🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Invicti vs. Competitors
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
MSSP
Documentation
Vulnerability Database
Get a demo
Home
/
Web Application Vulnerabilities
/ Known Vulnerabilities
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
Known Vulnerabilities
This page lists
15072 vulnerabilities
in this category.
Critical: 1617
High: 4043
Medium: 8626
Low: 784
Information: 2
Vulnerability Name
CVE
CWE
Severity
DWR Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-5325)
CVE-2014-5325
CWE-200
Medium
DWR Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-5326)
CVE-2014-5326
CWE-707
Medium
Roundcube Cross-site Scripting (XSS) Vulnerability (CVE-2015-1433)
CVE-2015-1433
-
Medium
phpBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-1432)
CVE-2015-1432
CWE-352
Medium
ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-5341)
CVE-2014-5341
CWE-200
Medium
phpBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-1431)
CVE-2015-1431
CWE-707
Medium
Magento Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2015-1399)
CVE-2015-1399
CWE-94
Medium
Magento Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2015-1398)
CVE-2015-1398
CWE-22
Medium
Magento Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2015-1397)
CVE-2015-1397
CWE-138
Medium
PHP Other Vulnerability (CVE-2015-1352)
CVE-2015-1352
-
Medium
Python Integer Overflow or Wraparound Vulnerability (CVE-2015-1283)
CVE-2015-1283
CWE-190
Medium
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-6131)
CVE-2014-6131
CWE-200
Medium
MySQL CVE-2015-0508 Vulnerability (CVE-2015-0508)
CVE-2015-0508
-
Medium
IBM RTC Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-6129)
CVE-2014-6129
CWE-264
Medium
jQuery Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-6071)
CVE-2014-6071
CWE-707
Medium
MySQL CVE-2015-0500 Vulnerability (CVE-2015-0500)
CVE-2015-0500
-
Medium
MySQL CVE-2015-0501 Vulnerability (CVE-2015-0501)
CVE-2015-0501
-
Medium
MySQL CVE-2015-0503 Vulnerability (CVE-2015-0503)
CVE-2015-0503
-
Medium
phpMyFAQ 7PK - Security Features Vulnerability (CVE-2014-6050)
CVE-2014-6050
-
Medium
phpMyFAQ Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-6048)
CVE-2014-6048
CWE-200
Medium
osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-1176)
CVE-2015-1176
CWE-707
Medium
Squid Other Vulnerability (CVE-2015-0881)
CVE-2015-0881
-
Medium
ZenCart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-0882)
CVE-2015-0882
CWE-707
Medium
e107 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-1041)
CVE-2015-1041
CWE-707
Medium
phpMyFAQ Permission Issues Vulnerability (CVE-2014-6047)
CVE-2014-6047
-
Medium
e107 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-1057)
CVE-2015-1057
CWE-707
Medium
PrestaShop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-1175)
CVE-2015-1175
CWE-707
Medium
Drupal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2015-7943)
CVE-2015-7943
CWE-601
Medium
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5730)
CVE-2015-5730
CWE-200
Medium
EspoCRM Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-7986)
CVE-2014-7986
CWE-264
Medium
Dotclear Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-6523)
CVE-2016-6523
CWE-707
Medium
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2156)
CVE-2016-2156
CWE-200
Medium
Oracle Database Server CVE-2014-2408 Vulnerability (CVE-2014-2408)
CVE-2014-2408
-
Medium
Oracle JRE CVE-2014-2409 Vulnerability (CVE-2014-2409)
CVE-2014-2409
-
Medium
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-2155)
CVE-2016-2155
CWE-264
Medium
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2154)
CVE-2016-2154
CWE-200
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-2153)
CVE-2016-2153
CWE-707
Medium
Oracle JRE CVE-2014-2413 Vulnerability (CVE-2014-2413)
CVE-2014-2413
-
Medium
MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-6334)
CVE-2016-6334
CWE-707
Medium
MediaWiki Improper Access Control Vulnerability (CVE-2016-6336)
CVE-2016-6336
CWE-284
Medium
MongoDb Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6494)
CVE-2016-6494
CWE-200
Medium
ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-1665)
CVE-2014-1665
CWE-707
Medium
MySQL CVE-2014-2419 Vulnerability (CVE-2014-2419)
CVE-2014-2419
-
Medium
phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-6607)
CVE-2016-6607
CWE-707
Medium
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2158)
CVE-2016-2158
CWE-200
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-2152)
CVE-2016-2152
CWE-707
Medium
Oracle JRE CVE-2014-2422 Vulnerability (CVE-2014-2422)
CVE-2014-2422
-
Medium
phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-6608)
CVE-2016-6608
CWE-707
Medium
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6610)
CVE-2016-6610
CWE-200
Medium
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6612)
CVE-2016-6612
CWE-200
Medium
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6613)
CVE-2016-6613
CWE-200
Medium
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2151)
CVE-2016-2151
CWE-200
Medium
phpMyAdmin Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2016-6614)
CVE-2016-6614
CWE-22
Medium
phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-6615)
CVE-2016-6615
CWE-707
Medium
phpMyAdmin CVE-2016-6618 Vulnerability (CVE-2016-6618)
CVE-2016-6618
-
Medium
OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2107)
CVE-2016-2107
CWE-200
Medium
phpMyAdmin Resource Management Errors Vulnerability (CVE-2016-6622)
CVE-2016-6622
-
Medium
MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-6333)
CVE-2016-6333
CWE-707
Medium
Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-6316)
CVE-2016-6316
CWE-707
Medium
MediaWiki Improper Input Validation Vulnerability (CVE-2014-1610)
CVE-2014-1610
CWE-20
Medium
phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-2560)
CVE-2016-2560
CWE-707
Medium
Atlassian Jira Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-2314)
CVE-2014-2314
CWE-22
Medium
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2865)
CVE-2016-2865
CWE-200
Medium
MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-1840)
CVE-2014-1840
CWE-707
Medium
IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-2864)
CVE-2016-2864
CWE-707
Medium
phpMyAdmin Improper Input Validation Vulnerability (CVE-2016-2562)
CVE-2016-2562
CWE-20
Medium
Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6212)
CVE-2016-6212
CWE-200
Medium
Atlassian Confluence Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-6283)
CVE-2016-6283
CWE-707
Medium
phpMyAdmin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-2561)
CVE-2016-2561
CWE-707
Medium
Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-6285)
CVE-2016-6285
CWE-707
Medium
PHP NULL Pointer Dereference Vulnerability (CVE-2016-6292)
CVE-2016-6292
CWE-476
Medium
OpenSSL Out-of-bounds Read Vulnerability (CVE-2016-6306)
CVE-2016-6306
CWE-125
Medium
OpenSSL Uncontrolled Resource Consumption Vulnerability (CVE-2016-6307)
CVE-2016-6307
CWE-400
Medium
OpenSSL Resource Management Errors Vulnerability (CVE-2016-6308)
CVE-2016-6308
-
Medium
Moodle Improper Access Control Vulnerability (CVE-2016-2159)
CVE-2016-2159
CWE-284
Medium
«
1
...
184
185
186
...
201
»