Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

Known Vulnerabilities

This page lists 13509 vulnerabilities in this category.

Critical: 1465 High: 3387 Medium: 7907 Low: 748 Information: 2
Vulnerability Name
CVE
CWE
Severity
PHP Double Free Vulnerability (CVE-2019-11049)
CVE-2019-11049
CWE-415
Critical
PHP Other Vulnerability (CVE-2003-0861)
CVE-2003-0861
-
Critical
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-17531)
CVE-2019-17531
CWE-502
Critical
PHP Out-of-bounds Write Vulnerability (CVE-2024-8932)
CVE-2024-8932
CWE-787
Critical
Apache Traffic Server Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2019-17559)
CVE-2019-17559
CWE-444
Critical
SharePoint Improper Input Validation Vulnerability (CVE-2019-0604)
CVE-2019-0604
CWE-20
Critical
PHP Other Vulnerability (CVE-2003-0860)
CVE-2003-0860
-
Critical
Sqlite Incorrect Conversion between Numeric Types Vulnerability (CVE-2019-19317)
CVE-2019-19317
CWE-681
Critical
Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-10094)
CVE-2018-10094
CWE-138
Critical
Moodle Other Vulnerability (CVE-2004-2235)
CVE-2004-2235
-
Critical
PHP Out-of-bounds Write Vulnerability (CVE-2019-11043)
CVE-2019-11043
CWE-787
Critical
XWikiplatform Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-53835)
CVE-2025-53835
CWE-707
Critical
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2025-53770)
CVE-2025-53770
CWE-502
Critical
Ampache Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-51490)
CVE-2024-51490
CWE-707
Critical
Moodle Other Vulnerability (CVE-2004-2237)
CVE-2004-2237
-
Critical
PHP Out-of-bounds Read Vulnerability (CVE-2019-11040)
CVE-2019-11040
CWE-125
Critical
Moodle Other Vulnerability (CVE-2004-2236)
CVE-2004-2236
-
Critical
SharePoint Authentication bypass (CVE-2023-29357)
CVE-2023-29357
CWE-287
Critical
ClipBucket Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-7665)
CVE-2018-7665
CWE-434
Critical
MediaWiki Missing Authentication for Critical Function Vulnerability (CVE-2019-12468)
CVE-2019-12468
CWE-306
Critical
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2018-2628)
CVE-2018-2628
CWE-502
Critical
Cherokee Out-of-bounds Write Vulnerability (CVE-2019-20800)
CVE-2019-20800
CWE-787
Critical
Python Out-of-bounds Write Vulnerability (CVE-2019-12900)
CVE-2019-12900
CWE-787
Critical
Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-13082)
CVE-2019-13082
CWE-434
Critical
WebLogic Improper Access Control Vulnerability (CVE-2019-2729)
CVE-2019-2729
CWE-284
Critical
WebLogic Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2019-2725)
CVE-2019-2725
CWE-138
Critical
Drupal Data Processing Errors Vulnerability (CVE-2017-6920)
CVE-2017-6920
-
Critical
Microsoft SQL Server Other Vulnerability (CVE-2002-1145)
CVE-2002-1145
-
Critical
PHP Use of Externally-Controlled Format String Vulnerability (CVE-2006-0200)
CVE-2006-0200
CWE-134
Critical
PHP Use After Free Vulnerability (CVE-2019-13224)
CVE-2019-13224
CWE-416
Critical
Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-13363)
CVE-2019-13363
CWE-352
Critical
Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-13364)
CVE-2019-13364
CWE-707
Critical
PHP Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2024-3566)
CVE-2024-3566
CWE-138
Critical
Sqlite Out-of-bounds Read Vulnerability (CVE-2019-8457)
CVE-2019-8457
CWE-125
Critical
Caddy Web Server Improper Authentication Vulnerability (CVE-2018-21246)
CVE-2018-21246
CWE-287
Critical
MyBB CVE-2006-0218 Vulnerability (CVE-2006-0218)
CVE-2006-0218
-
Critical
Apache Struts2 Remote Command Execution (S2-053)
CVE-2017-12611
CWE-94
Critical
