🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Invicti vs. Competitors
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
MSSP
Documentation
Vulnerability Database
Get a demo
Home
/
Web Application Vulnerabilities
/ Known Vulnerabilities
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
Known Vulnerabilities
This page lists
14981 vulnerabilities
in this category.
Critical: 1612
High: 4015
Medium: 8569
Low: 783
Information: 2
Vulnerability Name
CVE
CWE
Severity
SharePoint Other Vulnerability (CVE-2015-0085)
CVE-2015-0085
-
Critical
WebLogic CVE-2022-21306 Vulnerability (CVE-2022-21306)
CVE-2022-21306
-
Critical
Apache HTTP Server Improper Encoding or Escaping of Output Vulnerability (CVE-2024-38474)
CVE-2024-38474
CWE-116
Critical
GeoServer Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-36401)
CVE-2024-36401
CWE-94
Critical
Python Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2015-20107)
CVE-2015-20107
CWE-138
Critical
Craft CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-37843)
CVE-2024-37843
CWE-138
Critical
Internet Information Services Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2010-3972)
CVE-2010-3972
CWE-119
Critical
Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-0224)
CVE-2022-0224
CWE-138
Critical
Roundcube Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2024-37385)
CVE-2024-37385
CWE-138
Critical
Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-0332)
CVE-2022-0332
CWE-138
Critical
Atlassian Jira Improper Authentication Vulnerability (CVE-2022-0540)
CVE-2022-0540
CWE-287
Critical
PHP Out-of-bounds Write Vulnerability (CVE-2015-0235)
CVE-2015-0235
CWE-787
Critical
Artifactory Improper Privilege Management Vulnerability (CVE-2022-0668)
CVE-2022-0668
CWE-269
Critical
CubeCart Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-34832)
CVE-2024-34832
CWE-22
Critical
OpenSSL Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2022-1292)
CVE-2022-1292
CWE-138
Critical
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-34502)
CVE-2024-34502
CWE-352
Critical
Oracle Database Server CVE-2015-0457 Vulnerability (CVE-2015-0457)
CVE-2015-0457
-
Critical
PostgreSQL Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2015-0244)
CVE-2015-0244
CWE-138
Critical
Perl Out-of-bounds Read Vulnerability (CVE-2018-18313)
CVE-2018-18313
CWE-125
Critical
WeBid Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-35409)
CVE-2024-35409
CWE-138
Critical
MySQL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2004-0836)
CVE-2004-0836
CWE-119
Critical
Apache Struts2 Remote Command Execution (S2-053)
CVE-2017-12611
CWE-94
Critical
ATutor Incorrect Authorization Vulnerability (CVE-2019-16114)
CVE-2019-16114
CWE-863
Critical
PHP CVE-2004-0542 Vulnerability (CVE-2004-0542)
CVE-2004-0542
-
Critical
SharePoint Authentication bypass (CVE-2023-29357)
CVE-2023-29357
CWE-287
Critical
Joomla CVE-2026-35223 Vulnerability (CVE-2026-35223)
CVE-2026-35223
-
Critical
Python Insufficient Entropy Vulnerability (CVE-2026-7210)
CVE-2026-7210
CWE-331
Critical
Drupal Improper Input Validation Vulnerability (CVE-2019-6342)
CVE-2019-6342
CWE-20
Critical
Squid Out-of-bounds Write Vulnerability (CVE-2019-12519)
CVE-2019-12519
CWE-787
Critical
WebLogic Improper Access Control Vulnerability (CVE-2026-35263)
CVE-2026-35263
CWE-284
Critical
WebLogic Missing Authentication for Critical Function Vulnerability (CVE-2026-35292)
CVE-2026-35292
CWE-306
Critical
RCE in Ivanti Connect Secure and Policy Secure (CVE-2024-21887)
CVE-2024-21887
CWE-77
Critical
phpMyAdmin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-6798)
CVE-2019-6798
CWE-138
Critical
LimeSurvey Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-9960)
CVE-2019-9960
CWE-22
Critical
Jboss EAP Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2019-20444)
CVE-2019-20444
CWE-444
