🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Invicti vs. Competitors
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
MSSP
Documentation
Vulnerability Database
Get a demo
Home
/
Web Application Vulnerabilities
/ Known Vulnerabilities
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
Known Vulnerabilities
This page lists
14981 vulnerabilities
in this category.
Critical: 1612
High: 4015
Medium: 8569
Low: 783
Information: 2
Vulnerability Name
CVE
CWE
Severity
WordPress Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2008-4796)
CVE-2008-4796
CWE-138
Critical
PHP Numeric Errors Vulnerability (CVE-2016-4344)
CVE-2016-4344
-
Critical
PHP Numeric Errors Vulnerability (CVE-2016-4345)
CVE-2016-4345
-
Critical
PHP Numeric Errors Vulnerability (CVE-2016-4346)
CVE-2016-4346
-
Critical
WordPress Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-4769)
CVE-2008-4769
CWE-22
Critical
PHP Use After Free Vulnerability (CVE-2016-4473)
CVE-2016-4473
CWE-416
Critical
PHP Improper Input Validation Vulnerability (CVE-2016-4537)
CVE-2016-4537
CWE-20
Critical
PHP Improper Input Validation Vulnerability (CVE-2016-4538)
CVE-2016-4538
CWE-20
Critical
PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-4539)
CVE-2016-4539
CWE-119
Critical
PHP Other Vulnerability (CVE-2016-4541)
CVE-2016-4541
-
Critical
Sqlite Integer Overflow or Wraparound Vulnerability (CVE-2025-3277)
CVE-2025-3277
CWE-190
Critical
PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-5114)
CVE-2016-5114
CWE-119
Critical
Liferay DXP Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2025-43766)
CVE-2025-43766
CWE-434
Critical
Liferay Portal Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2025-43766)
CVE-2025-43766
CWE-434
Critical
WebLogic CVE-2021-2382 Vulnerability (CVE-2021-2382)
CVE-2021-2382
-
Critical
WebLogic CVE-2021-2394 Vulnerability (CVE-2021-2394)
CVE-2021-2394
-
Critical
WebLogic CVE-2021-2397 Vulnerability (CVE-2021-2397)
CVE-2021-2397
-
Critical
Beego Framework CVE-2021-30080 Vulnerability (CVE-2021-30080)
CVE-2021-30080
-
Critical
SharePoint Integer Overflow or Wraparound Vulnerability (CVE-2008-4019)
CVE-2008-4019
CWE-190
Critical
PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-4542)
CVE-2016-4542
CWE-119
Critical
Jboss EAP CVE-2016-5018 Vulnerability (CVE-2016-5018)
CVE-2016-5018
-
Critical
Jetty Improper Access Control Vulnerability (CVE-2016-4800)
CVE-2016-4800
CWE-284
Critical
LimeSurvey Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-41375)
CVE-2025-41375
CWE-138
Critical
Grafana Incorrect Privilege Assignment Vulnerability (CVE-2025-41115)
CVE-2025-41115
CWE-266
Critical
PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-4544)
CVE-2016-4544
CWE-119
Critical
PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-4543)
CVE-2016-4543
CWE-119
Critical
Liferay DXP Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2025-3594)
CVE-2025-3594
CWE-22
Critical
MongoDb Improper Check for Certificate Revocation Vulnerability (CVE-2025-3085)
CVE-2025-3085
CWE-299
Critical
WebLogic CVE-2016-5531 Vulnerability (CVE-2016-5531)
CVE-2016-5531
-
Critical
IBM WebSEAL Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2016-3028)
CVE-2016-3028
CWE-138
Critical
CrushFTP Server Other Vulnerability (CVE-2025-31161)
CVE-2025-31161
-
Critical
PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-3141)
CVE-2016-3141
CWE-119
Critical
PHP Double Free Vulnerability (CVE-2016-3132)
CVE-2016-3132
CWE-415
Critical
PHP Integer Overflow or Wraparound Vulnerability (CVE-2016-3078)
CVE-2016-3078
CWE-190
Critical
PHP Incorrect Conversion between Numeric Types Vulnerability (CVE-2016-3074)
CVE-2016-3074
CWE-681
Critical
PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-3065)
CVE-2016-3065
CWE-264
Critical
Beego Framework Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-30223)
CVE-2025-30223
CWE-707
Critical
Apache Tomcat Improper Encoding or Escaping of Output Vulnerability (CVE-2025-31651)
CVE-2025-31651
CWE-116
Critical
Oracle Application Server CVE-2008-7233 Vulnerability (CVE-2008-7233)
CVE-2008-7233
-
Critical
Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-32615)
CVE-2021-32615
CWE-138
Critical
XWikiplatform Missing Authorization Vulnerability (CVE-2025-29926)
CVE-2025-29926
CWE-862
Critical
OpenSSL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-2842)
CVE-2016-2842
CWE-119
Critical
phpMyAdmin Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-7251)
CVE-2008-7251
CWE-264
Critical
phpMyAdmin Cryptographic Issues Vulnerability (CVE-2008-7252)
CVE-2008-7252
-
Critical
WordPress CVE-2008-6767 Vulnerability (CVE-2008-6767)
CVE-2008-6767
-
Critical
WebLogic CVE-2016-3499 Vulnerability (CVE-2016-3499)
CVE-2016-3499
-
Critical
Magento Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2016-4010)
CVE-2016-4010
CWE-138
Critical
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2016-3690)
CVE-2016-3690
CWE-502
Critical
XWikiplatform Improper Encoding or Escaping of Output Vulnerability (CVE-2025-32974)
CVE-2025-32974
CWE-116
Critical
XWikiplatform Missing Authorization Vulnerability (CVE-2025-32973)
CVE-2025-32973
CWE-862
Critical
PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2008-5557)
CVE-2008-5557
CWE-119
Critical
MediaWiki Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2021-31556)
CVE-2021-31556
CWE-327
Critical
XWikiplatform Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-32969)
CVE-2025-32969
CWE-138
Critical
Ruby Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2021-31799)
CVE-2021-31799
CWE-138
Critical
PrestaShop CVE-2008-5791 Vulnerability (CVE-2008-5791)
CVE-2008-5791
-
Critical
WebLogic CVE-2016-3510 Vulnerability (CVE-2016-3510)
CVE-2016-3510
-
Critical
Craft CMS CVE-2025-32432 Vulnerability (CVE-2025-32432)
CVE-2025-32432
-
Critical
GlassFish CVE-2016-3607 Vulnerability (CVE-2016-3607)
CVE-2016-3607
-
Critical
WebLogic CVE-2016-3586 Vulnerability (CVE-2016-3586)
CVE-2016-3586
-
Critical
XWikiplatform Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-32429)
CVE-2025-32429
CWE-138
Critical
WebLogic CVE-2016-3551 Vulnerability (CVE-2016-3551)
CVE-2016-3551
-
Critical
Drupal Configuration Vulnerability (CVE-2008-6171)
CVE-2008-6171
-
Critical
GlassFish CVE-2016-5528 Vulnerability (CVE-2016-5528)
CVE-2016-5528
-
Critical
WebLogic CVE-2016-5535 Vulnerability (CVE-2016-5535)
CVE-2016-5535
-
Critical
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8902)
CVE-2016-8902
CWE-138
Critical
PHP CVE-2008-2051 Vulnerability (CVE-2008-2051)
CVE-2008-2051
-
Critical
PHP Use After Free Vulnerability (CVE-2016-7413)
CVE-2016-7413
CWE-416
Critical
PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-7411)
CVE-2016-7411
CWE-119
Critical
WebLogic CVE-2021-2047 Vulnerability (CVE-2021-2047)
CVE-2021-2047
-
Critical
PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-7134)
CVE-2016-7134
CWE-119
Critical
e107 Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-1989)
CVE-2008-1989
CWE-94
Critical
PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2008-2050)
CVE-2008-2050
CWE-119
Critical
PHP Improper Input Validation Vulnerability (CVE-2016-7129)
CVE-2016-7129
CWE-20
Critical
Python Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2008-1887)
CVE-2008-1887
CWE-120
Critical
PHP Out-of-bounds Write Vulnerability (CVE-2016-7127)
CVE-2016-7127
CWE-787
Critical
«
1
2
3
4
...
200
»