Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Known Vulnerabilities

This page lists 14673 vulnerabilities in this category.

Critical: 1573 High: 3882 Medium: 8446 Low: 770 Information: 2
Vulnerability Name
CVE
CWE
Severity
PaloAlto Networks Expedition RCE (CVE-2024-9463)
CVE-2024-9465
CWE-918
Critical
GhostScript RCE (Remote Code Execution)
CVE-2016-3714
CWE-78
Critical
PHP CGI Argument Injection (CVE-2024-4577)
CVE-2024-4577
CWE-78
Critical
ownCloud Improper Authentication Vulnerability (CVE-2023-49105)
CVE-2023-49105
CWE-287
Critical
Chamilo Deserialization of Untrusted Data Vulnerability (CVE-2025-52998)
CVE-2025-52998
CWE-502
Critical
Oracle HTTP Server Improper Access Control Vulnerability (CVE-2026-21962)
CVE-2026-21962
CWE-284
Critical
phpMyFAQ Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2023-4006)
CVE-2023-4006
CWE-1236
Critical
WeBid Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-47397)
CVE-2023-47397
CWE-94
Critical
MediaWiki CVE-2023-37303 Vulnerability (CVE-2023-37303)
CVE-2023-37303
-
Critical
OpenMetadata Authentication Bypass (CVE-2024-28255)
CVE-2024-28255
CWE-287
Critical
XWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-37277)
CVE-2023-37277
CWE-352
Critical
Internet Information Services Other Vulnerability (CVE-1999-0407)
CVE-1999-0407
-
Critical
Apache OFBiz SSRF (CVE-2024-45507)
CVE-2024-45507
CWE-918
Critical
Grafana Incorrect Privilege Assignment Vulnerability (CVE-2025-41115)
CVE-2025-41115
CWE-266
Critical
Apache OFBiz RCE (CVE-2024-45195)
CVE-2024-45195
CWE-425
Critical
Apache OFBiz RCE (CVE-2024-32113/CVE-2024-36104/CVE-2024-38856)
CVE-2024-38856
CWE-22
Critical
Apache Struts2 Remote Command Execution (S2-053)
CVE-2017-12611
CWE-94
Critical
Apache OFBiz Authentication Bypass (CVE-2023-51467)
CVE-2023-51467
CWE-287
Critical
Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-26533)
CVE-2025-26533
CWE-138
Critical
PHP Other Vulnerability (CVE-1999-0238)
CVE-1999-0238
-
Critical
Perl Improper Handling of Exceptional Conditions Vulnerability (CVE-2023-47100)
CVE-2023-47100
CWE-755
Critical
Code Evaluation (Apache Struts) S2-045
CVE-2017-5638
CWE-94
Critical
Apache Log4j socket receiver deserialization vulnerability
CVE-2017-5645
CWE-502
Critical
Microsoft SQL Server Other Vulnerability (CVE-2002-0721)
CVE-2002-0721
-
Critical
ServiceNow SSTI (CVE-2024-4879)
CVE-2024-5217
CWE-1287
Critical
PrestaShop Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-39526)
CVE-2023-39526
CWE-138
Critical
OpenVPN AS Use After Free Vulnerability (CVE-2023-46850)
CVE-2023-46850
CWE-416
Critical
ScreenConnect Auth bypass (CVE-2024-1709)
CVE-2024-1708
CWE-288
Critical
Rejetto HTTP File Server SSTI RCE (CVE-2024-23692)
CVE-2024-23692
CWE-1336
Critical
Telerik Report Server Authentication Bypass Vulnerability
CVE-2024-4358
CWE-287
Critical
Moodle Other Vulnerability (CVE-2004-2233)
CVE-2004-2233
-
Critical
Apache HTTP Server CVE-2024-38476 Vulnerability (CVE-2024-38476)
CVE-2024-38476
-
Critical
Moodle Other Vulnerability (CVE-2004-2235)
CVE-2004-2235
-
Critical
Squid Out-of-bounds Write Vulnerability (CVE-2025-54574)
CVE-2025-54574
CWE-787
Critical
Moodle Other Vulnerability (CVE-2004-2236)
CVE-2004-2236
-
Critical
Internet Information Services Other Vulnerability (CVE-1999-0233)
CVE-1999-0233
-
Critical
Moodle Other Vulnerability (CVE-2004-2237)
CVE-2004-2237
-
Critical
PrestaShop Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-39525)
CVE-2023-39525
CWE-22
Critical
PrestaShop Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-39524)
