Platform
Solutions
Pricing
Why Invicti
Resources Library
Get a demo
Home
/
Web Application Vulnerabilities
/ Known Vulnerabilities
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
Known Vulnerabilities
This page lists
13509 vulnerabilities
in this category.
Critical: 1465
High: 3387
Medium: 7907
Low: 748
Information: 2
Vulnerability Name
CVE
CWE
Severity
PHP Incorrect Calculation of Buffer Size Vulnerability (CVE-2025-1861)
CVE-2025-1861
CWE-131
Critical
Open Resty Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-9230)
CVE-2018-9230
CWE-138
Critical
Atlassian Jira Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2019-11581)
CVE-2019-11581
CWE-138
Critical
Apache Struts Path traversal (S2-067/CVE-2024-53677, S2-066/CVE-2023-50164)
CVE-2023-50164
CWE-434
Critical
Craft CMS register_argc_argv RCE (CVE-2024-56145)
CVE-2024-56145
CWE-94
Critical
Craft CMS RCE (CVE-2025-32432)
CVE-2025-32432
CWE-470
Critical
CrushFTP Authentication Bypass (CVE-2025-2825)
CVE-2025-2825
CWE-287
Critical
RubyGems Improper Verification of Cryptographic Signature Vulnerability (CVE-2018-1000076)
CVE-2018-1000076
CWE-347
Critical
ColdFusion WDDX Deserialization RCE (CVE-2023-44353)
CVE-2023-44353
CWE-502
Critical
XWikiplatform Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-46558)
CVE-2025-46558
CWE-707
Critical
SuiteCRM SQL Injection (CVE-2024-36412)
CVE-2024-36412
CWE-89
Critical
Oracle Database Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2003-0095)
CVE-2003-0095
CWE-119
Critical
Joomla Deserialization of Untrusted Data Vulnerability (CVE-2019-11831)
CVE-2019-11831
CWE-502
Critical
Sqlite Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2019-19646)
CVE-2019-19646
CWE-754
Critical
Drupal Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-11831)
CVE-2019-11831
CWE-22
Critical
SolarWinds Web Help Desk Hardcoded Credential (CVE-2024-28987)
CVE-2024-28987
CWE-798
Critical
SolarWinds Web Help Desk RCE (CVE-2024-28986)
CVE-2024-28986
CWE-502
Critical
SysAid On-Premise RCE (CVE-2023-47246)
CVE-2023-47246
CWE-22
Critical
Ruby Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-8780)
CVE-2018-8780
CWE-22
Critical
TeamCity Authentication Bypass (CVE-2024-27198)
CVE-2024-27198
CWE-288
Critical
XWikiplatform Relative Path Traversal Vulnerability (CVE-2025-55747)
CVE-2025-55747
CWE-23
Critical
Kramer VIAware RCE (CVE-2021-36356/CVE-2021-35064)
CVE-2021-35064
CWE-434
Critical
VMware Aria Operations for Networks RCE (CVE-2023-20887)
CVE-2023-20887
CWE-77
Critical
phpMyAdmin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-11768)
CVE-2019-11768
CWE-138
Critical
Oracle Database Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2003-0096)
CVE-2003-0096
CWE-119
Critical
Envoy Proxy Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2024-45806)
CVE-2024-45806
CWE-639
Critical
PHP Integer Overflow or Wraparound Vulnerability (CVE-2017-9120)
CVE-2017-9120
CWE-190
Critical
Ingress-Nginx "IngressNightmare" RCE (CVE-2025-1974)
CVE-2025-1974
CWE-653
Critical
Cacti Unauthenticated Command Injection (CVE-2022-46169)
CVE-2022-46169
CWE-77
Critical
IBM Aspera Faspex RCE (CVE-2022-47986)
CVE-2022-47986
CWE-502
Critical
Jira Seraph Authentication Bypass (CVE-2022-0540)
CVE-2022-0540
CWE-288
Critical
Sqlite Integer Overflow or Wraparound Vulnerability (CVE-2025-3277)
CVE-2025-3277
CWE-190
Critical
Varnish Cache Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2017-8807)
CVE-2017-8807
CWE-119
Critical
CData Jetty Path Traversal (CVE-2024-31848/CVE-2024-31849/CVE-2024-31850/CVE-2024-31851)
CVE-2024-31851
CWE-22
Critical
Atlassian Confluence Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-3395)
CVE-2019-3395
