Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Known Vulnerabilities

This page lists 14673 vulnerabilities in this category.

Critical: 1573 High: 3882 Medium: 8446 Low: 770 Information: 2
Vulnerability Name
CVE
CWE
Severity
IBM ODM JNDI injection (CVE-2024-22319)
CVE-2024-22319
CWE-943
Critical
Liferay DXP Missing Authorization Vulnerability (CVE-2025-43773)
CVE-2025-43773
CWE-862
Critical
Ruby on Rails CVE-2024-28103 Vulnerability (CVE-2024-28103)
CVE-2024-28103
-
Critical
Chamilo Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-50199)
CVE-2025-50199
CWE-918
Critical
Mura/Masa CMS JSON API RCE
-
CWE-200
Critical
Mura/Masa CMS SQLi (CVE-2024-32640)
CVE-2024-32640
CWE-89
Critical
SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-26105)
CVE-2026-26105
CWE-707
Critical
Envoy Proxy Improper Encoding or Escaping of Output Vulnerability (CVE-2023-35941)
CVE-2023-35941
CWE-116
Critical
Liferay Portal Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2025-43766)
CVE-2025-43766
CWE-434
Critical
Liferay DXP Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2025-43766)
CVE-2025-43766
CWE-434
Critical
Ivanti vTM Auth bypass (CVE-2024-7593)
CVE-2024-7593
CWE-287
Critical
Joomla Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2024-27185)
CVE-2024-27185
-
Critical
Ivanti Sentry Authentication Bypass (CVE-2023-38035)
CVE-2023-38035
CWE-863
Critical
RCE in Ivanti Connect Secure and Policy Secure (CVE-2024-21887)
CVE-2024-21887
CWE-77
Critical
AbanteCart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-50972)
CVE-2025-50972
CWE-138
Critical
XWikiplatform Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2025-24893)
CVE-2025-24893
CWE-94
Critical
GibbonEdu Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-34598)
CVE-2023-34598
CWE-22
Critical
Apache Tomcat Use of Incorrectly-Resolved Name or Reference Vulnerability (CVE-2025-24813)
CVE-2025-24813
CWE-706
Critical
GeoServer CVE-2023-35042 Vulnerability (CVE-2023-35042)
CVE-2023-35042
-
Critical
Jboss EAP Improper Restriction of Excessive Authentication Attempts Vulnerability (CVE-2025-23368)
CVE-2025-23368
CWE-307
Critical
Apache HTTP Server Improper Access Control Vulnerability (CVE-2025-23048)
CVE-2025-23048
CWE-284
Critical
Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-42005)
CVE-2024-42005
CWE-138
Critical
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-42008)
CVE-2024-42008
CWE-707
Critical
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-42009)
CVE-2024-42009
CWE-707
Critical
Chamilo Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2023-34960)
CVE-2023-34960
CWE-138
Critical
Liferay Portal Missing Authorization Vulnerability (CVE-2025-43773)
CVE-2025-43773
CWE-862
Critical
Internet Information Services Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-1999-0874)
CVE-1999-0874
CWE-119
Critical
Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-34944)
CVE-2023-34944
CWE-434
Critical
Sqlite Integer Overflow or Wraparound Vulnerability (CVE-2025-7458)
CVE-2025-7458
CWE-190
Critical
PrestaShop Improper Input Validation Vulnerability (CVE-2023-39530)
CVE-2023-39530
CWE-20
Critical
Remote Code Execution (Spring4Shell)
CVE-2022-22965
CWE-94
Critical
GeoServer Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-36401)
CVE-2024-36401
CWE-94
Critical
MySQL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2004-0836)
CVE-2004-0836
CWE-119
Critical
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-34502)
CVE-2024-34502
CWE-352
Critical
Masa CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-32641)
CVE-2024-32641
CWE-94
Critical
Oracle Database Server Incorrect Calculation of Buffer Size Vulnerability (CVE-2004-1363)
