Platform
Solutions
Pricing
Why Invicti
Resources Library
Get a demo
Home
/
Web Application Vulnerabilities
/ Known Vulnerabilities
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
Known Vulnerabilities
This page lists
13509 vulnerabilities
in this category.
Critical: 1465
High: 3387
Medium: 7907
Low: 748
Information: 2
Vulnerability Name
CVE
CWE
Severity
Apache OFBiz RCE (CVE-2024-32113/CVE-2024-36104/CVE-2024-38856)
CVE-2024-38856
CWE-22
Critical
Apache HTTP Server Improper Access Control Vulnerability (CVE-2025-23048)
CVE-2025-23048
CWE-284
Critical
ClipBucket Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-7666)
CVE-2018-7666
CWE-138
Critical
PHP Uncontrolled Resource Consumption Vulnerability (CVE-2017-9119)
CVE-2017-9119
CWE-400
Critical
Ivanti vTM Auth bypass (CVE-2024-7593)
CVE-2024-7593
CWE-287
Critical
RCE in Ivanti Connect Secure and Policy Secure (CVE-2024-21887)
CVE-2024-21887
CWE-77
Critical
Magento Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2019-8135)
CVE-2019-8135
CWE-138
Critical
Artifactory Insufficient Verification of Data Authenticity Vulnerability (CVE-2018-19971)
CVE-2018-19971
CWE-345
Critical
Flowise Authentication Bypass (CVE-2024-31621)
CVE-2024-31621
CWE-287
Critical
Fortinet Out-Of-Bound Memory Write RCE (CVE-2024-21762)
CVE-2024-21762
CWE-787
Critical
GeoServer RCE (CVE-2024-36401)
CVE-2024-36401
CWE-94
Critical
GlobalProtect PAN-OS RCE (CVE-2024-3400)
CVE-2024-3400
CWE-77
Critical
GoAnywhere MFT Authentication Bypass (CVE-2024-0204)
CVE-2024-0204
CWE-425
Critical
Apache HTTP Server CVE-2005-2700 Vulnerability (CVE-2005-2700)
CVE-2005-2700
-
Critical
IBM ODM JNDI injection (CVE-2024-22319)
CVE-2024-22319
CWE-74
Critical
Apache Tomcat Use of Incorrectly-Resolved Name or Reference Vulnerability (CVE-2025-24813)
CVE-2025-24813
CWE-706
Critical
Ivanti CSA Path Traversal (CVE-2024-8963/CVE-2024-8190)
CVE-2024-8190
CWE-22
Critical
Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-25226)
CVE-2025-25226
CWE-138
Critical
Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-8917)
CVE-2017-8917
CWE-138
Critical
PHP Improper Input Validation Vulnerability (CVE-2017-8923)
CVE-2017-8923
CWE-20
Critical
silverstripeCMS CVE-2019-12204 Vulnerability (CVE-2019-12204)
CVE-2019-12204
-
Critical
XWikiplatform Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2025-24893)
CVE-2025-24893
CWE-94
Critical
Oracle Database Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2003-0222)
CVE-2003-0222
CWE-119
Critical
Kentico Staging API Authentication Bypass
-
CWE-287
Critical
XWikiplatform Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-32969)
CVE-2025-32969
CWE-138
Critical
PHP Use After Free Vulnerability (CVE-2018-12882)
CVE-2018-12882
CWE-416
Critical
XWikiplatform Improper Encoding or Escaping of Output Vulnerability (CVE-2024-55663)
CVE-2024-55663
CWE-116
Critical
Oracle Application Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2004-1371)
CVE-2004-1371
CWE-119
Critical
silverstripeCMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-5715)
CVE-2019-5715
CWE-138
Critical
Frontaccounting Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-5720)
CVE-2019-5720
CWE-138
Critical
Oracle Application Server Incorrect Calculation of Buffer Size Vulnerability (CVE-2004-1363)
CVE-2004-1363
CWE-131
Critical
Oracle Database Server Incorrect Calculation of Buffer Size Vulnerability (CVE-2004-1363)
CVE-2004-1363
CWE-131
Critical
SugarCRM Other Vulnerability (CVE-2004-1225)
CVE-2004-1225
-
Critical
Phusion Passenger Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2018-12026)
CVE-2018-12026
CWE-59
Critical
phpMyAdmin Other Vulnerability (CVE-2004-1147)
CVE-2004-1147
-
Critical
Ruby CVE-2018-16395 Vulnerability (CVE-2018-16395)
CVE-2018-16395
