Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Known Vulnerabilities

This page lists 14673 vulnerabilities in this category.

Critical: 1573 High: 3882 Medium: 8446 Low: 770 Information: 2
Vulnerability Name
CVE
CWE
Severity
Drupal CVE-2017-6930 Vulnerability (CVE-2017-6930)
CVE-2017-6930
-
High
WordPress Use of Insufficiently Random Values Vulnerability (CVE-2017-17091)
CVE-2017-17091
CWE-330
High
Contao Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-10993)
CVE-2017-10993
CWE-22
High
PHP Improper Input Validation Vulnerability (CVE-2017-7189)
CVE-2017-7189
CWE-20
High
Seo Panel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-10839)
CVE-2017-10839
CWE-138
High
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-11145)
CVE-2017-11145
CWE-200
High
PHP Server-Side Request Forgery (SSRF) Vulnerability (CVE-2017-7272)
CVE-2017-7272
CWE-918
High
Ruby Improper Authentication Vulnerability (CVE-2017-10784)
CVE-2017-10784
CWE-287
High
Liferay Portal Missing Release of Memory after Effective Lifetime Vulnerability (CVE-2025-43816)
CVE-2025-43816
CWE-401
High
Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-10681)
CVE-2017-10681
CWE-352
High
Dot CMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-3189)
CVE-2017-3189
CWE-434
High
Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-10680)
CVE-2017-10680
CWE-352
High
XOOPS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-7290)
CVE-2017-7290
CWE-138
High
Piwigo Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-10679)
CVE-2017-10679
CWE-200
High
Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-10678)
CVE-2017-10678
CWE-352
High
MODX Improper Certificate Validation Vulnerability (CVE-2017-7322)
CVE-2017-7322
CWE-295
High
MODX CVE-2017-7323 Vulnerability (CVE-2017-7323)
CVE-2017-7323
-
High
Drupal Improper Privilege Management Vulnerability (CVE-2017-6924)
CVE-2017-6924
CWE-269
High
Liferay DXP Insertion of Sensitive Information Into Sent Data Vulnerability (CVE-2025-43768)
CVE-2025-43768
CWE-201
High
Liferay DXP Uncontrolled Resource Consumption Vulnerability (CVE-2025-43796)
CVE-2025-43796
CWE-400
High
Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-17774)
CVE-2017-17774
CWE-352
High
Liferay Portal Unchecked Input for Loop Condition Vulnerability (CVE-2025-43801)
CVE-2025-43801
CWE-606
High
Joomla Improper Certificate Validation Vulnerability (CVE-2017-11364)
CVE-2017-11364
CWE-295
High
Apache Tomcat Improper Resource Shutdown or Release Vulnerability (CVE-2017-5650)
CVE-2017-5650
CWE-404
High
Perl Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2017-12837)
CVE-2017-12837
CWE-119
High
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2025-3638)
CVE-2025-3638
CWE-352
High
Dolibarr Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-17898)
CVE-2017-17898
CWE-200
High
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2017-5659)
CVE-2017-5659
CWE-20
High
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2017-5660)
CVE-2017-5660
CWE-20
High
Apache Tomcat Improper Handling of Exceptional Conditions Vulnerability (CVE-2017-5664)
CVE-2017-5664
CWE-755
High
Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-17827)
CVE-2017-17827
CWE-352
High
Moodle Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-3625)
CVE-2025-3625
CWE-639
High
Ruby Improper Input Validation Vulnerability (CVE-2017-6181)
CVE-2017-6181
CWE-20
High
Liferay DXP Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2025-43813)
CVE-2025-43813
CWE-22
High
Liferay Portal Insertion of Sensitive Information Into Sent Data Vulnerability (CVE-2025-43768)
CVE-2025-43768
CWE-201
High
Drupal Incorrect Authorization Vulnerability (CVE-2017-6377)
CVE-2017-6377
CWE-863
