Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Known Vulnerabilities

This page lists 14673 vulnerabilities in this category.

Critical: 1573 High: 3882 Medium: 8446 Low: 770 Information: 2
Vulnerability Name
CVE
CWE
Severity
Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2024-50379)
CVE-2024-50379
CWE-367
Critical
MongoDb Improper Certificate Validation Vulnerability (CVE-2024-1351)
CVE-2024-1351
CWE-295
Critical
Improper Authorization in Confluence Server and Data Center (CVE-2023-22518)
CVE-2023-22518
CWE-284
Critical
Ruby on Rails Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2026-33195)
CVE-2026-33195
CWE-22
Critical
XWikiplatform Missing Authorization Vulnerability (CVE-2026-33229)
CVE-2026-33229
CWE-862
Critical
Craft CMS Incorrect Authorization Vulnerability (CVE-2026-32267)
CVE-2026-32267
CWE-863
Critical
Craft CMS RCE (CVE-2023-41892)
CVE-2023-41892
CWE-94
Critical
IBM Aspera Faspex RCE (CVE-2022-47986)
CVE-2022-47986
CWE-502
Critical
PHP Improper Encoding or Escaping of Output Vulnerability (CVE-2024-1874)
CVE-2024-1874
CWE-116
Critical
Adobe Commerce/Magento "CosmicSting" XXE (CVE-2024-34102)
CVE-2024-34102
CWE-611
Critical
Chamilo Files or Directories Accessible to External Parties Vulnerability (CVE-2026-33698)
CVE-2026-33698
CWE-552
Critical
F5 BIG-IP Request Smuggling (CVE-2023-46747)
CVE-2023-46747
CWE-288
Critical
Ampache Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-51490)
CVE-2024-51490
CWE-707
Critical
Juniper Junos OS J-Web RCE (CVE-2023-36845/CVE-2023-36846)
CVE-2023-36846
CWE-473
Critical
Envoy Proxy CVE-2024-7207 Vulnerability (CVE-2024-7207)
CVE-2024-7207
-
Critical
Chamilo Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2026-33707)
CVE-2026-33707
CWE-640
Critical
Handlebars Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-33937)
CVE-2026-33937
CWE-94
Critical
MongoDb Use of Uninitialized Resource Vulnerability (CVE-2024-8654)
CVE-2024-8654
CWE-908
Critical
ProjectSend Incorrect Authorization Vulnerability (CVE-2024-11680)
CVE-2024-11680
CWE-863
Critical
WebLogic CVE-2024-21181 Vulnerability (CVE-2024-21181)
CVE-2024-21181
-
Critical
Cisco IOS XE Web UI Authentication Bypass (CVE-2023-20198)
CVE-2023-20198
CWE-287
Critical
Moodle Other Vulnerability (CVE-2005-2247)
CVE-2005-2247
-
Critical
Zope Web Application Server Other Vulnerability (CVE-2000-0062)
CVE-2000-0062
-
Critical
Undertow Improper Input Validation Vulnerability (CVE-2025-12543)
CVE-2025-12543
CWE-20
Critical
PrestaShop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-30838)
CVE-2023-30838
CWE-707
Critical
Sqlite Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2023-7104)
CVE-2023-7104
CWE-119
Critical
MySQL Other Vulnerability (CVE-2003-0150)
CVE-2003-0150
-
Critical
OpenSSL Out-of-bounds Write Vulnerability (CVE-2026-31789)
CVE-2026-31789
CWE-787
Critical
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-11165)
CVE-2025-11165
CWE-138
Critical
ChatGPT-Next-Web SSRF (CVE-2023-49785)
CVE-2023-49785
CWE-918
Critical
ActiveMQ OpenWire RCE (CVE-2023-46604)
CVE-2023-46604
CWE-502
Critical
Pega Infinity Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-10094)
CVE-2024-10094
CWE-94
Critical
Oracle Database Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2003-0096)
CVE-2003-0096
CWE-119
Critical
PHP Integer Overflow or Wraparound Vulnerability (CVE-2024-11236)
CVE-2024-11236
CWE-190
Critical
Apache HTTP Server CVE-2005-2700 Vulnerability (CVE-2005-2700)
CVE-2005-2700
-
Critical
DOMPurify Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2024-48910)
CVE-2024-48910