CWE-918
Critical
ChatGPT-Next-Web SSRF (CVE-2023-49785)
CVE-2023-49785
CWE-918
Critical
Perl Out-of-bounds Write Vulnerability (CVE-2018-6913)
CVE-2018-6913
CWE-787
Critical
Check Point Gateway Path Traversal (CVE-2024-24919)
CVE-2024-24919
CWE-22
Critical
Cleo Harmony/VLTrader/LexiCom RCE (CVE-2024-50623, CVE-2024-55956)
CVE-2024-55956
CWE-434
Critical
MediaWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2017-8809)
CVE-2017-8809
CWE-138
Critical
Atlassian Confluence Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-3396)
CVE-2019-3396
CWE-22
Critical
CloudPanel file-manager Auth bypass (CVE-2023-35885)
CVE-2023-35885
CWE-565
Critical
Unauthenticated OGNL injection in Confluence Server and Data Center (CVE-2023-22527)
CVE-2023-22527
CWE-917
Critical
Adobe Commerce/Magento "CosmicSting" XXE (CVE-2024-34102)
CVE-2024-34102
CWE-611
Critical
Magento CVE-2019-8144 Vulnerability (CVE-2019-8144)
CVE-2019-8144
-
Critical
CyberPanel RCE (CVE-2024-51567/CVE-2024-51568/CVE-2024-51378)
CVE-2024-51378
CWE-306
Critical
Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-6376)
CVE-2018-6376
CWE-138
Critical
Sitecore XP TemplateParser RCE (CVE-2023-35813)
CVE-2023-35813
CWE-94
Critical
TeamCity Authentication Bypass (CVE-2023-42793)
CVE-2023-42793
CWE-287
Critical
TorchServe Management API SSRF (CVE-2023-43654)
CVE-2023-43654
CWE-918
Critical
SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-6308)
CVE-2018-6308
CWE-138
Critical
Citrix NetScaler Memory Disclosure 'Citrix Bleed' (CVE-2023-4966)
CVE-2023-4966
CWE-119
Critical
Magento Insufficient Session Expiration Vulnerability (CVE-2019-8149)
CVE-2019-8149
CWE-613
Critical
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-17267)
CVE-2019-17267
CWE-502
Critical
PostgreSQL Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2018-1115)
CVE-2018-1115
CWE-732
Critical
XWikiplatform Missing Authorization Vulnerability (CVE-2025-32973)
CVE-2025-32973
CWE-862
Critical
Apache HTTP Server Improper Authentication Vulnerability (CVE-2018-1312)
CVE-2018-1312
CWE-287
Critical
XWikiplatform Improper Encoding or Escaping of Output Vulnerability (CVE-2025-32974)
CVE-2025-32974
CWE-116
Critical
Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-26533)
CVE-2025-26533
CWE-138
Critical
ColdFusion WDDX Deserialization RCE (CVE-2023-29300/CVE-2023-38203/CVE-2023-38204)
CVE-2023-38204
CWE-502
Critical
Perl Out-of-bounds Write Vulnerability (CVE-2018-6797)
CVE-2018-6797
CWE-787
Critical
CrushFTP SSTI (CVE-2024-4040)
CVE-2024-4040
CWE-94
Critical
Magento CVE-2019-8136 Vulnerability (CVE-2019-8136)
CVE-2019-8136
-
Critical
Handlebars Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2019-19919)
CVE-2019-19919
CWE-138
Critical
PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2018-7584)
CVE-2018-7584
CWE-119
Critical
Moodle Other Vulnerability (CVE-2005-2247)
CVE-2005-2247
-
Critical
Mura/Masa CMS SQLi (CVE-2024-32640)
CVE-2024-32640
CWE-89
Critical
Jboss EAP Incomplete List of Disallowed Inputs Vulnerability (CVE-2018-7489)
CVE-2018-7489
CWE-184
Critical
Mura/Masa CMS JSON API RCE
-
CWE-200
Critical
Apache OFBiz Authentication Bypass (CVE-2023-51467)
CVE-2023-51467
CWE-287
Critical
LimeSurvey Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-7556)
CVE-2018-7556
CWE-200
Critical
Drupal Improper Input Validation Vulnerability (CVE-2018-7600)
CVE-2018-7600
CWE-20
Critical
Ivanti Sentry Authentication Bypass (CVE-2023-38035)
CVE-2023-38035
CWE-863
Critical
Drupal CVE-2018-7602 Vulnerability (CVE-2018-7602)
CVE-2018-7602
-
Critical
ClipBucket Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2018-7664)
CVE-2018-7664
CWE-138
Critical
«
1
...
14
15
16
...
181
»
