Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

Known Vulnerabilities

This page lists 13147 vulnerabilities in this category.

Critical: 1428 High: 3252 Medium: 7730 Low: 735 Information: 2
Vulnerability Name
CVE
CWE
Severity
Oracle Database Server CVE-2006-0258 Vulnerability (CVE-2006-0258)
CVE-2006-0258
-
Critical
phpMyFAQ Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-5227)
CVE-2023-5227
CWE-434
Critical
Citrix NetScaler Memory Disclosure 'Citrix Bleed' (CVE-2023-4966)
CVE-2023-4966
CWE-119
Critical
Django Improper Input Validation Vulnerability (CVE-2023-31047)
CVE-2023-31047
CWE-20
Critical
Microsoft SQL Server Other Vulnerability (CVE-2002-0721)
CVE-2002-0721
-
Critical
ChatGPT-Next-Web SSRF (CVE-2023-49785)
CVE-2023-49785
CWE-918
Critical
GlobalProtect PAN-OS RCE (CVE-2024-3400)
CVE-2024-3400
CWE-77
Critical
Apache HTTP Server Integer Overflow or Wraparound Vulnerability (CVE-2022-28615)
CVE-2022-28615
CWE-190
Critical
GeoServer RCE (CVE-2024-36401)
CVE-2024-36401
CWE-94
Critical
Fortinet Out-Of-Bound Memory Write RCE (CVE-2024-21762)
CVE-2024-21762
CWE-787
Critical
Oracle Database Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2003-0096)
CVE-2003-0096
CWE-119
Critical
XWiki Inadequate Encryption Strength Vulnerability (CVE-2022-29161)
CVE-2022-29161
CWE-326
Critical
Flowise Authentication Bypass (CVE-2024-31621)
CVE-2024-31621
CWE-287
Critical
Oracle Database Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2003-0095)
CVE-2003-0095
CWE-119
Critical
Apache HTTP Server Other Vulnerability (CVE-1999-1199)
CVE-1999-1199
-
Critical
PrestaShop Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-39526)
CVE-2023-39526
CWE-138
Critical
PrestaShop Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-39525)
CVE-2023-39525
CWE-22
Critical
Ruby Double Free Vulnerability (CVE-2022-28738)
CVE-2022-28738
CWE-415
Critical
Grafana Missing Authentication for Critical Function Vulnerability (CVE-2022-28660)
CVE-2022-28660
CWE-306
Critical
Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-28347)
CVE-2022-28347
CWE-138
Critical
Check Point Gateway Path Traversal (CVE-2024-24919)
CVE-2024-24919
CWE-22
Critical
Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-28346)
CVE-2022-28346
CWE-138
Critical
PrestaShop Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-39524)
CVE-2023-39524
CWE-138
Critical
MediaWiki CVE-2022-28209 Vulnerability (CVE-2022-28209)
CVE-2022-28209
-
Critical
MediaWiki CVE-2022-28206 Vulnerability (CVE-2022-28206)
CVE-2022-28206
-
Critical
MediaWiki CVE-2022-28205 Vulnerability (CVE-2022-28205)
CVE-2022-28205
-
Critical
Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-38888)
CVE-2023-38888
CWE-707
Critical
Apache HTTP Server Other Vulnerability (CVE-1999-1293)
CVE-1999-1293
-
Critical
GibbonEdu CVE-2023-45878 Vulnerability (CVE-2023-45878)
CVE-2023-45878
-
Critical
CrushFTP SSTI (CVE-2024-4040)
CVE-2024-4040
CWE-94
Critical
Unauthenticated OGNL injection in Confluence Server and Data Center (CVE-2023-22527)
CVE-2023-22527
CWE-917
Critical
CloudPanel file-manager Auth bypass (CVE-2023-35885)
CVE-2023-35885
CWE-565
Critical
Cleo Harmony/VLTrader/LexiCom RCE (CVE-2024-50623, CVE-2024-55956)
CVE-2024-55956
CWE-434
Critical
Moodle Incorrect Calculation Vulnerability (CVE-2022-30600)
CVE-2022-30600
CWE-682
Critical
b2evolution Use of Insufficiently Random Values Vulnerability (CVE-2022-30935)
CVE-2022-30935
CWE-330
Critical
Oracle Database Server CVE-2006-0260 Vulnerability (CVE-2006-0260)
CVE-2006-0260
-
Critical
