Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Known Vulnerabilities

This page lists 14673 vulnerabilities in this category.

Critical: 1573 High: 3882 Medium: 8446 Low: 770 Information: 2
Vulnerability Name
CVE
CWE
Severity
Django SQL Injection via _connector parameter (CVE-2025-64459)
CVE-2025-64459
CWE-89
Critical
PHP CVE-2004-1063 Vulnerability (CVE-2004-1063)
CVE-2004-1063
-
Critical
PHP CVE-2004-1064 Vulnerability (CVE-2004-1064)
CVE-2004-1064
-
Critical
PHP Other Vulnerability (CVE-2004-1065)
CVE-2004-1065
-
Critical
XWikiplatform Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-32429)
CVE-2025-32429
CWE-138
Critical
phpMyAdmin Other Vulnerability (CVE-2004-1147)
CVE-2004-1147
-
Critical
Craft CMS CVE-2025-32432 Vulnerability (CVE-2025-32432)
CVE-2025-32432
-
Critical
SugarCRM Other Vulnerability (CVE-2004-1225)
CVE-2004-1225
-
Critical
FortiWeb Authentication Bypass (CVE-2025-64446)
CVE-2025-58034
CWE-23
Critical
Sqlite Integer Overflow or Wraparound Vulnerability (CVE-2025-3277)
CVE-2025-3277
CWE-190
Critical
PAN-OS Management Interface Authentication Bypass (CVE-2025-0108)
CVE-2025-0108
CWE-287
Critical
Grafana Authentication Bypass by Spoofing Vulnerability (CVE-2023-3128)
CVE-2023-3128
CWE-290
Critical
PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2023-3824)
CVE-2023-3824
CWE-119
Critical
CWP (Control Web Panel) < 0.9.8.1205 - Remote Code Execution (CVE-2025-48703)
CVE-2025-48703
CWE-78
Critical
SolarWinds Web Help Desk RCE (CVE-2024-28986)
CVE-2024-28986
CWE-502
Critical
IBMHttpServer Other Vulnerability (CVE-2004-0492)
CVE-2004-0492
-
Critical
Citrix NetScaler Memory Overread (CVE-2026-3055)
CVE-2026-3055
CWE-125
Critical
React Deserialization of Untrusted Data Vulnerability (CVE-2025-55182)
CVE-2025-55182
CWE-502
Critical
Craft CMS Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2025-68456)
CVE-2025-68456
CWE-770
Critical
SolarWinds Web Help Desk Hardcoded Credential (CVE-2024-28987)
CVE-2024-28987
CWE-798
Critical
Apache HTTP Server Other Vulnerability (CVE-2004-0492)
CVE-2004-0492
-
Critical
Laravel Livewire RCE (CVE-2025-54068)
CVE-2025-54068
CWE-94
Critical
Vulnerable Laravel Livewire version (CVE-2025-54068)
CVE-2025-54068
CWE-94
Critical
Nginx UI Information Disclosure (CVE-2026-27944)
CVE-2026-27944
CWE-311
Critical
SmarterTools SmarterMail Admin Password Reset (CVE-2026-23760)
CVE-2026-23760
CWE-288
Critical
Beego Framework Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-30223)
CVE-2025-30223
CWE-707
Critical
MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-3550)
CVE-2023-3550
CWE-707
Critical
Chamilo Improper Handling of Case Sensitivity Vulnerability (CVE-2023-3545)
CVE-2023-3545
CWE-178
Critical
Chamilo Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-3533)
CVE-2023-3533
CWE-22
Critical
XWikiplatform Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-31982)
CVE-2024-31982
CWE-94
Critical
Chamilo Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2023-3368)
CVE-2023-3368
CWE-138
Critical
Liferay Portal Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2025-3594)
CVE-2025-3594
CWE-22
Critical
Apache HTTP Server Improper Encoding or Escaping of Output Vulnerability (CVE-2024-38474)
CVE-2024-38474
CWE-116
Critical
Sqlite Numeric Truncation Error Vulnerability (CVE-2025-6965)
CVE-2025-6965
CWE-197
Critical
Apache HTTP Server Improper Encoding or Escaping of Output Vulnerability (CVE-2024-38475)
CVE-2024-38475
CWE-116
Critical
XWikiplatform Missing Authorization Vulnerability (CVE-2025-29926)
CVE-2025-29926
CWE-862
Critical
Apache HTTP Server Other Vulnerability (CVE-1999-0067)
CVE-1999-0067
-
Critical
