🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Invicti vs. Competitors
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
MSSP
Documentation
Vulnerability Database
Get a demo
Home
/
Web Application Vulnerabilities
/ Known Vulnerabilities
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
Known Vulnerabilities
This page lists
14981 vulnerabilities
in this category.
Critical: 1612
High: 4015
Medium: 8569
Low: 783
Information: 2
Vulnerability Name
CVE
CWE
Severity
Atlassian Jira Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2019-20409)
CVE-2019-20409
CWE-138
Critical
Open Resty Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-9230)
CVE-2018-9230
CWE-138
Critical
Handlebars Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2019-19919)
CVE-2019-19919
CWE-138
Critical
Atlassian Confluence Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-3396)
CVE-2019-3396
CWE-22
Critical
Axway Secure Transport Improper Restriction of XML External Entity Reference Vulnerability (CVE-2019-14277)
CVE-2019-14277
CWE-611
Critical
Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-13082)
CVE-2019-13082
CWE-434
Critical
Oracle Database Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2003-0222)
CVE-2003-0222
CWE-119
Critical
Jboss EAP Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability (CVE-2019-14379)
CVE-2019-14379
CWE-915
Critical
Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-6376)
CVE-2018-6376
CWE-138
Critical
YOURLS Access of Resource Using Incompatible Type ('Type Confusion') Vulnerability (CVE-2019-14537)
CVE-2019-14537
CWE-843
Critical
Internet Information Services Other Vulnerability (CVE-2003-0224)
CVE-2003-0224
-
Critical
MySQL Deserialization of Untrusted Data Vulnerability (CVE-2019-14540)
CVE-2019-14540
CWE-502
Critical
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-14540)
CVE-2019-14540
CWE-502
Critical
CubeCart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-34018)
CVE-2026-34018
CWE-138
Critical
SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-6308)
CVE-2018-6308
CWE-138
Critical
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-14540)
CVE-2019-14540
CWE-502
Critical
Atlassian Confluence Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-3395)
CVE-2019-3395
CWE-918
Critical
Python Out-of-bounds Write Vulnerability (CVE-2019-12900)
CVE-2019-12900
CWE-787
Critical
Perl Out-of-bounds Write Vulnerability (CVE-2018-6797)
CVE-2018-6797
CWE-787
Critical
Apache HTTP Server Buffer Underwrite ('Buffer Underflow') Vulnerability (CVE-2026-44631)
CVE-2026-44631
CWE-124
Critical
WeBid Incorrect Comparison Vulnerability (CVE-2020-23359)
CVE-2020-23359
CWE-697
Critical
PHP Use After Free Vulnerability (CVE-2026-6722)
CVE-2026-6722
CWE-416
Critical
osCommerce Incorrect Comparison Vulnerability (CVE-2020-23360)
CVE-2020-23360
CWE-697
Critical
Handlebars Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-33937)
CVE-2026-33937
CWE-94
Critical
phpList Incorrect Comparison Vulnerability (CVE-2020-23361)
CVE-2020-23361
CWE-697
Critical
Citrix NetScaler Memory Disclosure 'Citrix Bleed' (CVE-2023-4966)
CVE-2023-4966
CWE-119
Critical
CData Jetty Path Traversal (CVE-2024-31848/CVE-2024-31849/CVE-2024-31850/CVE-2024-31851)
CVE-2024-31851
CWE-22
Critical
Oracle Database Server CVE-2018-3259 Vulnerability (CVE-2018-3259)
CVE-2018-3259
-
Critical
OpenSSL Double Free Vulnerability (CVE-2003-0545)
CVE-2003-0545
CWE-415
Critical
Apache HTTP Server Improper Handling of Case Sensitivity Vulnerability (CVE-2001-0766)
CVE-2001-0766
CWE-178
Critical
WebLogic CVE-2018-3252 Vulnerability (CVE-2018-3252)
CVE-2018-3252
-
Critical
WebLogic CVE-2019-2856 Vulnerability (CVE-2019-2856)
CVE-2019-2856
-
Critical
Magento Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-24407)
CVE-2020-24407
CWE-434
Critical
PHP Use After Free Vulnerability (CVE-2019-13224)
CVE-2019-13224
CWE-416
Critical