-
Critical
Telerik Web UI Deserialization of Untrusted Data Vulnerability (CVE-2019-18935)
CVE-2019-18935
CWE-502
Critical
Jboss EAP Insertion of Sensitive Information into Log File Vulnerability (CVE-2019-10212)
CVE-2019-10212
CWE-532
Critical
Envoy Proxy CVE-2024-7207 Vulnerability (CVE-2024-7207)
CVE-2024-7207
-
Critical
PHP Other Vulnerability (CVE-2004-1065)
CVE-2004-1065
-
Critical
Oracle HTTP Server Out-of-bounds Write Vulnerability (CVE-2019-5482)
CVE-2019-5482
CWE-787
Critical
phpMyAdmin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-18622)
CVE-2019-18622
CWE-138
Critical
PHP CVE-2004-1063 Vulnerability (CVE-2004-1063)
CVE-2004-1063
-
Critical
PHP Other Vulnerability (CVE-2000-0059)
CVE-2000-0059
-
Critical
CrushFTP Server Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2024-53552)
CVE-2024-53552
CWE-640
Critical
Joomla Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2018-11325)
CVE-2018-11325
CWE-209
Critical
Contao Key Management Errors Vulnerability (CVE-2019-10643)
CVE-2019-10643
-
Critical
Contao Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2019-10641)
CVE-2019-10641
CWE-640
Critical
WordPress Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-17669)
CVE-2019-17669
CWE-918
Critical
WordPress Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-17670)
CVE-2019-17670
CWE-918
Critical
Zope Web Application Server Other Vulnerability (CVE-2000-0062)
CVE-2000-0062
-
Critical
Drupal Deserialization of Untrusted Data Vulnerability (CVE-2024-55638)
CVE-2024-55638
CWE-502
Critical
Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-53908)
CVE-2024-53908
CWE-138
Critical
PostgreSQL Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-16850)
CVE-2018-16850
CWE-138
Critical
PHP Other Vulnerability (CVE-2000-0967)
CVE-2000-0967
-
Critical
Drupal Deserialization of Untrusted Data Vulnerability (CVE-2024-55636)
CVE-2024-55636
CWE-502
Critical
Drupal Deserialization of Untrusted Data Vulnerability (CVE-2024-55637)
CVE-2024-55637
CWE-502
Critical
Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-16809)
CVE-2018-16809
CWE-138
Critical
PHP CVE-2004-1064 Vulnerability (CVE-2004-1064)
CVE-2004-1064
-
Critical
Undertow Insertion of Sensitive Information into Log File Vulnerability (CVE-2019-10212)
CVE-2019-10212
CWE-532
Critical
LimeSurvey Deserialization of Untrusted Data Vulnerability (CVE-2018-17057)
CVE-2018-17057
CWE-502
Critical
Python Credentials Management Errors Vulnerability (CVE-2019-10160)
CVE-2019-10160
-
Critical
Magento Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-7139)
CVE-2019-7139
CWE-138
Critical
Oracle HTTP Server Use After Free Vulnerability (CVE-2019-10082)
CVE-2019-10082
CWE-416
Critical
Oracle Database Server Deserialization of Untrusted Data Vulnerability (CVE-2018-14719)
CVE-2018-14719
CWE-502
Critical
Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-5314)
CVE-2024-5314
CWE-138
Critical
Grafana Improper Authentication Vulnerability (CVE-2018-15727)
CVE-2018-15727
CWE-287
Critical
Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-5315)
CVE-2024-5315
CWE-138
Critical
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2018-14720)
CVE-2018-14720
CWE-502
Critical
Apache HTTP Server Use After Free Vulnerability (CVE-2019-10082)
CVE-2019-10082
CWE-416
Critical
PHP CVE-2004-0542 Vulnerability (CVE-2004-0542)
CVE-2004-0542
-
Critical
Jboss EAP Server-Side Request Forgery (SSRF) Vulnerability (CVE-2018-14721)
CVE-2018-14721
CWE-918
Critical
phpMyAdmin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-6798)
CVE-2019-6798
CWE-138
Critical
IBMHttpServer Other Vulnerability (CVE-2004-0492)
CVE-2004-0492
-
Critical
Apache HTTP Server Other Vulnerability (CVE-2004-0492)
CVE-2004-0492
-
Critical
«
1
...
15
16
17
...
181
»
