Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

Known Vulnerabilities

This page lists 13509 vulnerabilities in this category.

Critical: 1465 High: 3387 Medium: 7907 Low: 748 Information: 2
Vulnerability Name
CVE
CWE
Severity
Pega Infinity Improper Authentication Vulnerability (CVE-2021-27651)
CVE-2021-27651
CWE-287
Critical
Atlassian Confluence CVE-2023-22515 Vulnerability (CVE-2023-22515)
CVE-2023-22515
-
Critical
Atlassian Confluence Incorrect Authorization Vulnerability (CVE-2023-22518)
CVE-2023-22518
CWE-863
Critical
Atlassian Confluence Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-22527)
CVE-2023-22527
CWE-138
Critical
CakePHP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-22727)
CVE-2023-22727
CWE-138
Critical
Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2021-26691)
CVE-2021-26691
CWE-787
Critical
PHP Use After Free Vulnerability (CVE-2014-3622)
CVE-2014-3622
CWE-416
Critical
Apache Traffic Server Improper Access Control Vulnerability (CVE-2014-3624)
CVE-2014-3624
CWE-284
Critical
Play Framework Improper Restriction of XML External Entity Reference Vulnerability (CVE-2014-3630)
CVE-2014-3630
CWE-611
Critical
Atlassian Confluence Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2021-26084)
CVE-2021-26084
CWE-138
Critical
Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-25955)
CVE-2021-25955
CWE-707
Critical
Opencart Improper Restriction of XML External Entity Reference Vulnerability (CVE-2014-3990)
CVE-2014-3990
CWE-611
Critical
WebLogic Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2021-23450)
CVE-2021-23450
CWE-1321
Critical
Handlebars Other Vulnerability (CVE-2021-23383)
CVE-2021-23383
-
Critical
Jenkins Protection Mechanism Failure Vulnerability (CVE-2021-21696 )
CVE-2021-21696
CWE-693
Critical
Handlebars CVE-2021-23369 Vulnerability (CVE-2021-23369)
CVE-2021-23369
-
Critical
Internet Information Services Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2010-3972)
CVE-2010-3972
CWE-119
Critical
Joomla CVE-2021-23128 Vulnerability (CVE-2021-23128)
CVE-2021-23128
-
Critical
Joomla CVE-2021-23127 Vulnerability (CVE-2021-23127)
CVE-2021-23127
-
Critical
Apache HTTP Server Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2023-25690)
CVE-2023-25690
-
Critical
concrete5 Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-22958)
CVE-2021-22958
CWE-918
Critical
Piwigo CVE-2014-4648 Vulnerability (CVE-2014-4648)
CVE-2014-4648
-
Critical
Python Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-4650)
CVE-2014-4650
CWE-22
Critical
Moodle Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-21809)
CVE-2021-21809
CWE-732
Critical
PHP Use After Free Vulnerability (CVE-2021-21708)
CVE-2021-21708
CWE-416
Critical
Jenkins Other Vulnerability (CVE-2021-21697)
CVE-2021-21697
-
Critical
Jenkins Other Vulnerability (CVE-2021-21696)
CVE-2021-21696
-
Critical
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-26477)
CVE-2023-26477
CWE-94
Critical
Apache HTTP Server CVE-2024-38476 Vulnerability (CVE-2024-38476)
CVE-2024-38476
-
Critical
PHP Integer Overflow or Wraparound Vulnerability (CVE-2024-11236)
CVE-2024-11236
CWE-190
Critical
PHP Integer Overflow or Wraparound Vulnerability (CVE-2019-11039)
CVE-2019-11039
CWE-190
Critical
WebERP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-46052)
CVE-2025-46052
CWE-138
Critical
PaperCut NG/MF Path Traversal (CVE-2023-39143)
CVE-2023-39143
CWE-22
Critical
ProjectSend Improper Input Validation Vulnerability (CVE-2017-9741)
CVE-2017-9741
CWE-20
Critical
Progress Kemp LoadMaster RCE (CVE-2024-1212)
CVE-2024-1212
CWE-78
Critical
