🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Invicti vs. Competitors
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
MSSP
Documentation
Vulnerability Database
Get a demo
Home
/
Web Application Vulnerabilities
/ Known Vulnerabilities
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
Known Vulnerabilities
This page lists
14981 vulnerabilities
in this category.
Critical: 1612
High: 4015
Medium: 8569
Low: 783
Information: 2
Vulnerability Name
CVE
CWE
Severity
Grafana Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-27876)
CVE-2026-27876
CWE-94
Critical
Artifactory Weak Password Requirements Vulnerability (CVE-2019-17444)
CVE-2019-17444
CWE-521
Critical
Chamilo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-28430)
CVE-2026-28430
CWE-138
Critical
Magento CVE-2019-8121 Vulnerability (CVE-2019-8121)
CVE-2019-8121
-
Critical
IBM WebSEAL CVE-2018-1722 Vulnerability (CVE-2018-1722)
CVE-2018-1722
-
Critical
WebLogic CVE-2020-14825 Vulnerability (CVE-2020-14825)
CVE-2020-14825
-
Critical
Laravel Livewire RCE (CVE-2025-54068)
CVE-2025-54068
CWE-94
Critical
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-17531)
CVE-2019-17531
CWE-502
Critical
WebLogic CVE-2020-2801 Vulnerability (CVE-2020-2801)
CVE-2020-2801
-
Critical
Vulnerable Laravel Livewire version (CVE-2025-54068)
CVE-2025-54068
CWE-94
Critical
PHP Out-of-bounds Read Vulnerability (CVE-2019-11040)
CVE-2019-11040
CWE-125
Critical
OpenSSL Out-of-bounds Read Vulnerability (CVE-2026-28386)
CVE-2026-28386
CWE-125
Critical
WebLogic CVE-2020-14750 Vulnerability (CVE-2020-14750)
CVE-2020-14750
-
Critical
Nginx UI Information Disclosure (CVE-2026-27944)
CVE-2026-27944
CWE-311
Critical
PHP Other Vulnerability (CVE-1999-0238)
CVE-1999-0238
-
Critical
Apache HTTP Server Other Vulnerability (CVE-1999-0926)
CVE-1999-0926
-
Critical
Apache Tomcat Improper Authentication Vulnerability (CVE-2026-29145)
CVE-2026-29145
CWE-287
Critical
Contao Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-11512)
CVE-2019-11512
CWE-138
Critical
LimeSurvey Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-25019)
CVE-2019-25019
CWE-138
Critical
SharePoint "ToolShell" RCE (CVE-2025-49704/CVE-2025-49706/CVE-2025-53770/CVE-2025-53771)
CVE-2025-53771
CWE-287
Critical
Oracle Database Server CVE-2019-2517 Vulnerability (CVE-2019-2517)
CVE-2019-2517
-
Critical
Moodle Other Vulnerability (CVE-2004-2236)
CVE-2004-2236
-
Critical
Moodle Other Vulnerability (CVE-2004-2237)
CVE-2004-2237
-
Critical
Jetty Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2026-2332)
CVE-2026-2332
-
Critical
PHP Use After Free Vulnerability (CVE-2026-7261)
CVE-2026-7261
CWE-416
Critical
Dolibarr Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-25357)
CVE-2018-25357
CWE-94
Critical
Joomla CVE-2026-48904 Vulnerability (CVE-2026-48904)
CVE-2026-48904
-
Critical
Joomla Deserialization of Untrusted Data Vulnerability (CVE-2019-11831)
CVE-2019-11831
CWE-502
Critical
Palo Alto PAN-OS Management Interface Auth Bypass (CVE-2024-0012/CVE-2024-9474)
CVE-2024-9474
CWE-306
Critical
Caddy Web Server Improper Authentication Vulnerability (CVE-2018-21246)
CVE-2018-21246
CWE-287
Critical
Magento XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2019-8158)
CVE-2019-8158
CWE-91
Critical
WP Plugin Contact Form 7 CVE-2018-20979 Vulnerability (CVE-2018-20979)
CVE-2018-20979
-
Critical
PaperCut NG/MF Path Traversal (CVE-2023-39143)
CVE-2023-39143
CWE-22
Critical
Drupal Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-11831)
CVE-2019-11831
CWE-22
Critical
Microsoft SQL Server Other Vulnerability (CVE-2002-0721)
CVE-2002-0721
-
Critical