MyBB CVE-2020-22612 Vulnerability (CVE-2020-22612)
CVE-2020-22612
-
Critical
MySQL Other Vulnerability (CVE-2003-0780)
CVE-2003-0780
-
Critical
ClipBucket Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-7665)
CVE-2018-7665
CWE-434
Critical
Jboss EAP Incomplete List of Disallowed Inputs Vulnerability (CVE-2018-7489)
CVE-2018-7489
CWE-184
Critical
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-20330)
CVE-2019-20330
CWE-502
Critical
phpList Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-22249)
CVE-2020-22249
CWE-434
Critical
Oracle Database Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2003-0095)
CVE-2003-0095
CWE-119
Critical
Serendipity Remote Code Execution (CVE-2020-10964)
CVE-2020-10964
-
Critical
Oracle Database Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2003-0096)
CVE-2003-0096
CWE-119
Critical
LimeSurvey Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-7556)
CVE-2018-7556
CWE-200
Critical
WordPress Improper Input Validation Vulnerability (CVE-2019-20041)
CVE-2019-20041
CWE-20
Critical
PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2018-7584)
CVE-2018-7584
CWE-119
Critical
Drupal Improper Input Validation Vulnerability (CVE-2018-7600)
CVE-2018-7600
CWE-20
Critical
Drupal CVE-2018-7602 Vulnerability (CVE-2018-7602)
CVE-2018-7602
-
Critical
WebLogic CVE-2020-14625 Vulnerability (CVE-2020-14625)
CVE-2020-14625
-
Critical
ClipBucket Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2018-7664)
CVE-2018-7664
CWE-138
Critical
ClipBucket Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-7666)
CVE-2018-7666
CWE-138
Critical
WebERP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-13292)
CVE-2019-13292
CWE-138
Critical
Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-13364)
CVE-2019-13364
CWE-707
Critical
Adobe Commerce/Magento "CosmicSting" XXE (CVE-2024-34102)
CVE-2024-34102
CWE-611
Critical
Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-13363)
CVE-2019-13363
CWE-352
Critical
phpMyAdmin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-22452)
CVE-2020-22452
CWE-138
Critical
IBM Aspera Faspex RCE (CVE-2022-47986)
CVE-2022-47986
CWE-502
Critical
Apache Tomcat Insecure Default Initialization of Resource Vulnerability (CVE-2018-8014)
CVE-2018-8014
CWE-1188
Critical
Jira Seraph Authentication Bypass (CVE-2022-0540)
CVE-2022-0540
CWE-288
Critical
Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-14234)
CVE-2019-14234
CWE-138
Critical
Perl Out-of-bounds Write Vulnerability (CVE-2018-6913)
CVE-2018-6913
CWE-787
Critical
IBMHttpServer Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-8855)
CVE-2026-8855
CWE-94
Critical
IBMHttpServer Uncontrolled Resource Consumption Vulnerability (CVE-2026-8856)
CVE-2026-8856
CWE-400
Critical
TYPO3 Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability (CVE-2020-11066)
CVE-2020-11066
CWE-915
Critical
ColdFusion WDDX Deserialization RCE (CVE-2023-29300/CVE-2023-38203/CVE-2023-38204)
CVE-2023-38204
CWE-502
Critical
MySQL Other Vulnerability (CVE-2003-0150)
CVE-2003-0150
-
Critical
Cacti Unauthenticated Command Injection (CVE-2022-46169)
CVE-2022-46169
CWE-77
Critical
MediaWiki Improper Privilege Management Vulnerability (CVE-2020-10534)
CVE-2020-10534
CWE-269
Critical
Fortinet Out-Of-Bound Memory Write RCE (CVE-2024-21762)
CVE-2024-21762
CWE-787
Critical
Unauthenticated OGNL injection in Confluence Server and Data Center (CVE-2023-22527)
CVE-2023-22527
CWE-917
Critical
Check Point Gateway Path Traversal (CVE-2024-24919)
CVE-2024-24919
CWE-22
Critical
SharePoint CVE-2020-17118 Vulnerability (CVE-2020-17118)
CVE-2020-17118
-
Critical
Moodle Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-3809)
CVE-2019-3809
CWE-918
Critical
Java Unspesificed Vulnerability (CVE-2018-3183)
CVE-2018-3183
-
Critical
PrestaShop Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-15160)
CVE-2020-15160
CWE-138
Critical
«
1
...
17
18
19
...
200
»