🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Invicti vs. Competitors
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
MSSP
Documentation
Vulnerability Database
Get a demo
Home
/
Web Application Vulnerabilities
/ Known Vulnerabilities
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
Known Vulnerabilities
This page lists
14981 vulnerabilities
in this category.
Critical: 1612
High: 4015
Medium: 8569
Low: 783
Information: 2
Vulnerability Name
CVE
CWE
Severity
GlassFish Improper Authentication Vulnerability (CVE-2017-1000030)
CVE-2017-1000030
CWE-287
Critical
Oracle Application Server CVE-2007-5526 Vulnerability (CVE-2007-5526)
CVE-2007-5526
-
Critical
Zikula Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2016-9835)
CVE-2016-9835
CWE-138
Critical
Joomla Improper Access Control Vulnerability (CVE-2016-9836)
CVE-2016-9836
CWE-284
Critical
MySQL CVE-2016-9841 Vulnerability (CVE-2016-9841)
CVE-2016-9841
-
Critical
MySQL CVE-2016-9843 Vulnerability (CVE-2016-9843)
CVE-2016-9843
-
Critical
phpMyAdmin Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-9849)
CVE-2016-9849
CWE-264
Critical
WordPress Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2007-6013)
CVE-2007-6013
CWE-327
Critical
phpMyAdmin 7PK - Security Features Vulnerability (CVE-2016-9865)
CVE-2016-9865
-
Critical
phpMyAdmin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-9866)
CVE-2016-9866
CWE-352
Critical
PHP Out-of-bounds Read Vulnerability (CVE-2016-9935)
CVE-2016-9935
CWE-125
Critical
PHP Use After Free Vulnerability (CVE-2016-9936)
CVE-2016-9936
CWE-416
Critical
Telerik Web UI Missing Authorization Vulnerability (CVE-2021-28141)
CVE-2021-28141
CWE-862
Critical
MediaWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2017-0372)
CVE-2017-0372
CWE-138
Critical
Oracle Database Server CVE-2007-5531 Vulnerability (CVE-2007-5531)
CVE-2007-5531
-
Critical
Oracle Database Server CVE-2007-5530 Vulnerability (CVE-2007-5530)
CVE-2007-5530
-
Critical
Ruby Use of Externally-Controlled Format String Vulnerability (CVE-2017-0898)
CVE-2017-0898
CWE-134
Critical
XWikiplatform Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-46558)
CVE-2025-46558
CWE-707
Critical
Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-27903)
CVE-2021-27903
CWE-94
Critical
WebLogic CVE-2017-10137 Vulnerability (CVE-2017-10137)
CVE-2017-10137
-
Critical
math.js Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-1001002)
CVE-2017-1001002
CWE-94
Critical
OpenSSL Numeric Errors Vulnerability (CVE-2007-4995)
CVE-2007-4995
-
Critical
Pega Infinity Improper Authentication Vulnerability (CVE-2021-27651)
CVE-2021-27651
CWE-287
Critical
b2evolution Improper Input Validation Vulnerability (CVE-2017-1000423)
CVE-2017-1000423
CWE-20
Critical
Frontaccounting Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-5117)
CVE-2007-5117
CWE-94
Critical
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1000362)
CVE-2017-1000362
CWE-200
Critical
RubyGems Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-0899)
CVE-2017-0899
CWE-94
Critical
Jenkins Deserialization of Untrusted Data Vulnerability (CVE-2017-1000353)
CVE-2017-1000353
CWE-502
Critical
Python Integer Overflow or Wraparound Vulnerability (CVE-2017-1000158)
CVE-2017-1000158
CWE-190
Critical
ATutor Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-1000004)
CVE-2017-1000004
CWE-138
Critical
ATutor Improper Privilege Management Vulnerability (CVE-2017-1000003)
CVE-2017-1000003
CWE-269
Critical
ATutor Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-1000002)
CVE-2017-1000002
CWE-22
Critical
RubyGems Deserialization of Untrusted Data Vulnerability (CVE-2017-0903)
CVE-2017-0903
CWE-502
Critical
ReviveAdserver 7PK - Security Features Vulnerability (CVE-2016-9470)
CVE-2016-9470
-
Critical
XWikiplatform Missing Authorization Vulnerability (CVE-2025-46557)