Envoy Proxy Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2023-27491)
CVE-2023-27491
-
Critical
Lucee CF_CLIENT_ RCE
-
CWE-200
Critical
Moodle Other Vulnerability (CVE-2005-2247)
CVE-2005-2247
-
Critical
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-26477)
CVE-2023-26477
CWE-94
Critical
XWikiplatform Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-31996)
CVE-2024-31996
CWE-94
Critical
XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-27479)
CVE-2023-27479
CWE-138
Critical
PHP Other Vulnerability (CVE-1999-0238)
CVE-1999-0238
-
Critical
Serendipity Other Vulnerability (CVE-2005-1449)
CVE-2005-1449
-
Critical
Envoy Proxy CVE-2023-27487 Vulnerability (CVE-2023-27487)
CVE-2023-27487
-
Critical
ColdFusion WDDX Deserialization RCE (CVE-2023-44353)
CVE-2023-44353
CWE-502
Critical
Envoy Proxy CVE-2023-27488 Vulnerability (CVE-2023-27488)
CVE-2023-27488
-
Critical
Moodle Improper Input Validation Vulnerability (CVE-2022-35649)
CVE-2022-35649
CWE-20
Critical
Envoy Proxy Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2023-27493)
CVE-2023-27493
-
Critical
Apache Struts Path traversal (S2-067/CVE-2024-53677, S2-066/CVE-2023-50164)
CVE-2023-50164
CWE-434
Critical
Apache HTTP Server CVE-2005-2700 Vulnerability (CVE-2005-2700)
CVE-2005-2700
-
Critical
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-46731)
CVE-2023-46731
CWE-94
Critical
CakePHP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-22727)
CVE-2023-22727
CWE-138
Critical
Atlassian Confluence Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-22527)
CVE-2023-22527
CWE-138
Critical
Apache HTTP Server Improper Encoding or Escaping of Output Vulnerability (CVE-2024-38474)
CVE-2024-38474
CWE-116
Critical
Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-34265)
CVE-2022-34265
CWE-138
Critical
Magento Incorrect Authorization Vulnerability (CVE-2022-34256)
CVE-2022-34256
CWE-863
Critical
VMware Aria Operations for Networks RCE (CVE-2023-20887)
CVE-2023-20887
CWE-77
Critical
Kramer VIAware RCE (CVE-2021-36356/CVE-2021-35064)
CVE-2021-35064
CWE-434
Critical
Apache HTTP Server CVE-2024-38476 Vulnerability (CVE-2024-38476)
CVE-2024-38476
-
Critical
TeamCity Authentication Bypass (CVE-2024-27198)
CVE-2024-27198
CWE-288
Critical
Apache HTTP Server Other Vulnerability (CVE-2004-0492)
CVE-2004-0492
-
Critical
Internet Information Services Other Vulnerability (CVE-1999-0233)
CVE-1999-0233
-
Critical
Craft CMS register_argc_argv RCE (CVE-2024-56145)
CVE-2024-56145
CWE-94
Critical
SysAid On-Premise RCE (CVE-2023-47246)
CVE-2023-47246
CWE-22
Critical
XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-45134)
CVE-2023-45134
CWE-707
Critical
CubeCart Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-34832)
CVE-2024-34832
CWE-22
Critical
Apache HTTP Server Other Vulnerability (CVE-1999-0067)
CVE-1999-0067
-
Critical
Skipper Server-Side Request Forgery (SSRF) Vulnerability (CVE-2022-38580)
CVE-2022-38580
CWE-918
Critical
XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-45136)
CVE-2023-45136
CWE-707
Critical
Citrix NetScaler Memory Disclosure 'Citrix Bleed 2' (CVE-2025-5777)
CVE-2025-5349
CWE-457
Critical
Wing FTP Server RCE (CVE-2025-47812)
CVE-2025-47812
CWE-158
Critical
GeoServer Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-36401)
CVE-2024-36401
CWE-94
Critical
Python Integer Overflow or Wraparound Vulnerability (CVE-2022-37454)
CVE-2022-37454
CWE-190
Critical
PHP Integer Overflow or Wraparound Vulnerability (CVE-2022-37454)
CVE-2022-37454
CWE-190
Critical