Opencart Improper Restriction of Excessive Authentication Attempts Vulnerability (CVE-2023-40834)
CVE-2023-40834
CWE-307
Critical
Moodle CVE-2025-67856 Vulnerability (CVE-2025-67856)
CVE-2025-67856
-
Critical
SAP NetWeaver Visual Composer Unrestricted File Uploading (CVE-2025-31324)
CVE-2025-31324
CWE-434
Critical
LimeSurvey Deserialization of Untrusted Data Vulnerability (CVE-2025-56422)
CVE-2025-56422
CWE-502
Critical
SharePoint "ToolShell" RCE (CVE-2025-49704/CVE-2025-49706/CVE-2025-53770/CVE-2025-53771)
CVE-2025-53771
CWE-287
Critical
Apache Tomcat Improper Certificate Validation Vulnerability (CVE-2025-66614)
CVE-2025-66614
CWE-295
Critical
MediaWiki Improper Input Validation Vulnerability (CVE-2025-67484)
CVE-2025-67484
CWE-20
Critical
VMware Aria Operations for Networks RCE (CVE-2023-20887)
CVE-2023-20887
CWE-77
Critical
CrushFTP Server Other Vulnerability (CVE-2025-31161)
CVE-2025-31161
-
Critical
Sitecore XM/XP Insecure Deserialization (CVE-2025-27218)
CVE-2025-27218
CWE-502
Critical
CrushFTP Server Improper Control of Dynamically-Managed Code Resources Vulnerability (CVE-2023-43177)
CVE-2023-43177
CWE-913
Critical
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-21650)
CVE-2024-21650
CWE-94
Critical
Kramer VIAware RCE (CVE-2021-36356/CVE-2021-35064)
CVE-2021-35064
CWE-434
Critical
Oracle Application Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2004-1371)
CVE-2004-1371
CWE-119
Critical
Wing FTP Server RCE (CVE-2025-47812)
CVE-2025-47812
CWE-158
Critical
Liferay DXP Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2025-3594)
CVE-2025-3594
CWE-22
Critical
Next.js Deserialization of Untrusted Data Vulnerability (CVE-2025-55182)
CVE-2025-55182
CWE-502
Critical
TeamCity Authentication Bypass (CVE-2024-27198)
CVE-2024-27198
CWE-288
Critical
Apache Tomcat Improper Neutralization of Escape, Meta, or Control Sequences Vulnerability (CVE-2025-55754)
CVE-2025-55754
CWE-150
Critical
Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-41892)
CVE-2023-41892
CWE-94
Critical
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-46731)
CVE-2023-46731
CWE-94
Critical
SysAid On-Premise RCE (CVE-2023-47246)
CVE-2023-47246
CWE-22
Critical
PHP CVE-2004-0542 Vulnerability (CVE-2004-0542)
CVE-2004-0542
-
Critical
XWikiplatform Relative Path Traversal Vulnerability (CVE-2025-55747)
CVE-2025-55747
CWE-23
Critical
Citrix NetScaler Memory Disclosure 'Citrix Bleed 2' (CVE-2025-5777)
CVE-2025-5349
CWE-457
Critical
Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-55289)
CVE-2025-55289
CWE-707
Critical
Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-55208)
CVE-2025-55208
CWE-707
Critical
SuiteCRM SQL Injection (CVE-2024-36412)
CVE-2024-36412
CWE-89
Critical
Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-33361)
CVE-2023-33361
CWE-138
Critical
Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-25226)
CVE-2025-25226
CWE-138
Critical
Craft CMS register_argc_argv RCE (CVE-2024-56145)
CVE-2024-56145
CWE-94
Critical
Ruby on Rails Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2026-33202)
CVE-2026-33202
CWE-138
Critical
CrushFTP Server Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-4040)
CVE-2024-4040
CWE-94
Critical
PHP Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2024-4577)
CVE-2024-4577
CWE-138
Critical
Serendipity Other Vulnerability (CVE-2005-1452)
CVE-2005-1452
-
Critical
Jira Seraph Authentication Bypass (CVE-2022-0540)
CVE-2022-0540
CWE-288
Critical
WordPress Ultimate Member Plugin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-1071)
CVE-2024-1071
CWE-138
Critical
Apache Traffic Server Unchecked Return Value Vulnerability (CVE-2024-50306)
CVE-2024-50306
CWE-252
Critical