🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Invicti vs. Competitors
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
MSSP
Documentation
Vulnerability Database
Get a demo
Home
/
Web Application Vulnerabilities
/ Known Vulnerabilities
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
Known Vulnerabilities
This page lists
14981 vulnerabilities
in this category.
Critical: 1612
High: 4015
Medium: 8569
Low: 783
Information: 2
Vulnerability Name
CVE
CWE
Severity
Squid Missing Authentication for Critical Function Vulnerability (CVE-2019-12524)
CVE-2019-12524
CWE-306
Critical
silverstripeCMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-5715)
CVE-2019-5715
CWE-138
Critical
Frontaccounting Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-5720)
CVE-2019-5720
CWE-138
Critical
GhostScript RCE (Remote Code Execution)
CVE-2016-3714
CWE-78
Critical
IBM ODM JNDI injection (CVE-2024-22319)
CVE-2024-22319
CWE-943
Critical
Apache HTTP Server Other Vulnerability (CVE-2004-0492)
CVE-2004-0492
-
Critical
IBMHttpServer Other Vulnerability (CVE-2004-0492)
CVE-2004-0492
-
Critical
Craft CMS Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2019-15929)
CVE-2019-15929
CWE-640
Critical
Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-35221)
CVE-2026-35221
CWE-138
Critical
Jboss EAP Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2019-20445)
CVE-2019-20445
CWE-444
Critical
Envoy Proxy Use of Incorrectly-Resolved Name or Reference Vulnerability (CVE-2019-9901)
CVE-2019-9901
CWE-706
Critical
Apache Tomcat DEPRECATED: Authentication Bypass Issues Vulnerability (CVE-2026-43512)
CVE-2026-43512
CWE-592
Critical
PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2019-9641)
CVE-2019-9641
CWE-119
Critical
Oracle Application Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2004-1371)
CVE-2004-1371
CWE-119
Critical
Artifactory CVE-2019-9733 Vulnerability (CVE-2019-9733)
CVE-2019-9733
-
Critical
axios Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability (CVE-2026-42044)
CVE-2026-42044
CWE-915
Critical
WebLogic CVE-2020-14841 Vulnerability (CVE-2020-14841)
CVE-2020-14841
-
Critical
ownCloud Improper Input Validation Vulnerability (CVE-2020-28645)
CVE-2020-28645
CWE-20
Critical
Apache OFBiz RCE (CVE-2024-32113/CVE-2024-36104/CVE-2024-38856)
CVE-2024-38856
CWE-22
Critical
silverstripeCMS CVE-2019-12204 Vulnerability (CVE-2019-12204)
CVE-2019-12204
-
Critical
Apache OFBiz RCE (CVE-2024-45195)
CVE-2024-45195
CWE-425
Critical
Improper Authorization in Confluence Server and Data Center (CVE-2023-22518)
CVE-2023-22518
CWE-284
Critical
Broken access control in Confluence Server and Data Center (CVE-2023-22515)
CVE-2023-22515
CWE-284
Critical
Cisco IOS XE Web UI Implant (CVE-2023-20198)
CVE-2023-20198
CWE-912
Critical
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-16942)
CVE-2019-16942
CWE-502
Critical
Apache OFBiz SSRF (CVE-2024-45507)
CVE-2024-45507
CWE-918
Critical
Roundcube Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2020-12640)
CVE-2020-12640
CWE-22
Critical
PostgreSQL Other Vulnerability (CVE-2002-1399)
CVE-2002-1399
-
Critical
Oracle Database Server Deserialization of Untrusted Data Vulnerability (CVE-2019-16942)
CVE-2019-16942
CWE-502
Critical
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-16942)
CVE-2019-16942
CWE-502
Critical
Cisco IOS XE Web UI Authentication Bypass (CVE-2023-20198)
CVE-2023-20198
CWE-287
Critical
Roundcube Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') Vulnerability (CVE-2020-12641)
CVE-2020-12641
CWE-707
Critical
ActiveMQ OpenWire RCE (CVE-2023-46604)
CVE-2023-46604
CWE-502
Critical
Python CVE-2019-9636 Vulnerability (CVE-2019-9636)
