🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Invicti vs. Competitors
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
MSSP
Documentation
Vulnerability Database
Get a demo
Home
/
Web Application Vulnerabilities
/ Known Vulnerabilities
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
Known Vulnerabilities
This page lists
14981 vulnerabilities
in this category.
Critical: 1612
High: 4015
Medium: 8569
Low: 783
Information: 2
Vulnerability Name
CVE
CWE
Severity
Envoy Proxy Improper Handling of Highly Compressed Data (Data Amplification) Vulnerability (CVE-2022-29225)
CVE-2022-29225
CWE-409
High
Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-25452)
CVE-2019-25452
CWE-138
High
Atlassian Jira CVE-2019-20898 Vulnerability (CVE-2019-20898)
CVE-2019-20898
-
High
Apache Tomcat CVE-2022-29885 Vulnerability (CVE-2022-29885)
CVE-2022-29885
-
High
Cherokee Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2019-20799)
CVE-2019-20799
CWE-119
High
Cherokee Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-20798)
CVE-2019-20798
CWE-707
High
UAParser.js Inefficient Regular Expression Complexity Vulnerability (CVE-2022-25927)
CVE-2022-25927
CWE-1333
High
AngularJS Inefficient Regular Expression Complexity Vulnerability (CVE-2022-25844)
CVE-2022-25844
CWE-1333
High
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2022-25763)
CVE-2022-25763
CWE-20
High
Apache Tomcat Improper Resource Shutdown or Release Vulnerability (CVE-2022-25762)
CVE-2022-25762
CWE-404
High
Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-25450)
CVE-2019-25450
CWE-138
High
Grafana URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-29170)
CVE-2022-29170
CWE-601
High
Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-3541)
CVE-2014-3541
CWE-94
High
Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-14443)
CVE-2020-14443
CWE-138
High
Jboss EAP Uncontrolled Resource Consumption Vulnerability (CVE-2020-14384)
CVE-2020-14384
CWE-400
High
Ruby Out-of-bounds Read Vulnerability (CVE-2022-28739)
CVE-2022-28739
CWE-125
High
PHP Numeric Errors Vulnerability (CVE-2014-3669)
CVE-2014-3669
-
High
Drupal Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-3704)
CVE-2014-3704
CWE-138
High
Handlebars Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2019-20922)
CVE-2019-20922
CWE-835
High
Jenkins Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-3666)
CVE-2014-3666
CWE-94
High
Handlebars Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-20920)
CVE-2019-20920
CWE-94
High
Python Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2019-20907)
CVE-2019-20907
CWE-835
High
MediaWiki CVE-2022-28323 Vulnerability (CVE-2022-28323)
CVE-2022-28323
-
High
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3834)
CVE-2014-3834
CWE-264
High
PostgreSQL Uncontrolled Search Path Element Vulnerability (CVE-2020-14349)
CVE-2020-14349
CWE-427
High
TYPO3 Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2022-23503)
CVE-2022-23503
CWE-94
High
MediaWiki Release of Invalid Pointer or Reference Vulnerability (CVE-2022-28203)
CVE-2022-28203
CWE-763
High
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2022-28129)
CVE-2022-28129
CWE-20
High
Chamilo Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2022-27427)
CVE-2022-27427
CWE-94
High
Chamilo Server-Side Request Forgery (SSRF) Vulnerability (CVE-2022-27426)
CVE-2022-27426
CWE-918
High
MongoDb Incorrect Comparison Vulnerability (CVE-2019-20925)
CVE-2019-20925
CWE-697
High
FrontAccounting Multiple SQL Injection Vulnerabilities (CVE-2014-3973)
CVE-2014-3973
-
High
Chamilo Improper Privilege Management Vulnerability (CVE-2022-27421)
CVE-2022-27421
CWE-269
High
GibbonEdu Session Fixation Vulnerability (CVE-2022-27305)
CVE-2022-27305
CWE-384
High
Liferay Portal Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-28981)
