🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Invicti vs. Competitors
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
MSSP
Documentation
Vulnerability Database
Get a demo
Home
/
Web Application Vulnerabilities
/ Known Vulnerabilities
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
Known Vulnerabilities
This page lists
14981 vulnerabilities
in this category.
Critical: 1612
High: 4015
Medium: 8569
Low: 783
Information: 2
Vulnerability Name
CVE
CWE
Severity
Drupal Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-13671)
CVE-2020-13671
CWE-434
High
Drupal Exposure of Resource to Wrong Sphere Vulnerability (CVE-2020-13670)
CVE-2020-13670
CWE-668
High
ownCloud Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-2051)
CVE-2014-2051
CWE-94
High
Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-32297)
CVE-2022-32297
CWE-138
High
Grafana Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-32275)
CVE-2022-32275
CWE-22
High
Jenkins Incorrect Authorization Vulnerability (CVE-2022-34175)
CVE-2022-34175
CWE-863
High
MODX Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-2311)
CVE-2014-2311
CWE-138
High
PHP Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2022-31626)
CVE-2022-31626
CWE-120
High
Oracle JRE CVE-2014-2402 Vulnerability (CVE-2014-2402)
CVE-2014-2402
-
High
Oracle Database Server CVE-2019-2518 Vulnerability (CVE-2019-2518)
CVE-2019-2518
-
High
PHP Out-of-bounds Read Vulnerability (CVE-2022-31630)
CVE-2022-31630
CWE-125
High
Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2020-13950)
CVE-2020-13950
CWE-476
High
MySQL CVE-2019-2534 Vulnerability (CVE-2019-2534)
CVE-2019-2534
-
High
ownCloud Exposure of Resource to Wrong Sphere Vulnerability (CVE-2022-31649)
CVE-2022-31649
CWE-668
High
Apache Tomcat Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2020-13935)
CVE-2020-13935
CWE-835
High
osTicket Session Fixation Vulnerability (CVE-2022-31888)
CVE-2022-31888
CWE-384
High
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2022-31778)
CVE-2022-31778
CWE-20
High
Apache Tomcat Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2020-13934)
CVE-2020-13934
CWE-119
High
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2022-31779)
CVE-2022-31779
CWE-20
High
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2022-31780)
CVE-2022-31780
CWE-20
High
Sqlite Use After Free Vulnerability (CVE-2020-13871)
CVE-2020-13871
CWE-416
High
Joomla Improper Preservation of Permissions Vulnerability (CVE-2020-13763)
CVE-2020-13763
CWE-281
High
Telerik Web UI Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-2217)
CVE-2014-2217
CWE-22
High
Jenkins Observable Discrepancy Vulnerability (CVE-2022-34174)
CVE-2022-34174
CWE-203
High
Java Unspesificed Vulnerability (CVE-2019-2602)
CVE-2019-2602
-
High
Oracle JRE CVE-2014-0446 Vulnerability (CVE-2014-0446)
CVE-2014-0446
-
High
Oracle JRE CVE-2014-0458 Vulnerability (CVE-2014-0458)
CVE-2014-0458
-
High
Rukovoditel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-13591)
CVE-2020-13591
CWE-138
High
XWiki Other Vulnerability (CVE-2022-36090)
CVE-2022-36090
-
High
XWiki Missing Authorization Vulnerability (CVE-2022-36091)
CVE-2022-36091
CWE-862
High
Rukovoditel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-13590)
CVE-2020-13590
CWE-138
High
XWiki Improper Authentication Vulnerability (CVE-2022-36092)
CVE-2022-36092
CWE-287
High
XWiki Improper Authentication Vulnerability (CVE-2022-36093)
CVE-2022-36093
CWE-287
High
Rukovoditel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-13589)
CVE-2020-13589
CWE-138
High
SharePoint CVE-2022-35823 Vulnerability (CVE-2022-35823)
CVE-2022-35823
-