Oracle Database Server CVE-2006-0256 Vulnerability (CVE-2006-0256)
CVE-2006-0256
-
Critical
Oracle Database Server CVE-2006-0257 Vulnerability (CVE-2006-0257)
CVE-2006-0257
-
Critical
Oracle Database Server CVE-2006-0258 Vulnerability (CVE-2006-0258)
CVE-2006-0258
-
Critical
Oracle Database Server CVE-2006-0259 Vulnerability (CVE-2006-0259)
CVE-2006-0259
-
Critical
Oracle Database Server CVE-2006-0260 Vulnerability (CVE-2006-0260)
CVE-2006-0260
-
Critical
Oracle Database Server CVE-2006-0261 Vulnerability (CVE-2006-0261)
CVE-2006-0261
-
Critical
Oracle Database Server CVE-2006-0262 Vulnerability (CVE-2006-0262)
CVE-2006-0262
-
Critical
Oracle Database Server CVE-2006-0263 Vulnerability (CVE-2006-0263)
CVE-2006-0263
-
Critical
Oracle Database Server CVE-2006-0265 Vulnerability (CVE-2006-0265)
CVE-2006-0265
-
Critical
Oracle Database Server CVE-2006-0266 Vulnerability (CVE-2006-0266)
CVE-2006-0266
-
Critical
Oracle Database Server CVE-2006-0267 Vulnerability (CVE-2006-0267)
CVE-2006-0267
-
Critical
Drupal CVE-2017-6925 Vulnerability (CVE-2017-6925)
CVE-2017-6925
-
Critical
XWikiplatform Missing Authorization Vulnerability (CVE-2025-29926)
CVE-2025-29926
CWE-862
Critical
Oracle Database Server Cryptographic Issues Vulnerability (CVE-2006-0270)
CVE-2006-0270
-
Critical
WebLogic CVE-2018-3197 Vulnerability (CVE-2018-3197)
CVE-2018-3197
-
Critical
Atlassian Jira Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2019-20409)
CVE-2019-20409
CWE-138
Critical
Joomla Other Vulnerability (CVE-2005-3773)
CVE-2005-3773
-
Critical
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2017-7525)
CVE-2017-7525
CWE-502
Critical
Dotclear Other Vulnerability (CVE-2005-3957)
CVE-2005-3957
-
Critical
Jboss Deserialization of Untrusted Data Vulnerability (CVE-2017-7504)
CVE-2017-7504
CWE-502
Critical
Jboss EAP Improper Restriction of XML External Entity Reference Vulnerability (CVE-2017-7503)
CVE-2017-7503
CWE-611
Critical
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2018-3245)
CVE-2018-3245
CWE-502
Critical
Jboss EAP Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-7465)
CVE-2017-7465
CWE-94
Critical
Jboss EAP Improper Restriction of XML External Entity Reference Vulnerability (CVE-2017-7464)
CVE-2017-7464
CWE-611
Critical
Craft CMS CVE-2025-32432 Vulnerability (CVE-2025-32432)
CVE-2025-32432
-
Critical
MODX Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-7324)
CVE-2017-7324
CWE-94
Critical
WebLogic CVE-2018-3201 Vulnerability (CVE-2018-3201)
CVE-2018-3201
-
Critical
XWikiplatform Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-32429)
CVE-2025-32429
CWE-138
Critical
MODX Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-7321)
CVE-2017-7321
CWE-94
Critical
WP Plugin Contact Form 7 CVE-2018-20979 Vulnerability (CVE-2018-20979)
CVE-2018-20979
-
Critical
PostgreSQL Other Vulnerability (CVE-2002-1399)
CVE-2002-1399
-
Critical
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-16943)
CVE-2019-16943
CWE-502
Critical
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-16942)
CVE-2019-16942
CWE-502
Critical
Internet Information Services Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2017-7269)
CVE-2017-7269
CWE-119
Critical
WebLogic CVE-2018-3191 Vulnerability (CVE-2018-3191)
CVE-2018-3191
-
Critical
Oracle Database Server Deserialization of Untrusted Data Vulnerability (CVE-2019-16942)
CVE-2019-16942
CWE-502
Critical
TYPO3 Deserialization of Untrusted Data Vulnerability (CVE-2019-12747)
CVE-2019-12747
CWE-502
Critical
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-16942)
CVE-2019-16942
CWE-502
Critical