CVE-2023-39524
CWE-138
Critical
XWikiplatform Improper Input Validation Vulnerability (CVE-2025-54385)
CVE-2025-54385
CWE-20
Critical
Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-38888)
CVE-2023-38888
CWE-707
Critical
CrushFTP Server Unprotected Alternate Channel Vulnerability (CVE-2025-54309)
CVE-2025-54309
CWE-420
Critical
Apache Log4j2 JNDI Remote Code Execution
CVE-2021-44228
CWE-78
Critical
Apache Log4j2 JNDI Remote Code Execution (404 page handler)
CVE-2021-44228
CWE-78
Critical
Apache Log4j2 JNDI Remote Code Execution (per folder)
CVE-2021-44228
CWE-78
Critical
XWikiplatform Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-53835)
CVE-2025-53835
CWE-707
Critical
Progress Kemp LoadMaster RCE (CVE-2024-1212)
CVE-2024-1212
CWE-78
Critical
LimeSurvey Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-41375)
CVE-2025-41375
CWE-138
Critical
XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-36217)
CVE-2023-36217
CWE-707
Critical
PrestaShop CVE-2023-39529 Vulnerability (CVE-2023-39529)
CVE-2023-39529
-
Critical
Chamilo Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') Vulnerability (CVE-2025-50187)
CVE-2025-50187
CWE-707
Critical
Caddy Web Server Improper Handling of Exceptional Conditions Vulnerability (CVE-2026-27586)
CVE-2026-27586
CWE-755
Critical
Apache HTTP Server Other Vulnerability (CVE-1999-0926)
CVE-1999-0926
-
Critical
Chamilo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-50192)
CVE-2025-50192
CWE-138
Critical
Internet Information Services Permissions, Privileges, and Access Controls Vulnerability (CVE-1999-1011)
CVE-1999-1011
CWE-264
Critical
Caddy Web Server Improper Handling of Case Sensitivity Vulnerability (CVE-2026-27587)
CVE-2026-27587
CWE-178
Critical
Caddy Web Server Improper Handling of Case Sensitivity Vulnerability (CVE-2026-27588)
CVE-2026-27588
CWE-178
Critical
Chamilo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-50190)
CVE-2025-50190
CWE-138
Critical
Caddy Web Server Improper Input Validation Vulnerability (CVE-2026-27590)
CVE-2026-27590
CWE-20
Critical
Microsoft SQL Server Other Vulnerability (CVE-2002-1145)
CVE-2002-1145
-
Critical
WebLogic Missing Authentication for Critical Function Vulnerability (CVE-2025-21535)
CVE-2025-21535
CWE-306
Critical
Apache Traffic Server Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2023-33934)
CVE-2023-33934
-
Critical
Oracle HTTP Server Other Vulnerability (CVE-1999-1125)
CVE-1999-1125
-
Critical
Ivanti CSA Path Traversal (CVE-2024-8963/CVE-2024-8190)
CVE-2024-8190
CWE-22
Critical
Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-27634)
CVE-2026-27634
CWE-138
Critical
Apache HTTP Server Other Vulnerability (CVE-1999-1199)
CVE-1999-1199
-
Critical
PHP Incorrect Calculation of Buffer Size Vulnerability (CVE-2025-1861)
CVE-2025-1861
CWE-131
Critical
Grafana Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-27876)
CVE-2026-27876
CWE-94
Critical
Apache HTTP Server Improper Handling of Case Sensitivity Vulnerability (CVE-2001-0766)
CVE-2001-0766
CWE-178
Critical
GoAnywhere MFT Authentication Bypass (CVE-2024-0204)
CVE-2024-0204
CWE-425
Critical
Podcast Generator Server-Side Request Forgery (SSRF) Vulnerability (CVE-2023-53899)
CVE-2023-53899
CWE-918
Critical
Apache HTTP Server Other Vulnerability (CVE-1999-1293)
CVE-1999-1293
-
Critical
GlobalProtect PAN-OS RCE (CVE-2024-3400)
CVE-2024-3400
CWE-77
Critical
Serendipity Other Vulnerability (CVE-2005-1449)
CVE-2005-1449
-
Critical
Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-33362)
CVE-2023-33362
CWE-138
Critical