CVE-2004-1363
CWE-131
Critical
ColdFusion WDDX Deserialization RCE (CVE-2023-44353)
CVE-2023-44353
CWE-502
Critical
XWikiplatform Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-32969)
CVE-2025-32969
CWE-138
Critical
XWikiplatform Missing Authorization Vulnerability (CVE-2025-32973)
CVE-2025-32973
CWE-862
Critical
Oracle Application Server Incorrect Calculation of Buffer Size Vulnerability (CVE-2004-1363)
CVE-2004-1363
CWE-131
Critical
XWikiplatform Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-31996)
CVE-2024-31996
CWE-94
Critical
CubeCart Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-34832)
CVE-2024-34832
CWE-22
Critical
WeBid Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-35409)
CVE-2024-35409
CWE-138
Critical
Roundcube Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2024-37385)
CVE-2024-37385
CWE-138
Critical
Apache Tomcat Improper Encoding or Escaping of Output Vulnerability (CVE-2025-31651)
CVE-2025-31651
CWE-116
Critical
Kentico Staging API Authentication Bypass
CVE-2025-2746
CWE-287
Critical
axios Unintended Proxy or Intermediary ('Confused Deputy') Vulnerability (CVE-2025-62718)
CVE-2025-62718
CWE-441
Critical
XWikiplatform Improper Encoding or Escaping of Output Vulnerability (CVE-2025-32974)
CVE-2025-32974
CWE-116
Critical
GeoServer Improper Restriction of XML External Entity Reference Vulnerability (CVE-2025-58360)
CVE-2025-58360
CWE-611
Critical
Oracle WebLogic Remote Code Execution (CVE-2020-14882)
CVE-2020-14883
CWE-78
Critical
Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-64459)
CVE-2025-64459
CWE-138
Critical
Next.js/React Server Components RCE (CVE-2025-55182 & CVE-2025-66478)
CVE-2025-66478
CWE-502
Critical
Craft CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-37843)
CVE-2024-37843
CWE-138
Critical
SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-64672)
CVE-2025-64672
CWE-707
Critical
MongoDb Improper Check for Certificate Revocation Vulnerability (CVE-2025-3085)
CVE-2025-3085
CWE-299
Critical
Oracle E-Business Suite SSRF (CVE-2025-61882)
CVE-2025-61882
CWE-918
Critical
Ingress-Nginx "IngressNightmare" RCE (CVE-2025-1974)
CVE-2025-1974
CWE-653
Critical
GibbonEdu CVE-2023-45878 Vulnerability (CVE-2023-45878)
CVE-2023-45878
-
Critical
Oracle Identity Manager Authentication Bypass (CVE-2025-61757)
CVE-2025-61757
CWE-306
Critical
XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-45136)
CVE-2023-45136
CWE-707
Critical
phpMyFAQ CVE-2025-59943 Vulnerability (CVE-2025-59943)
CVE-2025-59943
-
Critical
Apache Tika XXE via PDF XFA Content (CVE-2025-66516)
CVE-2025-66516
CWE-611
Critical
PHP Other Vulnerability (CVE-2004-1018)
CVE-2004-1018
-
Critical
PHP Improper Input Validation Vulnerability (CVE-2004-1019)
CVE-2004-1019
CWE-20
Critical
Craft CMS RCE (CVE-2025-32432)
CVE-2025-32432
CWE-470
Critical
CrushFTP Authentication Bypass (CVE-2025-2825)
CVE-2025-2825
CWE-287
Critical
Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-59681)
CVE-2025-59681
CWE-138
Critical
Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-59543)
CVE-2025-59543
CWE-707
Critical
Adobe Commerce/Magento "SessionReaper" RCE (CVE-2025-54236)
CVE-2025-54236
CWE-20
Critical
XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-45134)
CVE-2023-45134
CWE-707
Critical
Apache Struts Path traversal (S2-067/CVE-2024-53677, S2-066/CVE-2023-50164)
CVE-2023-50164
CWE-434
Critical
Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-59542)
CVE-2025-59542
CWE-707
Critical
qdPM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-45856)
CVE-2023-45856
CWE-434
Critical
Lucee CF_CLIENT_ RCE
-
CWE-200
Critical
Moodle CVE-2024-33999 Vulnerability (CVE-2024-33999)
CVE-2024-33999
-
Critical