🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Invicti vs. Competitors
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
MSSP
Documentation
Vulnerability Database
Get a demo
Home
/
Web Application Vulnerabilities
/ Known Vulnerabilities
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
Known Vulnerabilities
This page lists
15072 vulnerabilities
in this category.
Critical: 1617
High: 4043
Medium: 8626
Low: 784
Information: 2
Vulnerability Name
CVE
CWE
Severity
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14946)
CVE-2019-14946
CWE-707
Medium
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14947)
CVE-2019-14947
CWE-707
Medium
SugarCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14974)
CVE-2019-14974
CWE-707
Medium
Atlassian Jira Incorrect Default Permissions Vulnerability (CVE-2019-14995)
CVE-2019-14995
CWE-276
Medium
Atlassian Jira Other Vulnerability (CVE-2019-14997)
CVE-2019-14997
-
Medium
phpBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-16107)
CVE-2019-16107
CWE-352
Medium
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-14998)
CVE-2019-14998
CWE-352
Medium
Atlassian Confluence Missing Authorization Vulnerability (CVE-2019-15005)
CVE-2019-15005
CWE-862
Medium
Atlassian Confluence Improper Control of Dynamically-Managed Code Resources Vulnerability (CVE-2019-15006)
CVE-2019-15006
CWE-913
Medium
Atlassian Jira Missing Authorization Vulnerability (CVE-2019-15013)
CVE-2019-15013
CWE-862
Medium
Joomla CVE-2019-15028 Vulnerability (CVE-2019-15028)
CVE-2019-15028
-
Medium
Opencart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-15081)
CVE-2019-15081
CWE-707
Medium
Grafana Insufficiently Protected Credentials Vulnerability (CVE-2019-15635)
CVE-2019-15635
CWE-522
Medium
Ruby CVE-2019-15845 Vulnerability (CVE-2019-15845)
CVE-2019-15845
-
Medium
Beego Framework Incorrect Default Permissions Vulnerability (CVE-2019-16355)
CVE-2019-16355
CWE-276
Medium
Pega Infinity Direct Request ('Forced Browsing') Vulnerability (CVE-2019-16388)
CVE-2019-16388
CWE-425
Medium
Moodle URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-14882)
CVE-2019-14882
CWE-601
Medium
Django Incorrect Default Permissions Vulnerability (CVE-2019-19118)
CVE-2019-19118
CWE-276
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-18210)
CVE-2019-18210
CWE-707
Medium
Python Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2019-18348)
CVE-2019-18348
CWE-138
Medium
Joomla Missing Authorization Vulnerability (CVE-2019-18674)
CVE-2019-18674
CWE-862
Medium
Squid Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-18677)
CVE-2019-18677
CWE-352
Medium
Squid Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2019-18678)
CVE-2019-18678
CWE-444
Medium
PleskLin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-18793)
CVE-2019-18793
CWE-707
Medium
PleskWin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-18793)
CVE-2019-18793
CWE-707
Medium
Squid Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2019-18860)
CVE-2019-18860
CWE-138
Medium
Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-19206)
CVE-2019-19206
CWE-707
Medium
WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-17672)
CVE-2019-17672
CWE-707
Medium
Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-19210)
CVE-2019-19210
CWE-707
Medium
Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-19211)
CVE-2019-19211
CWE-707
Medium
Sqlite NULL Pointer Dereference Vulnerability (CVE-2019-19242)
CVE-2019-19242
CWE-476
Medium
silverstripeCMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-19325)
CVE-2019-19325
CWE-707
Medium
silverstripeCMS Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2019-19326)
CVE-2019-19326
-
Medium
Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-19499)
CVE-2019-19499
CWE-200
Medium
Sqlite Uncontrolled Recursion Vulnerability (CVE-2019-19645)
CVE-2019-19645
CWE-674
Medium
MediaWiki URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-19709)
CVE-2019-19709
CWE-601
Medium
WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-17674)
CVE-2019-17674
CWE-707
Medium
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-17671)
CVE-2019-17671
CWE-200
Medium
silverstripeCMS CVE-2019-16409 Vulnerability (CVE-2019-16409)
CVE-2019-16409
-
Medium
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-16738)
CVE-2019-16738
CWE-200
Medium
XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-16683)
CVE-2019-16683
CWE-707
Medium
XOOPS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-16684)
CVE-2019-16684
CWE-707
Medium
Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-16685)
CVE-2019-16685
CWE-707
Medium
Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-16686)
CVE-2019-16686
CWE-707
Medium
Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-16687)
CVE-2019-16687
CWE-707
Medium
Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-16688)
CVE-2019-16688
CWE-707
Medium
Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-16725)
CVE-2019-16725
CWE-707
Medium
DOMPurify Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-16728)
CVE-2019-16728
CWE-707
Medium
WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-16780)
CVE-2019-16780
CWE-707
Medium
LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-17660)
CVE-2019-17660
CWE-707
Medium
WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-16781)
CVE-2019-16781
CWE-707
Medium
Python Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-16935)
CVE-2019-16935
CWE-707
Medium
Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-17223)
CVE-2019-17223
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-17496)
CVE-2019-17496
CWE-707
Medium
Apache HTTP Server Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2019-17567)
CVE-2019-17567
CWE-444
Medium
Apache Tomcat Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2019-17569)
CVE-2019-17569
CWE-444
Medium
Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-17576)
CVE-2019-17576
CWE-707
Medium
Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-17577)
CVE-2019-17577
CWE-707
Medium
Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-17578)
CVE-2019-17578
CWE-707
Medium
Moodle Missing Authorization Vulnerability (CVE-2019-14883)
CVE-2019-14883
CWE-862
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14881)
CVE-2019-14881
CWE-707
Medium
Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-10404)
CVE-2019-10404
CWE-707
Medium
PrestaShop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-11876)
CVE-2019-11876
CWE-707
Medium
Atlassian Jira URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-11589)
CVE-2019-11589
CWE-601
Medium
WeBid Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-11592)
CVE-2019-11592
CWE-707
Medium
Nexus Repository Manager Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-11629)
CVE-2019-11629
CWE-707
Medium
phpBB Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-11767)
CVE-2019-11767
CWE-918
Medium
Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-11809)
CVE-2019-11809
CWE-707
Medium
Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-11846)
CVE-2019-11846
CWE-707
Medium
Serendipity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-11870)
CVE-2019-11870
CWE-707
Medium
Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-11876)
CVE-2019-11876
CWE-707
Medium
silverstripeCMS Session Fixation Vulnerability (CVE-2019-12203)
CVE-2019-12203
CWE-384
Medium
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-11587)
CVE-2019-11587
CWE-352
Medium
silverstripeCMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-12205)
CVE-2019-12205
CWE-707
Medium
silverstripeCMS Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2019-12245)
CVE-2019-12245
CWE-732
Medium
«
1
...
175
176
177
...
201
»