Progress Kemp LoadMaster RCE (CVE-2024-1212)
CVE-2024-1212
CWE-78
Critical
Chamilo Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-1999019)
CVE-2018-1999019
CWE-94
Critical
Lodash Other Vulnerability (CVE-2019-10744)
CVE-2019-10744
-
Critical
Apache HTTP Server Use After Free Vulnerability (CVE-2026-29167)
CVE-2026-29167
CWE-416
Critical
Telerik Report Server Authentication Bypass Vulnerability
CVE-2024-4358
CWE-287
Critical
WebLogic CVE-2019-2658 Vulnerability (CVE-2019-2658)
CVE-2019-2658
-
Critical
Rejetto HTTP File Server SSTI RCE (CVE-2024-23692)
CVE-2024-23692
CWE-1336
Critical
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-17267)
CVE-2019-17267
CWE-502
Critical
SAP NetWeaver Visual Composer Unrestricted File Uploading (CVE-2025-31324)
CVE-2025-31324
CWE-434
Critical
Oracle HTTP Server Improper Input Validation Vulnerability (CVE-2020-35169)
CVE-2020-35169
CWE-20
Critical
PAN-OS Management Interface Authentication Bypass (CVE-2025-0108)
CVE-2025-0108
CWE-287
Critical
Joomla CVE-2026-48898 Vulnerability (CVE-2026-48898)
CVE-2026-48898
-
Critical
SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-26105)
CVE-2026-26105
CWE-707
Critical
Next.js/React Server Components RCE (CVE-2025-55182 & CVE-2025-66478)
CVE-2025-66478
CWE-502
Critical
Vanilla Forums Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-18903)
CVE-2018-18903
CWE-94
Critical
Dot CMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-19138)
CVE-2020-19138
CWE-434
Critical
Joomla CVE-2026-48899 Vulnerability (CVE-2026-48899)
CVE-2026-48899
-
Critical
Contao Key Management Errors Vulnerability (CVE-2019-10643)
CVE-2019-10643
-
Critical
Kentico Staging API Authentication Bypass
CVE-2025-2746
CWE-287
Critical
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2018-2628)
CVE-2018-2628
CWE-502
Critical
WebLogic Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2019-17195)
CVE-2019-17195
CWE-754
Critical
Oracle HTTP Server Other Vulnerability (CVE-2020-29506)
CVE-2020-29506
-
Critical
Oracle HTTP Server Improper Input Validation Vulnerability (CVE-2020-29507)
CVE-2020-29507
CWE-20
Critical
Moodle Other Vulnerability (CVE-2004-2235)
CVE-2004-2235
-
Critical
Oracle HTTP Server Improper Input Validation Vulnerability (CVE-2020-29508)
CVE-2020-29508
CWE-20
Critical
Ingress-Nginx "IngressNightmare" RCE (CVE-2025-1974)
CVE-2025-1974
CWE-653
Critical
Zope Web Application Server Other Vulnerability (CVE-2000-0062)
CVE-2000-0062
-
Critical
PaloAlto Networks Expedition RCE (CVE-2024-9463)
CVE-2024-9465
CWE-918
Critical
Telerik Web UI Deserialization of Untrusted Data Vulnerability (CVE-2019-18935)
CVE-2019-18935
CWE-502
Critical
Perl Integer Overflow to Buffer Overflow Vulnerability (CVE-2026-8376)
CVE-2026-8376
CWE-680
Critical
Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-19213)
CVE-2020-19213
CWE-138
Critical
PHP Other Vulnerability (CVE-2000-0059)
CVE-2000-0059
-
Critical
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-17267)
CVE-2019-17267
CWE-502
Critical
Joomla CVE-2026-48902 Vulnerability (CVE-2026-48902)
CVE-2026-48902
-
Critical
Moodle Other Vulnerability (CVE-2004-2233)
CVE-2004-2233
-
Critical
Internet Information Services Other Vulnerability (CVE-1999-1376)
CVE-1999-1376
-
Critical
Plone CMS Missing Authentication for Critical Function Vulnerability (CVE-2020-35190)
CVE-2020-35190
CWE-306
Critical
PHP Out-of-bounds Write Vulnerability (CVE-2019-11043)
CVE-2019-11043
CWE-787
Critical
CrushFTP Authentication Bypass (CVE-2025-2825)
CVE-2025-2825
CWE-287
Critical
WebLogic CVE-2019-2646 Vulnerability (CVE-2019-2646)
CVE-2019-2646
-
Critical
«
1
...
20
21
22
...
200
»