Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

Known Vulnerabilities

This page lists 13509 vulnerabilities in this category.

Critical: 1465 High: 3387 Medium: 7907 Low: 748 Information: 2
Vulnerability Name
CVE
CWE
Severity
Ruby Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-16255)
CVE-2019-16255
CWE-94
High
TYPO3 Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2022-23503)
CVE-2022-23503
CWE-94
High
TYPO3 Uncontrolled Recursion Vulnerability (CVE-2022-23500)
CVE-2022-23500
CWE-674
High
Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-23498)
CVE-2022-23498
CWE-200
High
EspoCRM Improper Restriction of Excessive Authentication Attempts Vulnerability (CVE-2019-14351)
CVE-2019-14351
CWE-307
High
LimeSurvey Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-16177)
CVE-2019-16177
CWE-200
High
Undertow Uncontrolled Resource Consumption Vulnerability (CVE-2019-14888)
CVE-2019-14888
CWE-400
High
Werkzeug WSGI Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-14322)
CVE-2019-14322
CWE-22
High
Envoy Proxy Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-15225)
CVE-2019-15225
CWE-770
High
Drupal Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-25277)
CVE-2022-25277
CWE-434
High
Drupal Other Vulnerability (CVE-2022-25275)
CVE-2022-25275
-
High
Nexus Repository Manager Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2019-15588)
CVE-2019-15588
CWE-138
High
Serendipity Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-2332)
CVE-2012-2332
CWE-138
High
Drupal Improper Input Validation Vulnerability (CVE-2022-25273)
CVE-2022-25273
CWE-20
High
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2335)
CVE-2012-2335
CWE-264
High
Drupal Improper Input Validation Vulnerability (CVE-2022-25271)
CVE-2022-25271
CWE-20
High
Roundcube Unspesificed Vulnerability (CVE-2019-15237)
CVE-2019-15237
-
High
Envoy Proxy Uncontrolled Resource Consumption Vulnerability (CVE-2019-15226)
CVE-2019-15226
CWE-400
High
XWiki Incorrect Use of Privileged APIs Vulnerability (CVE-2022-24821)
CVE-2022-24821
CWE-648
High
Twisted Web HTTP Server Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2022-24801)
CVE-2022-24801
CWE-444
High
Moment.js Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-24785)
CVE-2022-24785
CWE-22
High
MyBB Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2022-24734)
CVE-2022-24734
CWE-94
High
Jboss EAP Uncontrolled Resource Consumption Vulnerability (CVE-2019-14888)
CVE-2019-14888
CWE-400
High
Nexus Repository Manager CVE-2019-15893 Vulnerability (CVE-2019-15893)
CVE-2019-15893
-
High
Grafana Missing Authentication for Critical Function Vulnerability (CVE-2019-15043)
CVE-2019-15043
CWE-306
High
Python Out-of-bounds Read Vulnerability (CVE-2019-15903)
CVE-2019-15903
CWE-125
High
Python CVE-2019-16056 Vulnerability (CVE-2019-16056)
CVE-2019-16056
-
High
Drupal Inefficient Regular Expression Complexity Vulnerability (CVE-2022-24729)
CVE-2022-24729
CWE-1333
High
Atlassian Jira Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-15001)
CVE-2019-15001
CWE-94
High
PHP Numeric Errors Vulnerability (CVE-2012-2386)
CVE-2012-2386
-
High
CKEditor Other Vulnerability (CVE-2022-24729)
CVE-2022-24729
-
High
phpBB Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-16108)
CVE-2019-16108
CWE-94
High
LimeSurvey Improper Restriction of XML External Entity Reference Vulnerability (CVE-2019-16174)
CVE-2019-16174
CWE-611
High
Jboss EAP Improper Resource Shutdown or Release Vulnerability (CVE-2025-9784)
CVE-2025-9784
CWE-404
High
SharePoint Out-of-bounds Write Vulnerability (CVE-2012-2539)
CVE-2012-2539
CWE-787
High