Apache HTTP Server Improper Input Validation Vulnerability (CVE-2017-9788)
CVE-2017-9788
CWE-20
Critical
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-9788)
CVE-2017-9788
CWE-200
Critical
Serendipity Other Vulnerability (CVE-2005-1452)
CVE-2005-1452
-
Critical
Serendipity Other Vulnerability (CVE-2005-1449)
CVE-2005-1449
-
Critical
Oracle HTTP Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2019-3822)
CVE-2019-3822
CWE-119
Critical
Telerik Report Server Authentication Bypass Vulnerability
CVE-2024-4358
CWE-287
Critical
Rejetto HTTP File Server SSTI RCE (CVE-2024-23692)
CVE-2024-23692
CWE-1336
Critical
PrestaShop Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-19126)
CVE-2018-19126
CWE-434
Critical
ScreenConnect Auth bypass (CVE-2024-1709)
CVE-2024-1708
CWE-288
Critical
Jboss EAP CVE-2018-8088 Vulnerability (CVE-2018-8088)
CVE-2018-8088
-
Critical
XWikiplatform Missing Authorization Vulnerability (CVE-2025-46557)
CVE-2025-46557
CWE-862
Critical
Magento CVE-2019-8121 Vulnerability (CVE-2019-8121)
CVE-2019-8121
-
Critical
Palo Alto PAN-OS Management Interface Auth Bypass (CVE-2024-0012/CVE-2024-9474)
CVE-2024-9474
CWE-306
Critical
Django Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2019-19844)
CVE-2019-19844
CWE-640
Critical
Apache OFBiz SSRF (CVE-2024-45507)
CVE-2024-45507
CWE-918
Critical
PHP Out-of-bounds Write Vulnerability (CVE-2017-9226)
CVE-2017-9226
CWE-787
Critical
Apache HTTP Server Improper Handling of Case Sensitivity Vulnerability (CVE-2001-0766)
CVE-2001-0766
CWE-178
Critical
PrestaShop Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-19355)
CVE-2018-19355
CWE-434
Critical
PHP Out-of-bounds Read Vulnerability (CVE-2017-9227)
CVE-2017-9227
CWE-125
Critical
PHP Out-of-bounds Write Vulnerability (CVE-2017-9228)
CVE-2017-9228
CWE-787
Critical
Apache OFBiz RCE (CVE-2024-45195)
CVE-2024-45195
CWE-425
Critical
WebLogic Missing Authentication for Critical Function Vulnerability (CVE-2025-21535)
CVE-2025-21535
CWE-306
Critical
PaloAlto Networks Expedition RCE (CVE-2024-9463)
CVE-2024-9465
CWE-918
Critical
Apache Tomcat Insecure Default Initialization of Resource Vulnerability (CVE-2018-8014)
CVE-2018-8014
CWE-1188
Critical
Telerik Web UI Insufficiently Protected Credentials Vulnerability (CVE-2017-9248)
CVE-2017-9248
CWE-522
Critical
OpenMetadata Authentication Bypass (CVE-2024-28255)
CVE-2024-28255
CWE-287
Critical
PHP CGI Argument Injection (CVE-2024-4577)
CVE-2024-4577
CWE-78
Critical
Moodle Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-3809)
CVE-2019-3809
CWE-918
Critical
Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-9435)
CVE-2017-9435
CWE-138
Critical
Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-19846)
CVE-2019-19846
CWE-138
Critical
ServiceNow SSTI (CVE-2024-4879)
CVE-2024-5217
CWE-1287
Critical
PHP Out-of-bounds Read Vulnerability (CVE-2017-9224)
CVE-2017-9224
CWE-125
Critical
Chamilo Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-1999019)
CVE-2018-1999019
CWE-94
Critical
PrestaShop Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-8823)
CVE-2018-8823
CWE-94
Critical
PrestaShop Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-8824)
CVE-2018-8824
CWE-138
Critical
Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-9019)
CVE-2018-9019
CWE-138
Critical
MySQL Other Vulnerability (CVE-2003-0150)
CVE-2003-0150
-
Critical
Jboss EAP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-3873)
CVE-2019-3873
CWE-707
Critical
Undertow Insertion of Sensitive Information into Log File Vulnerability (CVE-2019-3888)
CVE-2019-3888
CWE-532
Critical
Lucee CF_CLIENT_ RCE
-
CWE-200
Critical