CVE-2022-28981
CWE-22
High
osCommerce Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-25495)
CVE-2019-25495
CWE-138
High
osCommerce Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-25496)
CVE-2019-25496
CWE-138
High
TYPO3 Insufficient Session Expiration Vulnerability (CVE-2022-31050)
CVE-2022-31050
CWE-613
High
Apache HTTP Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-30556)
CVE-2022-30556
CWE-200
High
PostgreSQL Improper Control of Dynamically-Managed Code Resources Vulnerability (CVE-2022-2625)
CVE-2022-2625
CWE-913
High
MyBB Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2022-24734)
CVE-2022-24734
CWE-94
High
Drupal Inefficient Regular Expression Complexity Vulnerability (CVE-2022-24729)
CVE-2022-24729
CWE-1333
High
CKEditor Other Vulnerability (CVE-2022-24729)
CVE-2022-24729
-
High
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-2986)
CVE-2022-2986
CWE-352
High
WeBid Other Vulnerability (CVE-2014-5114)
CVE-2014-5114
-
High
WordPress CVE-2014-5203 Vulnerability (CVE-2014-5203)
CVE-2014-5203
-
High
MongoDb Insufficient Session Expiration Vulnerability (CVE-2019-2386)
CVE-2019-2386
CWE-613
High
Apache HTTP Server Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2022-30522)
CVE-2022-30522
CWE-770
High
MongoDb CVE-2019-2390 Vulnerability (CVE-2019-2390)
CVE-2019-2390
-
High
PostgreSQL Untrusted Search Path Vulnerability (CVE-2020-14350)
CVE-2020-14350
CWE-426
High
Moodle Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2020-14322)
CVE-2020-14322
CWE-770
High
MODX Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-2736)
CVE-2014-2736
CWE-138
High
Moodle Incorrect Authorization Vulnerability (CVE-2020-14321)
CVE-2020-14321
CWE-863
High
Oracle HTTP Server CVE-2019-2414 Vulnerability (CVE-2019-2414)
CVE-2019-2414
-
High
Dolibarr Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-14209)
CVE-2020-14209
CWE-434
High
Lighttpd Uncontrolled Resource Consumption Vulnerability (CVE-2022-30780)
CVE-2022-30780
CWE-400
High
Atlassian Jira CVE-2020-14178 Vulnerability (CVE-2020-14178)
CVE-2020-14178
-
High
Play Framework Uncontrolled Resource Consumption Vulnerability (CVE-2022-31018)
CVE-2022-31018
CWE-400
High
Play Framework Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2022-31023)
CVE-2022-31023
CWE-209
High
Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-3482)
CVE-2014-3482
CWE-138
High
Moment.js Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-24785)
CVE-2022-24785
CWE-22
High
Oracle HTTP Server Integer Overflow or Wraparound Vulnerability (CVE-2022-25314)
CVE-2022-25314
CWE-190
High
PHP CVE-2014-3515 Vulnerability (CVE-2014-3515)
CVE-2014-3515
-
High
Drupal Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-25277)
CVE-2022-25277
CWE-434
High
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3530)
CVE-2014-3530
CWE-200
High
Drupal Other Vulnerability (CVE-2022-25275)
CVE-2022-25275
-
High
Drupal Improper Input Validation Vulnerability (CVE-2022-25273)
CVE-2022-25273
CWE-20
High
osCommerce Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-25497)
CVE-2019-25497
CWE-138
High
Craft CMS Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2022-29933)
CVE-2022-29933
CWE-640
High
Drupal Improper Input Validation Vulnerability (CVE-2022-25271)
CVE-2022-25271
CWE-20
High
Atlassian Jira Uncontrolled Search Path Element Vulnerability (CVE-2019-20419)
CVE-2019-20419
CWE-427
High
Atlassian Jira CVE-2019-20413 Vulnerability (CVE-2019-20413)
CVE-2019-20413
-
High
Ruby on Rails Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3514)
CVE-2014-3514
CWE-264
High
Twisted Web HTTP Server Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2022-24801)
CVE-2022-24801
CWE-444
High
OpenSSL Improper Input Validation Vulnerability (CVE-2014-3513)
CVE-2014-3513
CWE-20
High
«
1
...
22
23
24
...
200
»