Nexus Repository Manager Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-16530)
CVE-2019-16530
CWE-434
High
Django Uncontrolled Recursion Vulnerability (CVE-2019-14235)
CVE-2019-14235
CWE-674
High
Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-0983)
CVE-2022-0983
CWE-138
High
phpMyAdmin Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5469)
CVE-2012-5469
CWE-264
High
WebLogic Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-21371)
CVE-2022-21371
CWE-22
High
MyBB Improper Input Validation Vulnerability (CVE-2019-12831)
CVE-2019-12831
CWE-20
High
MySQL CVE-2022-21351 Vulnerability (CVE-2022-21351)
CVE-2022-21351
-
High
LimeSurvey Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-4927)
CVE-2012-4927
CWE-138
High
Oracle JRE CVE-2012-5068 Vulnerability (CVE-2012-5068)
CVE-2012-5068
-
High
MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-12830)
CVE-2019-12830
CWE-707
High
Jboss EAP Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2019-16869)
CVE-2019-16869
CWE-444
High
Liferay Portal Deserialization of Untrusted Data Vulnerability (CVE-2019-16891)
CVE-2019-16891
CWE-502
High
Oracle JRE CVE-2012-5084 Vulnerability (CVE-2012-5084)
CVE-2012-5084
-
High
Oracle JRE CVE-2012-5089 Vulnerability (CVE-2012-5089)
CVE-2012-5089
-
High
phpMyAdmin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-5159)
CVE-2012-5159
CWE-94
High
Perl Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2012-5195)
CVE-2012-5195
CWE-119
High
WebLogic CVE-2022-21292 Vulnerability (CVE-2022-21292)
CVE-2022-21292
-
High
Squid Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2019-12854)
CVE-2019-12854
CWE-119
High
Squid Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-12528)
CVE-2019-12528
CWE-200
High
Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5487)
CVE-2012-5487
CWE-264
High
Plone CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2012-5493)
CVE-2012-5493
CWE-94
High
MySQL CVE-2022-21278 Vulnerability (CVE-2022-21278)
CVE-2022-21278
-
High
PostgreSQL Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-1552)
CVE-2022-1552
CWE-138
High
OpenSSL Incomplete Cleanup Vulnerability (CVE-2022-1473)
CVE-2022-1473
CWE-459
High
Undertow Unchecked Return Value Vulnerability (CVE-2022-1319)
CVE-2022-1319
CWE-252
High
Jboss EAP CVE-2012-5626 Vulnerability (CVE-2012-5626)
CVE-2012-5626
-
High
Squid Out-of-bounds Write Vulnerability (CVE-2019-12527)
CVE-2019-12527
CWE-787
High
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5629)
CVE-2012-5629
CWE-264
High
Undertow CVE-2022-1259 Vulnerability (CVE-2022-1259)
CVE-2022-1259
-
High
Jboss EAP CVE-2022-1259 Vulnerability (CVE-2022-1259)
CVE-2022-1259
-
High
WebLogic CVE-2022-21441 Vulnerability (CVE-2022-21441)
CVE-2022-21441
-
High
Jenkins Improper Input Validation Vulnerability (CVE-2012-4438)
CVE-2012-4438
CWE-20
High
Django Uncontrolled Resource Consumption Vulnerability (CVE-2019-14233)
CVE-2019-14233
CWE-400
High
Grafana Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-21703)
CVE-2022-21703
CWE-352
High
Django Uncontrolled Resource Consumption Vulnerability (CVE-2019-14232)
CVE-2019-14232
CWE-400
High
PrestaShop Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-13461)
CVE-2019-13461
CWE-639
High
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2022-23307)
CVE-2022-23307
CWE-502
High
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2022-23302)
CVE-2022-23302
CWE-502
High
Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2022-23181)
CVE-2022-23181
CWE-367
High
Python Files or Directories Accessible to External Parties Vulnerability (CVE-2019-13404)
CVE-2019-13404
CWE-552
High