Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

Known Vulnerabilities

This page lists 13509 vulnerabilities in this category.

Critical: 1465 High: 3387 Medium: 7907 Low: 748 Information: 2
Vulnerability Name
CVE
CWE
Severity
ATutor Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-12169)
CVE-2019-12169
CWE-434
High
Craft CMS Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2021-41824)
CVE-2021-41824
CWE-1236
High
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1635)
CVE-2013-1635
CWE-264
High
PHPFusion Code Execution Vulnerability (CVE-2019-12099)
CVE-2019-12099
-
High
Ruby CVE-2021-41819 Vulnerability (CVE-2021-41819)
CVE-2021-41819
-
High
Perl Resource Management Errors Vulnerability (CVE-2013-1667)
CVE-2013-1667
-
High
PHP Address Book Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-1748)
CVE-2013-1748
CWE-138
High
Python CVE-2013-1753 Vulnerability (CVE-2013-1753)
CVE-2013-1753
-
High
Apache Tomcat Missing Release of Resource after Effective Lifetime Vulnerability (CVE-2021-42340)
CVE-2021-42340
CWE-772
High
PHP-Fusion Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-1803)
CVE-2013-1803
CWE-138
High
MediaWiki Incorrect Authorization Vulnerability (CVE-2021-41801)
CVE-2021-41801
CWE-863
High
MediaWiki Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2021-41799)
CVE-2021-41799
CWE-770
High
MediaWiki Improper Input Validation Vulnerability (CVE-2013-1816)
CVE-2013-1816
CWE-20
High
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-1817)
CVE-2013-1817
CWE-200
High
Apache HTTP Server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-41773)
CVE-2021-41773
CWE-22
High
Oracle HTTP Server Other Vulnerability (CVE-2021-41617)
CVE-2021-41617
-
High
Squid Improper Certificate Validation Vulnerability (CVE-2021-41611)
CVE-2021-41611
CWE-295
High
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2021-41585)
CVE-2021-41585
CWE-20
High
Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2021-41524)
CVE-2021-41524
CWE-476
High
SharePoint CVE-2021-41344 Vulnerability (CVE-2021-41344)
CVE-2021-41344
-
High
Atlassian Jira Improper Authentication Vulnerability (CVE-2021-41312)
CVE-2021-41312
CWE-287
High
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17301)
CVE-2019-17301
CWE-94
High
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17300)
CVE-2019-17300
CWE-94
High
Oracle JRE CVE-2013-0419 Vulnerability (CVE-2013-0419)
CVE-2013-0419
-
High
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-43559)
CVE-2021-43559
CWE-352
High
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-12466)
CVE-2019-12466
CWE-352
High
Apache Traffic Server Uncontrolled Resource Consumption Vulnerability (CVE-2019-9512)
CVE-2019-9512
CWE-400
High
Oracle JRE CVE-2013-0423 Vulnerability (CVE-2013-0423)
CVE-2013-0423
-
High
Apache Tomcat Insufficiently Protected Credentials Vulnerability (CVE-2019-12418)
CVE-2019-12418
CWE-522
High
SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-17292)
CVE-2019-17292
CWE-138
High
Oracle JRE CVE-2013-0429 Vulnerability (CVE-2013-0429)
CVE-2013-0429
-
High
Next.js CVE-2021-43803 Vulnerability (CVE-2021-43803)
CVE-2021-43803
-
High
Grafana Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-43798)
CVE-2021-43798
CWE-22
High
SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-17293)
CVE-2019-17293
CWE-138
High
PostgreSQL Improper Certificate Validation Vulnerability (CVE-2021-43766)
CVE-2021-43766
CWE-295
High
SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-17294)
CVE-2019-17294
CWE-138
High
SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-17295)
CVE-2019-17295
CWE-138
High
Oracle JRE CVE-2013-0444 Vulnerability (CVE-2013-0444)
CVE-2013-0444
-
High
MySQL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2013-1492)
CVE-2013-1492
CWE-119
High
ATutor Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2021-43498)
CVE-2021-43498
CWE-640
High
jQuery Validation Other Vulnerability (CVE-2021-43306)
CVE-2021-43306
-
High
MyBB Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-43281)
CVE-2021-43281
CWE-94
High
Joomla Other Vulnerability (CVE-2013-1453)
CVE-2013-1453
-
High
CubeCart Improper Input Validation Vulnerability (CVE-2013-1465)
CVE-2013-1465
CWE-20
High
Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-1468)
CVE-2013-1468
CWE-352
High
Oracle HTTP Server Uncontrolled Recursion Vulnerability (CVE-2021-42717)
CVE-2021-42717
CWE-674
High
Ampache Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-12385)
CVE-2019-12385
CWE-138
High
SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-17296)
CVE-2019-17296
CWE-138
High
SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-17297)
CVE-2019-17297
CWE-138
High
SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-17298)
CVE-2019-17298
CWE-138
High
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17299)
CVE-2019-17299
CWE-94
High
Dolibarr Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2022-0819)
CVE-2022-0819
CWE-94
High
ClipBucket Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-5849)
CVE-2012-5849
CWE-138
High
Atlassian Jira Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2021-41306)
CVE-2021-41306
CWE-639
High
Werkzeug WSGI Insufficient Entropy Vulnerability (CVE-2019-14806)
CVE-2019-14806
CWE-331
High
Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-2695)
CVE-2012-2695
CWE-138
High
phpList Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-2740)
CVE-2012-2740
CWE-138
High
Joomla CVE-2012-2747 Vulnerability (CVE-2012-2747)
CVE-2012-2747
-
High
LimeSurvey Incorrect Default Permissions Vulnerability (CVE-2019-16185)
CVE-2019-16185
CWE-276
High
Jboss EAP Incorrect Authorization Vulnerability (CVE-2019-14843)
CVE-2019-14843
CWE-863
High
LimeSurvey Incorrect Default Permissions Vulnerability (CVE-2019-16186)
CVE-2019-16186
CWE-276
High
LimeSurvey Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2019-16187)
CVE-2019-16187
CWE-732
High
Serendipity Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-2762)
CVE-2012-2762
CWE-138
High
Joomla Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-23793)
CVE-2022-23793
CWE-22
High
Ruby Improper Authentication Vulnerability (CVE-2019-16201)
CVE-2019-16201
CWE-287
High
Next.js User Interface (UI) Misrepresentation of Critical Information Vulnerability (CVE-2022-23646)
CVE-2022-23646
CWE-451
High
Resin Application Server Improper Input Validation Vulnerability (CVE-2012-2965)
CVE-2012-2965
CWE-20
High
Django Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2022-23833)
CVE-2022-23833
CWE-835
High
Resin Application Server Other Vulnerability (CVE-2012-2966)
CVE-2012-2966
-
High
Resin Application Server Other Vulnerability (CVE-2012-2967)
CVE-2012-2967
-
High
osTicket Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2019-14749)
CVE-2019-14749
CWE-1236
High
XWiki Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2022-23619)
CVE-2022-23619
CWE-640
High
Joomla CVE-2019-14654 Vulnerability (CVE-2019-14654)
CVE-2019-14654
-
High
MySQL CVE-2012-3158 Vulnerability (CVE-2012-3158)
CVE-2012-3158
-
High
Oracle JRE CVE-2012-3159 Vulnerability (CVE-2012-3159)
CVE-2012-3159
-
High