Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Known Vulnerabilities

This page lists 14673 vulnerabilities in this category.

Critical: 1573 High: 3882 Medium: 8446 Low: 770 Information: 2
Vulnerability Name
CVE
CWE
Severity
Squid Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2019-12525)
CVE-2019-12525
CWE-119
Critical
Squid Missing Authentication for Critical Function Vulnerability (CVE-2019-12524)
CVE-2019-12524
CWE-306
Critical
Squid Out-of-bounds Write Vulnerability (CVE-2019-12519)
CVE-2019-12519
CWE-787
Critical
PHP Use After Free Vulnerability (CVE-2019-13224)
CVE-2019-13224
CWE-416
Critical
MediaWiki Missing Authentication for Critical Function Vulnerability (CVE-2019-12468)
CVE-2019-12468
CWE-306
Critical
silverstripeCMS CVE-2019-12204 Vulnerability (CVE-2019-12204)
CVE-2019-12204
-
Critical
Joomla Deserialization of Untrusted Data Vulnerability (CVE-2019-11831)
CVE-2019-11831
CWE-502
Critical
Drupal Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-11831)
CVE-2019-11831
CWE-22
Critical
phpMyAdmin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-11768)
CVE-2019-11768
CWE-138
Critical
Atlassian Jira Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2019-11581)
CVE-2019-11581
CWE-138
Critical
Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-13082)
CVE-2019-13082
CWE-434
Critical
WebERP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-13292)
CVE-2019-13292
CWE-138
Critical
Lighttpd Integer Overflow or Wraparound Vulnerability (CVE-2019-11072)
CVE-2019-11072
CWE-190
Critical
Moodle CVE-2019-14880 Vulnerability (CVE-2019-14880)
CVE-2019-14880
-
Critical
ATutor Incorrect Authorization Vulnerability (CVE-2019-16114)
CVE-2019-16114
CWE-863
Critical
Craft CMS Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2019-15929)
CVE-2019-15929
CWE-640
Critical
MySQL Deserialization of Untrusted Data Vulnerability (CVE-2019-14893)
CVE-2019-14893
CWE-502
Critical
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-14893)
CVE-2019-14893
CWE-502
Critical
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-14892)
CVE-2019-14892
CWE-502
Critical
Jboss EAP Inadequate Encryption Strength Vulnerability (CVE-2019-14887)
CVE-2019-14887
CWE-326
Critical
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-14540)
CVE-2019-14540
CWE-502
Critical
Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-13363)
CVE-2019-13363
CWE-352
Critical
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-14540)
CVE-2019-14540
CWE-502
Critical
MySQL Deserialization of Untrusted Data Vulnerability (CVE-2019-14540)
CVE-2019-14540
CWE-502
Critical
YOURLS Access of Resource Using Incompatible Type ('Type Confusion') Vulnerability (CVE-2019-14537)
CVE-2019-14537
CWE-843
Critical
Jboss EAP Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability (CVE-2019-14379)
CVE-2019-14379
CWE-915
Critical
Axway Secure Transport Improper Restriction of XML External Entity Reference Vulnerability (CVE-2019-14277)
CVE-2019-14277
CWE-611
Critical
Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-14234)
CVE-2019-14234
CWE-138
Critical
Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-13364)
CVE-2019-13364
CWE-707
Critical
Contao Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-11512)
CVE-2019-11512
CWE-138
Critical
PHP Double Free Vulnerability (CVE-2019-11049)
CVE-2019-11049
CWE-415
Critical
LimeSurvey Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-7556)
CVE-2018-7556
CWE-200
Critical
Ruby Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-8780)
CVE-2018-8780
CWE-22
Critical
Serendipity Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2011-1134)
CVE-2011-1134
CWE-434
Critical
Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2011-1151)
CVE-2011-1151
CWE-138
Critical