Critical
WebLogic Improper Access Control Vulnerability (CVE-2026-35298)
CVE-2026-35298
CWE-284
Critical
Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-35222)
CVE-2026-35222
CWE-138
Critical
MediaWiki Missing Authentication for Critical Function Vulnerability (CVE-2019-12468)
CVE-2019-12468
CWE-306
Critical
LimeSurvey Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2019-16184)
CVE-2019-16184
CWE-1236
Critical
OwnCloud phpinfo Information Disclosure (CVE-2023-49103)
CVE-2023-49103
CWE-200
Critical
Ivanti Sentry Authentication Bypass (CVE-2023-38035)
CVE-2023-38035
CWE-863
Critical
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2026-35300)
CVE-2026-35300
CWE-502
Critical
Code Evaluation (Apache Struts) S2-045
CVE-2017-5638
CWE-94
Critical
Magento Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-7139)
CVE-2019-7139
CWE-138
Critical
WebLogic Missing Authentication for Critical Function Vulnerability (CVE-2026-35301)
CVE-2026-35301
CWE-306
Critical
WebLogic CVE-2018-2894 Vulnerability (CVE-2018-2894)
CVE-2018-2894
-
Critical
WebLogic CVE-2018-2893 Vulnerability (CVE-2018-2893)
CVE-2018-2893
-
Critical
Oracle Identity Manager Authentication Bypass (CVE-2025-61757)
CVE-2025-61757
CWE-306
Critical
Python Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-9948)
CVE-2019-9948
CWE-22
Critical
phpMyAdmin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-26935)
CVE-2020-26935
CWE-138
Critical
Nexus Repository Manager CVE-2019-7238 Vulnerability (CVE-2019-7238)
CVE-2019-7238
-
Critical
Ivanti CSA Path Traversal (CVE-2024-8963/CVE-2024-8190)
CVE-2024-8190
CWE-22
Critical
Squid CVE-2019-12523 Vulnerability (CVE-2019-12523)
CVE-2019-12523
-
Critical
Apache HTTP Server Exposure of Resource to Wrong Sphere Vulnerability (CVE-2026-42535)
CVE-2026-42535
CWE-668
Critical
GoAnywhere MFT Authentication Bypass (CVE-2024-0204)
CVE-2024-0204
CWE-425
Critical
GeoServer RCE (CVE-2024-36401)
CVE-2024-36401
CWE-94
Critical
XWikiplatform Missing Authorization Vulnerability (CVE-2026-33229)
CVE-2026-33229
CWE-862
Critical
Squid Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2019-12526)
CVE-2019-12526
CWE-120
Critical
GlobalProtect PAN-OS RCE (CVE-2024-3400)
CVE-2024-3400
CWE-77
Critical
Squid Integer Overflow or Wraparound Vulnerability (CVE-2020-11945)
CVE-2020-11945
CWE-190
Critical
Apache HTTP Server Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2020-11984)
CVE-2020-11984
CWE-120
Critical
Ruby on Rails Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2026-33202)
CVE-2026-33202
CWE-138
Critical
Oracle Database Server CVE-2018-3110 Vulnerability (CVE-2018-3110)
CVE-2018-3110
-
Critical
Ruby on Rails Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2026-33195)
CVE-2026-33195
CWE-22
Critical
PHP Other Vulnerability (CVE-2000-0967)
CVE-2000-0967
-
Critical
Contao Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2019-10641)
CVE-2019-10641
CWE-640
Critical
Oracle WebLogic Remote Code Execution (CVE-2020-14882)
CVE-2020-14883
CWE-78
Critical
Sitecore XP TemplateParser RCE (CVE-2023-35813)
CVE-2023-35813
CWE-94
Critical
MODX Improper Restriction of XML External Entity Reference Vulnerability (CVE-2020-25911)
CVE-2020-25911
CWE-611
Critical
Drupal Improper Input Validation Vulnerability (CVE-2019-6339)
CVE-2019-6339
CWE-20
Critical
Ruby on Rails Improper Input Validation Vulnerability (CVE-2019-5420)
CVE-2019-5420
CWE-20
Critical
Squid Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2019-12525)
CVE-2019-12525
CWE-119
Critical
Oracle Database Server CVE-2026-46833 Vulnerability (CVE-2026-46833)
CVE-2026-46833
-
Critical
Undertow Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-1745)
CVE-2020-1745
CWE-200
Critical
Oracle HTTP Server Out-of-bounds Write Vulnerability (CVE-2019-5482)
CVE-2019-5482
CWE-787
Critical
«
1
...
15
16
17
...
200
»