CVE-2025-46557
CWE-862
Critical
Oracle Database Server CVE-2017-10282 Vulnerability (CVE-2017-10282)
CVE-2017-10282
-
Critical
Oracle Application Server CVE-2008-0349 Vulnerability (CVE-2008-0349)
CVE-2008-0349
-
Critical
Oracle Application Server CVE-2008-0346 Vulnerability (CVE-2008-0346)
CVE-2008-0346
-
Critical
Oracle Database Server CVE-2008-0346 Vulnerability (CVE-2008-0346)
CVE-2008-0346
-
Critical
Oracle Application Server CVE-2008-0347 Vulnerability (CVE-2008-0347)
CVE-2008-0347
-
Critical
Oracle Database Server CVE-2008-0347 Vulnerability (CVE-2008-0347)
CVE-2008-0347
-
Critical
Oracle Database Server CVE-2008-0348 Vulnerability (CVE-2008-0348)
CVE-2008-0348
-
Critical
Oracle Application Server CVE-2008-0348 Vulnerability (CVE-2008-0348)
CVE-2008-0348
-
Critical
Oracle Database Server CVE-2008-0349 Vulnerability (CVE-2008-0349)
CVE-2008-0349
-
Critical
Oracle Application Server CVE-2008-0345 Vulnerability (CVE-2008-0345)
CVE-2008-0345
-
Critical
PHP Use After Free Vulnerability (CVE-2016-9138)
CVE-2016-9138
CWE-416
Critical
PHP Use After Free Vulnerability (CVE-2016-9137)
CVE-2016-9137
CWE-416
Critical
Envoy Proxy Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-29492)
CVE-2021-29492
CWE-22
Critical
ReviveAdserver Session Fixation Vulnerability (CVE-2016-9125)
CVE-2016-9125
CWE-384
Critical
ReviveAdserver Improper Authentication Vulnerability (CVE-2016-9124)
CVE-2016-9124
CWE-287
Critical
PHP Incorrect Calculation of Buffer Size Vulnerability (CVE-2008-0599)
CVE-2008-0599
CWE-131
Critical
Oracle Database Server CVE-2008-0345 Vulnerability (CVE-2008-0345)
CVE-2008-0345
-
Critical
Oracle Database Server CVE-2008-0344 Vulnerability (CVE-2008-0344)
CVE-2008-0344
-
Critical
Internet Information Services Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-0075)
CVE-2008-0075
CWE-94
Critical
Jenkins Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') Vulnerability (CVE-2016-9299)
CVE-2016-9299
CWE-138
Critical
WebERP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-46052)
CVE-2025-46052
CWE-138
Critical
MyBB Improper Input Validation Vulnerability (CVE-2016-9420)
CVE-2016-9420
CWE-20
Critical
MyBB Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-9416)
CVE-2016-9416
CWE-138
Critical
MyBB Improper Access Control Vulnerability (CVE-2016-9412)
CVE-2016-9412
CWE-284
Critical
MyBB Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-9403)
CVE-2016-9403
CWE-264
Critical
MyBB Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-9402)
CVE-2016-9402
CWE-138
Critical
Oracle Database Server CVE-2008-0339 Vulnerability (CVE-2008-0339)
CVE-2008-0339
-
Critical
Oracle Application Server CVE-2008-0344 Vulnerability (CVE-2008-0344)
CVE-2008-0344
-
Critical
Oracle Database Server CVE-2008-0340 Vulnerability (CVE-2008-0340)
CVE-2008-0340
-
Critical
Oracle Application Server CVE-2008-0340 Vulnerability (CVE-2008-0340)
CVE-2008-0340
-
Critical
Oracle Database Server CVE-2008-0341 Vulnerability (CVE-2008-0341)
CVE-2008-0341
-
Critical
Oracle Database Server CVE-2008-0342 Vulnerability (CVE-2008-0342)
CVE-2008-0342
-
Critical
Oracle Application Server CVE-2008-0343 Vulnerability (CVE-2008-0343)
CVE-2008-0343
-
Critical
Oracle Database Server CVE-2008-0343 Vulnerability (CVE-2008-0343)
CVE-2008-0343
-
Critical
Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2021-26691)
CVE-2021-26691
CWE-787
Critical
Oracle JRE CVE-2017-10285 Vulnerability (CVE-2017-10285)
CVE-2017-10285
-
Critical
Python Integer Overflow or Wraparound Vulnerability (CVE-2016-9063)
CVE-2016-9063
CWE-190
Critical
Squid Out-of-bounds Write Vulnerability (CVE-2025-54574)
CVE-2025-54574
CWE-787
Critical
React Deserialization of Untrusted Data Vulnerability (CVE-2025-55182)
CVE-2025-55182
CWE-502
Critical
silverstripeCMS Other Vulnerability (CVE-2007-2321)
CVE-2007-2321
-
Critical
1
2
3
4
...
200
»