfire Path Traversal (CVE-2023-32315)
CVE-2023-32315
CWE-22
High
Oracle Access Manager 'opensso' Deserialization RCE (CVE-2021-35587)
CVE-2021-35587
CWE-502
High
Qlik Sense Enterprise Auth Bypass (CVE-2023-41266)
CVE-2023-41266
CWE-20
High
SAP NW DI SSRF vulnerability (CVE-2021-33690)
CVE-2021-33690
CWE-918
High
Database User Has Admin Privileges
-
CWE-267
High
SSRF in Server-Side Rendering
-
CWE-918
High
Sangfor NGAF Authentication Bypass
-
CWE-287
High
Strapi Cognito provider Authentication Bypass (CVE-2023-22893)
CVE-2023-22893
CWE-287
High
TorchServe Management API publicly exposed
CVE-2023-43654
CWE-200
High
ZK Framework AuUploader Information Disclosure (CVE-2022-36537)
CVE-2022-36537
CWE-200
High
Code Evaluation (Apache Struts) S2-046
CVE-2017-5638
CWE-94
High
API Sensitive Data (PII) accessible without authentication
-
CWE-306
High
Citrix Gateway Open Redirect and XSS
CVE-2023-24487
CWE-79
High
ColdFusion CFC Deserialization RCE (CVE-2023-26359/CVE-2023-26360)
CVE-2023-26360
CWE-502
High
Fortinet FortiNAC RCE via arbitrary file upload
CVE-2022-39952
CWE-73
High
GeoServer SQLi (CVE-2023-25157)
CVE-2023-25157
CWE-89
High
Ivanti EPMM API Authentication bypass (CVE-2023-35078/CVE-2023-35082)
CVE-2023-35082
CWE-287
High
MinIO Information Disclosure (CVE-2023-28432)
CVE-2023-28432
CWE-200
High
Progress MOVEit Transfer SQL Injection
CVE-2023-34362
CWE-89
High
Case-Insensitive Routing Bypass in Express.js Application
-
CWE-287
High
Oracle E-Business Suite Unauthenticated Remote Code Execution
CVE-2022-21587
CWE-94
High
ROBOT Attack Detected (Strong Oracle)
-
-
High
ROBOT Attack Detected (Weak Oracle)
-
-
High
SAML Consumer Service XSLT injection
-
CWE-91
High
SAML Consumer Service XSS vulnerability
-
CWE-80
High
SAML Response without signature
-
CWE-347
High
No SAML Respose signature check
-
CWE-347
High
SAML Respose signature exclusion
-
CWE-347
High
Certificate is Signed Using a Weak Signature Algorithm
-
-
High
Web Cache Deception
-
-
High
WooCommerce Payments Authentication Bypass and Privilege Escalation
CVE-2023-28121
CWE-287
High
CRMEB SQL Injection (CVE-2024-36837)
CVE-2024-36837
CWE-89
High
Dolibarr Information Disclosure (CVE-2023-33568)
CVE-2023-33568
CWE-552
High
FastAdmin Path Traversal (CVE-2024-7928)
CVE-2024-7928
CWE-22
High
Ghost CMS Theme Path Traversal (CVE-2023-32235)
CVE-2023-32235
CWE-22
High
Grafana Snapshot Authentication Bypass (CVE-2021-39226)
CVE-2021-39226
CWE-287
High
Ivanti EPM SQLi RCE (CVE-2024-29824)
CVE-2024-29824
CWE-89
High
Authentication Bypass in Ivanti Connect Secure and Policy Secure (CVE-2023-46805)
CVE-2023-46805
CWE-287
High
SSRF in Ivanti Connect Secure, Policy Secure and Neurons (CVE-2024-21893)
CVE-2024-21893
CWE-918
High
Nexus Repository Manager 3 Path Traversal (CVE-2024-4956)
CVE-2024-4956
CWE-22
High
Apache OFBiz SSRF (CVE-2023-50968)
CVE-2023-50968
CWE-918
High
Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (CVE-2024-6387)
CVE-2024-6387
CWE-362
High
Polyfill.io Supply Chain Attack
-
-
High
Securepoint UTM (CVE-2023-22620, CVE-2023-22897)
CVE-2023-22897
CWE-863
High
Sitecore Arbitrary File Read (CVE-2024-46938)
CVE-2024-46938
CWE-200
High
Skype for Business SSRF (CVE-2023-41763)
CVE-2023-41763
CWE-918
High
SolarWinds Serv-U Directory Traversal (CVE-2024-28995)
CVE-2024-28995
CWE-22
High
TeamCity Authentication Bypass (CVE-2024-27199)
CVE-2024-27199
CWE-288
High
XWiki Platform RCE (CVE-2023-37462)
CVE-2023-37462
CWE-95
High
Apache HTTP Server Confusion Attacks
CVE-2023-38709
CWE-436
High
ColdFusion PMS Arbitrary File Read (CVE-2024-20767)
CVE-2024-20767
CWE-284
High
ColdFusion Access Control bypass (CVE-2023-29298/CVE-2023-38205)
CVE-2023-38205
CWE-284
High
GeoServer SSRF (CVE-2021-40822)
CVE-2021-40822
CWE-918
High
GeoServer WMS SSRF (CVE-2023-43795)
CVE-2023-43795
CWE-918
High
« Previous
1
...
5
6
7
8
9
10
11
12
...
175
Next »