Open Resty Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-9230)
CVE-2018-9230
CWE-138
Critical
Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-9019)
CVE-2018-9019
CWE-138
Critical
PrestaShop Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-8824)
CVE-2018-8824
CWE-138
Critical
PrestaShop Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-8823)
CVE-2018-8823
CWE-94
Critical
Jboss EAP CVE-2018-8088 Vulnerability (CVE-2018-8088)
CVE-2018-8088
-
Critical
Apache HTTP Server Use After Free Vulnerability (CVE-2019-10082)
CVE-2019-10082
CWE-416
Critical
Apache Tomcat Insecure Default Initialization of Resource Vulnerability (CVE-2018-8014)
CVE-2018-8014
CWE-1188
Critical
ClipBucket Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-7666)
CVE-2018-7666
CWE-138
Critical
ClipBucket Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-7665)
CVE-2018-7665
CWE-434
Critical
ClipBucket Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2018-7664)
CVE-2018-7664
CWE-138
Critical
Drupal CVE-2018-7602 Vulnerability (CVE-2018-7602)
CVE-2018-7602
-
Critical
Drupal Improper Input Validation Vulnerability (CVE-2018-7600)
CVE-2018-7600
CWE-20
Critical
PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2018-7584)
CVE-2018-7584
CWE-119
Critical
SharePoint Improper Input Validation Vulnerability (CVE-2019-0604)
CVE-2019-0604
CWE-20
Critical
Oracle HTTP Server Use After Free Vulnerability (CVE-2019-10082)
CVE-2019-10082
CWE-416
Critical
PHP Out-of-bounds Write Vulnerability (CVE-2019-11043)
CVE-2019-11043
CWE-787
Critical
Drupal Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-10910)
CVE-2019-10910
CWE-138
Critical
PHP Out-of-bounds Read Vulnerability (CVE-2019-11040)
CVE-2019-11040
CWE-125
Critical
PHP Integer Overflow or Wraparound Vulnerability (CVE-2019-11039)
CVE-2019-11039
CWE-190
Critical
PHP Out-of-bounds Read Vulnerability (CVE-2019-11036)
CVE-2019-11036
CWE-125
Critical
PHP Out-of-bounds Read Vulnerability (CVE-2019-11035)
CVE-2019-11035
CWE-125
Critical
PHP Out-of-bounds Read Vulnerability (CVE-2019-11034)
CVE-2019-11034
CWE-125
Critical
Joomla Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-10945)
CVE-2019-10945
CWE-22
Critical
Lodash Other Vulnerability (CVE-2019-10744)
CVE-2019-10744
-
Critical
Python Credentials Management Errors Vulnerability (CVE-2019-10160)
CVE-2019-10160
-
Critical
Contao Key Management Errors Vulnerability (CVE-2019-10643)
CVE-2019-10643
-
Critical
Contao Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2019-10641)
CVE-2019-10641
CWE-640
Critical
Jboss EAP Insertion of Sensitive Information into Log File Vulnerability (CVE-2019-10212)
CVE-2019-10212
CWE-532
Critical
Undertow Insertion of Sensitive Information into Log File Vulnerability (CVE-2019-10212)
CVE-2019-10212
CWE-532
Critical
PostgreSQL Improper Input Validation Vulnerability (CVE-2019-10211)
CVE-2019-10211
CWE-20
Critical
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-10202)
CVE-2019-10202
CWE-502
Critical
GlassFish CVE-2011-0807 Vulnerability (CVE-2011-0807)
CVE-2011-0807
-
Critical
Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-9435)
CVE-2017-9435
CWE-138
Critical
PHP Out-of-bounds Write Vulnerability (CVE-2017-9228)
CVE-2017-9228
CWE-787
Critical
Joomla Improper Input Validation Vulnerability (CVE-2016-8869)
CVE-2016-8869
CWE-20
Critical
Oracle JRE CVE-2012-1723 Vulnerability (CVE-2012-1723)
CVE-2012-1723
-
Critical
Oracle JRE CVE-2012-1682 Vulnerability (CVE-2012-1682)
CVE-2012-1682
-
Critical
Oracle JRE CVE-2017-10285 Vulnerability (CVE-2017-10285)
CVE-2017-10285
-
Critical
Oracle Database Server CVE-2017-10282 Vulnerability (CVE-2017-10282)
CVE-2017-10282
-
Critical
WebLogic CVE-2017-10137 Vulnerability (CVE-2017-10137)
CVE-2017-10137
-
Critical