CVE-2019-9636
-
Critical
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-16943)
CVE-2019-16943
CWE-502
Critical
Nexus Repository Manager Improper Authentication Vulnerability (CVE-2019-9629)
CVE-2019-9629
CWE-287
Critical
Oracle E-Business Suite SSRF (CVE-2025-61882)
CVE-2025-61882
CWE-918
Critical
OpenSSL Out-of-bounds Write Vulnerability (CVE-2026-31789)
CVE-2026-31789
CWE-787
Critical
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-16943)
CVE-2019-16943
CWE-502
Critical
axios Permissive List of Allowed Inputs Vulnerability (CVE-2026-42043)
CVE-2026-42043
CWE-183
Critical
WebLogic Improper Access Control Vulnerability (CVE-2019-2729)
CVE-2019-2729
CWE-284
Critical
WebLogic Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2019-2725)
CVE-2019-2725
CWE-138
Critical
WebLogic CVE-2020-14859 Vulnerability (CVE-2020-14859)
CVE-2020-14859
-
Critical
Apache OFBiz Authentication Bypass (CVE-2023-51467)
CVE-2023-51467
CWE-287
Critical
PHP Other Vulnerability (CVE-2004-1018)
CVE-2004-1018
-
Critical
SugarCRM Other Vulnerability (CVE-2004-1225)
CVE-2004-1225
-
Critical
PHP Improper Input Validation Vulnerability (CVE-2004-1019)
CVE-2004-1019
CWE-20
Critical
Cherokee Out-of-bounds Write Vulnerability (CVE-2019-20800)
CVE-2019-20800
CWE-787
Critical
Juniper Junos OS J-Web RCE (CVE-2023-36845/CVE-2023-36846)
CVE-2023-36846
CWE-473
Critical
Python CVE-2020-27619 Vulnerability (CVE-2020-27619)
CVE-2020-27619
-
Critical
PHP CVE-2004-1063 Vulnerability (CVE-2004-1063)
CVE-2004-1063
-
Critical
PHP CVE-2004-1064 Vulnerability (CVE-2004-1064)
CVE-2004-1064
-
Critical
PHP Other Vulnerability (CVE-2004-1065)
CVE-2004-1065
-
Critical
Grafana Signature Verification Vulnerability (CVE-2020-27846)
CVE-2020-27846
-
Critical
WebLogic CVE-2020-14882 Vulnerability (CVE-2020-14882)
CVE-2020-14882
-
Critical
phpMyAdmin Other Vulnerability (CVE-2004-1147)
CVE-2004-1147
-
Critical
Ivanti vTM Auth bypass (CVE-2024-7593)
CVE-2024-7593
CWE-287
Critical
F5 BIG-IP Request Smuggling (CVE-2023-46747)
CVE-2023-46747
CWE-288
Critical
osCommerce Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2020-27976)
CVE-2020-27976
CWE-138
Critical
Mura/Masa CMS SQLi (CVE-2024-32640)
CVE-2024-32640
CWE-89
Critical
axios Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2026-42264)
CVE-2026-42264
CWE-1321
Critical
WordPress Deserialization of Untrusted Data Vulnerability (CVE-2020-28032)
CVE-2020-28032
CWE-502
Critical
Joomla Deserialization of Untrusted Data Vulnerability (CVE-2019-7743)
CVE-2019-7743
CWE-502
Critical
Oracle Database Server Incorrect Calculation of Buffer Size Vulnerability (CVE-2004-1363)
CVE-2004-1363
CWE-131
Critical
Oracle Application Server Incorrect Calculation of Buffer Size Vulnerability (CVE-2004-1363)
CVE-2004-1363
CWE-131
Critical
WordPress Improper Privilege Management Vulnerability (CVE-2020-28035)
CVE-2020-28035
CWE-269
Critical
WordPress Improper Privilege Management Vulnerability (CVE-2020-28036)
CVE-2020-28036
CWE-269
Critical
Craft CMS Incorrect Authorization Vulnerability (CVE-2026-32267)
CVE-2026-32267
CWE-863
Critical
Mura/Masa CMS JSON API RCE
-
CWE-200
Critical
WordPress Improper Input Validation Vulnerability (CVE-2020-28037)
CVE-2020-28037
CWE-20
Critical
WordPress CVE-2020-28039 Vulnerability (CVE-2020-28039)
CVE-2020-28039
-
Critical
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-16335)
CVE-2019-16335
CWE-502
Critical
SharePoint Improper Input Validation Vulnerability (CVE-2019-0604)
CVE-2019-0604
CWE-20
Critical
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-16335)
CVE-2019-16335
CWE-502
Critical
Craft CMS RCE (CVE-2023-41892)
CVE-2023-41892
CWE-94
Critical
«
1
...
16
17
18
...
200
»