High
Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-6379)
CVE-2017-6379
CWE-352
High
Drupal Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2017-6381)
CVE-2017-6381
CWE-829
High
PHP NULL Pointer Dereference Vulnerability (CVE-2017-6441)
CVE-2017-6441
CWE-476
High
Drupal CVE-2017-6919 Vulnerability (CVE-2017-6919)
CVE-2017-6919
-
High
Liferay DXP Unchecked Input for Loop Condition Vulnerability (CVE-2025-43801)
CVE-2025-43801
CWE-606
High
PHP NULL Pointer Dereference Vulnerability (CVE-2017-9229)
CVE-2017-9229
CWE-476
High
PHP Use After Free Vulnerability (CVE-2017-12934)
CVE-2017-12934
CWE-416
High
Liferay Portal Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2025-43813)
CVE-2025-43813
CWE-22
High
Python Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2017-17522)
CVE-2017-17522
CWE-138
High
Restlet Framework Improper Restriction of XML External Entity Reference Vulnerability (CVE-2017-14949)
CVE-2017-14949
CWE-611
High
WebLogic Missing Authentication for Critical Function Vulnerability (CVE-2025-30762)
CVE-2025-30762
CWE-306
High
Python Improper Restriction of XML External Entity Reference Vulnerability (CVE-2017-9233)
CVE-2017-9233
CWE-611
High
Apache Tomcat Uncontrolled Resource Consumption Vulnerability (CVE-2019-0199)
CVE-2019-0199
CWE-400
High
Oracle HTTP Server Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2019-0217)
CVE-2019-0217
CWE-362
High
Apache HTTP Server Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2019-0217)
CVE-2019-0217
CWE-362
High
Apache HTTP Server CVE-2019-0215 Vulnerability (CVE-2019-0215)
CVE-2019-0215
-
High
Oracle HTTP Server Use After Free Vulnerability (CVE-2019-0211)
CVE-2019-0211
CWE-416
High
Apache HTTP Server Use After Free Vulnerability (CVE-2019-0211)
CVE-2019-0211
CWE-416
High
Jboss EAP Out-of-bounds Read Vulnerability (CVE-2019-0210)
CVE-2019-0210
CWE-125
High
PHP Integer Overflow or Wraparound Vulnerability (CVE-2025-14178)
CVE-2025-14178
CWE-190
High
Jboss EAP Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2019-0205)
CVE-2019-0205
CWE-835
High
PHP NULL Pointer Dereference Vulnerability (CVE-2025-14180)
CVE-2025-14180
CWE-476
High
SharePoint CVE-2019-0585 Vulnerability (CVE-2019-0585)
CVE-2019-0585
-
High
Apache HTTP Server CVE-2019-0190 Vulnerability (CVE-2019-0190)
CVE-2019-0190
-
High
Roundcube Unspesificed Vulnerability (CVE-2018-9846)
CVE-2018-9846
-
High
Django Inefficient Algorithmic Complexity Vulnerability (CVE-2025-14550)
CVE-2025-14550
CWE-407
High
MongoDb Improper Handling of Length Parameter Inconsistency Vulnerability (CVE-2025-14847)
CVE-2025-14847
CWE-130
High
OpenSSL Out-of-bounds Write Vulnerability (CVE-2025-15467)
CVE-2025-15467
CWE-787
High
PHP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-1735)
CVE-2025-1735
CWE-138
High
Ruby Improper Input Validation Vulnerability (CVE-2018-8779)
CVE-2018-8779
CWE-20
High
Ruby Use of Externally-Controlled Format String Vulnerability (CVE-2018-8778)
CVE-2018-8778
CWE-134
High
Apache Tomcat Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2019-0232)
CVE-2019-0232
CWE-138
High
SharePoint Improper Input Validation Vulnerability (CVE-2019-0594)
CVE-2019-0594
CWE-20
High
Sqlite NULL Pointer Dereference Vulnerability (CVE-2018-8740)
CVE-2018-8740
CWE-476
High
MongoDb Reachable Assertion Vulnerability (CVE-2025-13644)
CVE-2025-13644
CWE-617
High
PostgreSQL Out-of-bounds Write Vulnerability (CVE-2019-10164)
CVE-2019-10164
CWE-787
High
Moodle Other Vulnerability (CVE-2019-10154)
CVE-2019-10154
-
High
PostgreSQL Improper Access Control Vulnerability (CVE-2019-10128)
CVE-2019-10128
CWE-284
High
PostgreSQL Improper Access Control Vulnerability (CVE-2019-10127)
CVE-2019-10127
CWE-284
High