Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

Known Vulnerabilities

This page lists 13509 vulnerabilities in this category.

Critical: 1465 High: 3387 Medium: 7907 Low: 748 Information: 2
Vulnerability Name
CVE
CWE
Severity
Oracle JRE CVE-2013-2394 Vulnerability (CVE-2013-2394)
CVE-2013-2394
-
High
TYPO3 Improper Input Validation Vulnerability (CVE-2019-11832)
CVE-2019-11832
CWE-20
High
PHP-Fusion Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-3172)
CVE-2021-3172
CWE-732
High
LimeSurvey Improper Input Validation Vulnerability (CVE-2019-15640)
CVE-2019-15640
CWE-20
High
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17306)
CVE-2019-17306
CWE-94
High
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17307)
CVE-2019-17307
CWE-94
High
Jboss EAP Improper Input Validation Vulnerability (CVE-2013-2185)
CVE-2013-2185
CWE-20
High
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17308)
CVE-2019-17308
CWE-94
High
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17309)
CVE-2019-17309
CWE-94
High
Oracle JRE CVE-2013-2429 Vulnerability (CVE-2013-2429)
CVE-2013-2429
-
High
Oracle JRE CVE-2013-2430 Vulnerability (CVE-2013-2430)
CVE-2013-2430
-
High
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17310)
CVE-2019-17310
CWE-94
High
SugarCRM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-17311)
CVE-2019-17311
CWE-22
High
Envoy Proxy Incorrect Authorization Vulnerability (CVE-2021-39206)
CVE-2021-39206
CWE-863
High
SugarCRM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-17312)
CVE-2019-17312
CWE-22
High
SugarCRM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-17313)
CVE-2019-17313
CWE-22
High
SugarCRM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-17314)
CVE-2019-17314
CWE-22
High
Envoy Proxy Excessive Iteration Vulnerability (CVE-2021-39204)
CVE-2021-39204
CWE-834
High
SugarCRM Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability (CVE-2019-17315)
CVE-2019-17315
CWE-915
High
Undertow Uncontrolled Resource Consumption Vulnerability (CVE-2021-3629)
CVE-2021-3629
CWE-400
High
Apache Tomcat Improper Input Validation Vulnerability (CVE-2013-2185)
CVE-2013-2185
CWE-20
High
Envoy Proxy Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2021-39162)
CVE-2021-39162
CWE-754
High
SharePoint CVE-2021-40482 Vulnerability (CVE-2021-40482)
CVE-2021-40482
-
High
Atlassian Jira Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2021-41305)
CVE-2021-41305
CWE-639
High
PostgreSQL Numeric Errors Vulnerability (CVE-2013-1900)
CVE-2013-1900
-
High
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17302)
CVE-2019-17302
CWE-94
High
TYPO3 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-41113)
CVE-2021-41113
CWE-352
High
Apache Tomcat Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2021-41079)
CVE-2021-41079
CWE-835
High
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17303)
CVE-2019-17303
CWE-94
High
ProjectSend Incorrect Authorization Vulnerability (CVE-2021-40884)
CVE-2021-40884
CWE-863
High
Nginx Out-of-bounds Write Vulnerability (CVE-2013-2028)
CVE-2013-2028
CWE-787
High
WebLogic Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-40690)
CVE-2021-40690
CWE-200
High
Chamilo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-40662)
CVE-2021-40662
CWE-352
High
Piwigo Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2021-40553)
CVE-2021-40553
CWE-138
High
SharePoint CVE-2021-40487 Vulnerability (CVE-2021-40487)
CVE-2021-40487
-
High
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17304)
CVE-2019-17304
CWE-94
High
Jboss EAP Uncontrolled Resource Consumption Vulnerability (CVE-2021-3690)
CVE-2021-3690
CWE-400
High
Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-40317)
CVE-2021-40317
CWE-138
High
Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-40313)
CVE-2021-40313
CWE-138
High
Elgg Exposure of Private Personal Information to an Unauthorized Actor Vulnerability (CVE-2021-3980)
CVE-2021-3980
CWE-359
High
Jboss EAP Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-3859)
CVE-2021-3859
CWE-668
High
Undertow Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-3859)
CVE-2021-3859
CWE-668
High
axios Uncontrolled Resource Consumption Vulnerability (CVE-2021-3749)
CVE-2021-3749
CWE-400
High
Python Uncontrolled Resource Consumption Vulnerability (CVE-2021-3737)
CVE-2021-3737
CWE-400
High
YOURLS Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2021-3734)
CVE-2021-3734
CWE-1021
High
Jboss EAP Files or Directories Accessible to External Parties Vulnerability (CVE-2021-3717)
CVE-2021-3717
CWE-552
High
OpenSSL Out-of-bounds Read Vulnerability (CVE-2021-3712)
CVE-2021-3712
CWE-125
High
Undertow Uncontrolled Resource Consumption Vulnerability (CVE-2021-3690)
CVE-2021-3690
CWE-400
High
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2165)
CVE-2013-2165
CWE-264
High
Oracle JRE CVE-2013-2442 Vulnerability (CVE-2013-2442)
CVE-2013-2442
-
High
Oracle JRE CVE-2013-2445 Vulnerability (CVE-2013-2445)
CVE-2013-2445
-
High
WordPress Improper Input Validation Vulnerability (CVE-2013-4339)
CVE-2013-4339
CWE-20
High
Dolibarr Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-11201)
CVE-2019-11201
CWE-94
High
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2021-37147)
CVE-2021-37147
CWE-20
High
ProjectSend Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-11378)
CVE-2019-11378
CWE-434
High
Sqlite CVE-2021-36690 Vulnerability (CVE-2021-36690)
CVE-2021-36690
-
High
Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-36625)
CVE-2021-36625
CWE-138
High
SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-17319)
CVE-2019-17319
CWE-138
High
Varnish Cache Other Vulnerability (CVE-2013-4090)
CVE-2013-4090
-
High
WebLogic Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2019-17359)
CVE-2019-17359
CWE-770
High
Squid Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2013-4115)
CVE-2013-4115
CWE-119
High
Moodle Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-36396)
CVE-2021-36396
CWE-918
High
Moodle Uncontrolled Recursion Vulnerability (CVE-2021-36395)
CVE-2021-36395
CWE-674
High
Oracle HTTP Server Out-of-bounds Read Vulnerability (CVE-2021-36160)
CVE-2021-36160
CWE-125
High
MediaWiki Incorrect Authorization Vulnerability (CVE-2021-36132)
CVE-2021-36132
CWE-863
High
MediaWiki Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2021-36125)
CVE-2021-36125
CWE-835
High
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2021-37149)
CVE-2021-37149
CWE-20
High
Dolibarr CVE-2019-11200 Vulnerability (CVE-2019-11200)
CVE-2019-11200
-
High
Magento Improper Access Control Vulnerability (CVE-2021-36036)
CVE-2021-36036
CWE-284
High
Magento Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2021-36023)
CVE-2021-36023
CWE-138
High
Magento CVE-2021-36021 Vulnerability (CVE-2021-36021)
CVE-2021-36021
-
High
Python CVE-2019-17514 Vulnerability (CVE-2019-17514)
CVE-2019-17514
-
High
Restlet Framework XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2013-4221)
CVE-2013-4221
CWE-91
High
Restlet Framework Deserialization of Untrusted Data Vulnerability (CVE-2013-4271)
CVE-2013-4271
CWE-502
High
Oracle HTTP Server Out-of-bounds Read Vulnerability (CVE-2021-35940)
CVE-2021-35940
CWE-125
High