CWE-1321
Critical
phpMyFAQ Improper Access Control Vulnerability (CVE-2023-2429)
CVE-2023-2429
CWE-284
Critical
Oracle Database Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2003-0095)
CVE-2003-0095
CWE-119
Critical
Apache Struts2 remote code execution vulnerability
CVE-2016-0785
CWE-78
Critical
Code Evaluation (Apache Struts) S2-016
CVE-2013-2251
CWE-20
Critical
Cacti Unauthenticated Command Injection (CVE-2022-46169)
CVE-2022-46169
CWE-77
Critical
PHP Out-of-bounds Write Vulnerability (CVE-2024-8932)
CVE-2024-8932
CWE-787
Critical
Cisco IOS XE Web UI Implant (CVE-2023-20198)
CVE-2023-20198
CWE-912
Critical
Jenkins Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-23897)
CVE-2024-23897
CWE-22
Critical
Broken access control in Confluence Server and Data Center (CVE-2023-22515)
CVE-2023-22515
CWE-284
Critical
MOVEit Transfer Improper Authentication Vulnerability (CVE-2024-6576)
CVE-2024-6576
CWE-287
Critical
Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-5315)
CVE-2024-5315
CWE-138
Critical
PHP Other Vulnerability (CVE-2000-0059)
CVE-2000-0059
-
Critical
Perl Other Vulnerability (CVE-2026-4176)
CVE-2026-4176
-
Critical
Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-28333)
CVE-2023-28333
CWE-94
Critical
CrushFTP Server Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2024-53552)
CVE-2024-53552
CWE-640
Critical
SharePoint Authentication bypass (CVE-2023-29357)
CVE-2023-29357
CWE-287
Critical
XWikiplatform Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-56158)
CVE-2024-56158
CWE-138
Critical
Sitecore XP TemplateParser RCE (CVE-2023-35813)
CVE-2023-35813
CWE-94
Critical
Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-56145)
CVE-2024-56145
CWE-94
Critical
ColdFusion WDDX Deserialization RCE (CVE-2023-29300/CVE-2023-38203/CVE-2023-38204)
CVE-2023-38204
CWE-502
Critical
Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-53908)
CVE-2024-53908
CWE-138
Critical
Pega Infinity Other Vulnerability (CVE-2023-28094)
CVE-2023-28094
-
Critical
Citrix NetScaler Memory Disclosure 'Citrix Bleed' (CVE-2023-4966)
CVE-2023-4966
CWE-119
Critical
Django Missing Authorization Vulnerability (CVE-2026-4277)
CVE-2026-4277
CWE-862
Critical
CubeCart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-34018)
CVE-2026-34018
CWE-138
Critical
TeamCity Authentication Bypass (CVE-2023-42793)
CVE-2023-42793
CWE-287
Critical
Lodash Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-4800)
CVE-2026-4800
CWE-94
Critical
Drupal Deserialization of Untrusted Data Vulnerability (CVE-2024-55636)
CVE-2024-55636
CWE-502
Critical
TorchServe Management API SSRF (CVE-2023-43654)
CVE-2023-43654
CWE-918
Critical
PHP Other Vulnerability (CVE-2000-0967)
CVE-2000-0967
-
Critical
Drupal Deserialization of Untrusted Data Vulnerability (CVE-2024-55637)
CVE-2024-55637
CWE-502
Critical
WS_FTP AHT Deserialization RCE (CVE-2023-40044)
CVE-2023-40044
CWE-502
Critical
Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-27898)
CVE-2023-27898
CWE-707
Critical
Joomla Other Vulnerability (CVE-2005-3773)
CVE-2005-3773
-
Critical
XWikiplatform Improper Encoding or Escaping of Output Vulnerability (CVE-2024-55663)
CVE-2024-55663
CWE-116
Critical
Drupal Deserialization of Untrusted Data Vulnerability (CVE-2024-55638)
CVE-2024-55638
CWE-502
Critical
XWikiplatform Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-46558)
CVE-2025-46558
CWE-707
Critical
MediaWiki CVE-2023-29141 Vulnerability (CVE-2023-29141)
CVE-2023-29141
-
Critical
Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-5314)
CVE-2024-5314
CWE-138
Critical