🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Invicti vs. Competitors
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
MSSP
Documentation
Vulnerability Database
Get a demo
Home
/
Web Application Vulnerabilities
/ Known Vulnerabilities
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
Known Vulnerabilities
This page lists
14981 vulnerabilities
in this category.
Critical: 1612
High: 4015
Medium: 8569
Low: 783
Information: 2
Vulnerability Name
CVE
CWE
Severity
EspoCRM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2026-33656)
CVE-2026-33656
CWE-22
Critical
Cleo Harmony/VLTrader/LexiCom RCE (CVE-2024-50623, CVE-2024-55956)
CVE-2024-55956
CWE-434
Critical
Rukovoditel Improper Input Validation Vulnerability (CVE-2020-11819)
CVE-2020-11819
CWE-20
Critical
Oracle HTTP Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2019-3822)
CVE-2019-3822
CWE-119
Critical
Ampache Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-15153)
CVE-2020-15153
CWE-138
Critical
CloudPanel file-manager Auth bypass (CVE-2023-35885)
CVE-2023-35885
CWE-565
Critical
Rukovoditel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-11820)
CVE-2020-11820
CWE-138
Critical
TYPO3 Deserialization of Untrusted Data Vulnerability (CVE-2019-12747)
CVE-2019-12747
CWE-502
Critical
CrushFTP SSTI (CVE-2024-4040)
CVE-2024-4040
CWE-94
Critical
TwistedHTTP Request Splitting Vulnerability (CVE-2020-10108)
CVE-2020-10108
-
Critical
CyberPanel RCE (CVE-2024-51567/CVE-2024-51568/CVE-2024-51378)
CVE-2024-51378
CWE-306
Critical
D-Link NAS Backdoor Account RCE (CVE-2024-3273, CVE-2024-3272)
CVE-2024-3272
CWE-77
Critical
Drupal Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-9082)
CVE-2026-9082
CWE-138
Critical
WebLogic CVE-2020-14644 Vulnerability (CVE-2020-14644)
CVE-2020-14644
-
Critical
WebLogic CVE-2020-14645 Vulnerability (CVE-2020-14645)
CVE-2020-14645
-
Critical
Ruby Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-8780)
CVE-2018-8780
CWE-22
Critical
Jboss EAP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-3873)
CVE-2019-3873
CWE-707
Critical
Undertow Insertion of Sensitive Information into Log File Vulnerability (CVE-2019-3888)
CVE-2019-3888
CWE-532
Critical
PrestaShop Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-8823)
CVE-2018-8823
CWE-94
Critical
Flowise Authentication Bypass (CVE-2024-31621)
CVE-2024-31621
CWE-287
Critical
PrestaShop Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-8824)
CVE-2018-8824
CWE-138
Critical
Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-9019)
CVE-2018-9019
CWE-138
Critical
Apache Log4j socket receiver deserialization vulnerability
CVE-2017-5645
CWE-502
Critical
Apache Tomcat Improper Authorization Vulnerability (CVE-2026-43515)
CVE-2026-43515
CWE-285
Critical
MySQL Deserialization of Untrusted Data Vulnerability (CVE-2019-14893)
CVE-2019-14893
CWE-502
Critical
WebLogic CVE-2018-3191 Vulnerability (CVE-2018-3191)
CVE-2018-3191
-
Critical
Python Incorrect Authorization Vulnerability (CVE-2020-15801)
CVE-2020-15801
CWE-863
Critical
Chamilo Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2026-33707)
CVE-2026-33707
CWE-640
Critical
Jboss EAP CVE-2018-8088 Vulnerability (CVE-2018-8088)
CVE-2018-8088
-
Critical
Oracle Database Server Improper Input Validation Vulnerability (CVE-2020-1953)
CVE-2020-1953
CWE-20
Critical
Moodle CVE-2019-14880 Vulnerability (CVE-2019-14880)
CVE-2019-14880
-
Critical
Apache HTTP Server CVE-2003-0789 Vulnerability (CVE-2003-0789)
CVE-2003-0789
-
Critical
Apache Traffic Server Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2020-1944)
CVE-2020-1944
CWE-444
Critical
ChatGPT-Next-Web SSRF (CVE-2023-49785)
CVE-2023-49785
CWE-918
Critical
PHP Other Vulnerability (CVE-2003-0860)
CVE-2003-0860
-
Critical