High
Rukovoditel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-13588)
CVE-2020-13588
CWE-138
High
WebLogic CVE-2019-2647 Vulnerability (CVE-2019-2647)
CVE-2019-2647
-
High
Oracle JRE CVE-2014-0454 Vulnerability (CVE-2014-0454)
CVE-2014-0454
-
High
WebLogic CVE-2019-2648 Vulnerability (CVE-2019-2648)
CVE-2019-2648
-
High
Oracle JRE CVE-2014-0452 Vulnerability (CVE-2014-0452)
CVE-2014-0452
-
High
Oracle JRE CVE-2014-0451 Vulnerability (CVE-2014-0451)
CVE-2014-0451
-
High
Oracle JRE CVE-2014-0448 Vulnerability (CVE-2014-0448)
CVE-2014-0448
-
High
RubyGems Improper Authentication Vulnerability (CVE-2022-36073)
CVE-2022-36073
CWE-287
High
Sqlite Improper Validation of Array Index Vulnerability (CVE-2022-35737)
CVE-2022-35737
CWE-129
High
Magento XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2022-34253)
CVE-2022-34253
CWE-91
High
Skipper Incorrect Authorization Vulnerability (CVE-2022-34296)
CVE-2022-34296
CWE-863
High
ownCloud Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-2044)
CVE-2014-2044
CWE-94
High
Magento Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-34254)
CVE-2022-34254
CWE-22
High
Magento Incorrect Authorization Vulnerability (CVE-2022-34255)
CVE-2022-34255
CWE-863
High
Python Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-1912)
CVE-2014-1912
CWE-119
High
Drupal Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2020-13664)
CVE-2020-13664
CWE-138
High
Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-13663)
CVE-2020-13663
CWE-352
High
XWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2020-13654)
CVE-2020-13654
CWE-116
High
SharePoint Out-of-bounds Write Vulnerability (CVE-2014-1761)
CVE-2014-1761
CWE-787
High
MySQL CVE-2019-2632 Vulnerability (CVE-2019-2632)
CVE-2019-2632
-
High
MediaWiki Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2022-34750)
CVE-2022-34750
CWE-770
High
Dotclear Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-1613)
CVE-2014-1613
CWE-94
High
Sqlite Use After Free Vulnerability (CVE-2020-13630)
CVE-2020-13630
CWE-416
High
Drupal CVE-2014-1475 Vulnerability (CVE-2014-1475)
CVE-2014-1475
-
High
Moodle Improper Input Validation Vulnerability (CVE-2022-35650)
CVE-2022-35650
CWE-20
High
Rukovoditel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-13592)
CVE-2020-13592
CWE-138
High
FluxBB Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-10029)
CVE-2014-10029
CWE-138
High
XWiki Exposure of Private Personal Information to an Unauthorized Actor Vulnerability (CVE-2022-41936)
CVE-2022-41936
CWE-359
High
Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-42029)
CVE-2022-42029
CWE-434
High
Oracle JRE CVE-2013-2442 Vulnerability (CVE-2013-2442)
CVE-2013-2442
-
High
Jboss EAP Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2023-1108)
CVE-2023-1108
CWE-835
High
Ampache Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-0771)
CVE-2023-0771
CWE-138
High
Joomla Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-10241)
CVE-2020-10241
CWE-352
High
phpMyFAQ Uncaught Exception Vulnerability (CVE-2023-0790)
CVE-2023-0790
CWE-248
High
phpMyFAQ Weak Password Requirements Vulnerability (CVE-2023-0793)
CVE-2023-0793
CWE-521
High
Squid Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2013-4115)
CVE-2013-4115
CWE-119
High
Undertow Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2023-1108)
CVE-2023-1108
CWE-835
High
Varnish Cache Other Vulnerability (CVE-2013-4090)
CVE-2013-4090
-
High
PHP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-0568)
CVE-2023-0568
CWE-770
High
Joomla Missing Authorization Vulnerability (CVE-2020-10239)
CVE-2020-10239
CWE-862
High
«
1
...
32
33
34
...
200
»