Pega Infinity Improper Privilege Management Vulnerability (CVE-2020-15390)
CVE-2020-15390
CWE-269
Critical
Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-10243)
CVE-2020-10243
CWE-138
Critical
Apache Tomcat Other Vulnerability (CVE-2020-1938)
CVE-2020-1938
-
Critical
PHP Other Vulnerability (CVE-2003-0861)
CVE-2003-0861
-
Critical
Jboss EAP Inadequate Encryption Strength Vulnerability (CVE-2019-14887)
CVE-2019-14887
CWE-326
Critical
WS_FTP AHT Deserialization RCE (CVE-2023-40044)
CVE-2023-40044
CWE-502
Critical
TorchServe Management API SSRF (CVE-2023-43654)
CVE-2023-43654
CWE-918
Critical
Sqlite Use After Free Vulnerability (CVE-2020-11656)
CVE-2020-11656
CWE-416
Critical
Joomla Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2019-12765)
CVE-2019-12765
CWE-1236
Critical
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2018-3245)
CVE-2018-3245
CWE-502
Critical
TeamCity Authentication Bypass (CVE-2023-42793)
CVE-2023-42793
CWE-287
Critical
qdPM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-11811)
CVE-2020-11811
CWE-434
Critical
Rukovoditel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-11812)
CVE-2020-11812
CWE-138
Critical
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-14892)
CVE-2019-14892
CWE-502
Critical
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-14893)
CVE-2019-14893
CWE-502
Critical
Rukovoditel Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-11815)
CVE-2020-11815
CWE-434
Critical
TwistedHTTP Request Splitting Vulnerability (CVE-2020-10109)
CVE-2020-10109
-
Critical
osTicket Server-Side Request Forgery (SSRF) Vulnerability (CVE-2020-24881)
CVE-2020-24881
CWE-918
Critical
WebLogic CVE-2018-3201 Vulnerability (CVE-2018-3201)
CVE-2018-3201
-
Critical
WebLogic CVE-2018-3197 Vulnerability (CVE-2018-3197)
CVE-2018-3197
-
Critical
Rukovoditel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-11816)
CVE-2020-11816
CWE-138
Critical
Chamilo Files or Directories Accessible to External Parties Vulnerability (CVE-2026-33698)
CVE-2026-33698
CWE-552
Critical
Rukovoditel Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-11817)
CVE-2020-11817
CWE-434
Critical
OpenMetadata Authentication Bypass (CVE-2024-28255)
CVE-2024-28255
CWE-287
Critical
OpenSSL Improper Validation of Integrity Check Value Vulnerability (CVE-2026-34182)
CVE-2026-34182
CWE-354
Critical
PHP CGI Argument Injection (CVE-2024-4577)
CVE-2024-4577
CWE-78
Critical
Apache Struts Path traversal (S2-067/CVE-2024-53677, S2-066/CVE-2023-50164)
CVE-2023-50164
CWE-434
Critical
Lighttpd Integer Overflow or Wraparound Vulnerability (CVE-2019-11072)
CVE-2019-11072
CWE-190
Critical
Apache Tika XXE via PDF XFA Content (CVE-2025-66516)
CVE-2025-66516
CWE-611
Critical
Python Credentials Management Errors Vulnerability (CVE-2019-10160)
CVE-2019-10160
-
Critical
PHP Out-of-bounds Read Vulnerability (CVE-2019-9021)
CVE-2019-9021
CWE-125
Critical
Caddy Web Server Improper Input Validation Vulnerability (CVE-2026-27590)
CVE-2026-27590
CWE-20
Critical
WebLogic CVE-2020-14687 Vulnerability (CVE-2020-14687)
CVE-2020-14687
-
Critical
Adobe Commerce/Magento "SessionReaper" RCE (CVE-2025-54236)
CVE-2025-54236
CWE-20
Critical
PHP Out-of-bounds Read Vulnerability (CVE-2019-11034)
CVE-2019-11034
CWE-125
Critical
Sqlite Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2019-19646)
CVE-2019-19646
CWE-754
Critical
PHP Double Free Vulnerability (CVE-2019-11049)
CVE-2019-11049
CWE-415
Critical
WordPress Deserialization of Untrusted Data Vulnerability (CVE-2018-20148)
CVE-2018-20148
CWE-502
Critical
VMware Aria Operations for Networks RCE (CVE-2023-20887)
CVE-2023-20887
CWE-77
Critical
PHP Use After Free Vulnerability (CVE-2019-9020)
CVE-2019-9020
CWE-416
Critical
«
1
...
18
19
20
...
200
»