Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Known Vulnerabilities

This page lists 14673 vulnerabilities in this category.

Critical: 1573 High: 3882 Medium: 8446 Low: 770 Information: 2
Vulnerability Name
CVE
CWE
Severity
MediaWiki Improper Input Validation Vulnerability (CVE-2013-6453)
CVE-2013-6453
CWE-20
High
PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2013-6420)
CVE-2013-6420
CWE-119
High
PrestaShop Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2013-6358)
CVE-2013-6358
CWE-434
High
Handlebars Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-33940)
CVE-2026-33940
CWE-94
High
Oracle JRE CVE-2013-5852 Vulnerability (CVE-2013-5852)
CVE-2013-5852
-
High
Roundcube Incorrect Resource Transfer Between Spheres Vulnerability (CVE-2026-35545)
CVE-2026-35545
CWE-669
High
Handlebars Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-33941)
CVE-2026-33941
CWE-707
High
Chamilo Missing Authentication for Critical Function Vulnerability (CVE-2026-34160)
CVE-2026-34160
CWE-306
High
Apache Tomcat Improper Encoding or Escaping of Output Vulnerability (CVE-2026-34483)
CVE-2026-34483
CWE-116
High
Apache Tomcat Missing Encryption of Sensitive Data Vulnerability (CVE-2026-34486)
CVE-2026-34486
CWE-311
High
Apache Tomcat Insertion of Sensitive Information into Log File Vulnerability (CVE-2026-34487)
CVE-2026-34487
CWE-532
High
Chamilo Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2026-34602)
CVE-2026-34602
CWE-639
High
phpMyFAQ Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2026-34728)
CVE-2026-34728
CWE-22
High
Chamilo Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2026-35196)
CVE-2026-35196
CWE-138
High
Roundcube Deserialization of Untrusted Data Vulnerability (CVE-2026-35537)
CVE-2026-35537
CWE-502
High
Jenkins CVE-2014-2063 Vulnerability (CVE-2014-2063)
CVE-2014-2063
-
High
MODX Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-2311)
CVE-2014-2311
CWE-138
High
PostgreSQL Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2015-0241)
CVE-2015-0241
CWE-120
High
MySQL CVE-2014-6500 Vulnerability (CVE-2014-6500)
CVE-2014-6500
-
High
Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-7984)
CVE-2014-7984
CWE-264
High
Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-7981)
CVE-2014-7981
CWE-138
High
Moodle Credentials Management Errors Vulnerability (CVE-2014-7845)
CVE-2014-7845
-
High
Joomla Cryptographic Issues Vulnerability (CVE-2014-7228)
CVE-2014-7228
-
High
Next.js Uncontrolled Resource Consumption Vulnerability (CVE-2026-27980)
CVE-2026-27980
CWE-400
High
Twisted Web HTTP Server Improper Certificate Validation Vulnerability (CVE-2014-7143)
CVE-2014-7143
CWE-295
High
Joomla Improper Authentication Vulnerability (CVE-2014-6632)
CVE-2014-6632
CWE-287
High
OpenSSL Use After Free Vulnerability (CVE-2026-28387)
CVE-2026-28387
CWE-416
High
MySQL CVE-2014-6491 Vulnerability (CVE-2014-6491)
CVE-2014-6491
-
High
Osclass Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-8083)
CVE-2014-8083
CWE-138
High
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2026-28388)
CVE-2026-28388
CWE-476
High
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2026-28389)
CVE-2026-28389
CWE-476
High
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2026-28390)
CVE-2026-28390
CWE-476
High
Ruby Resource Management Errors Vulnerability (CVE-2014-6438)
CVE-2014-6438
-
High
WordPress Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2014-6412)
CVE-2014-6412
CWE-640
High
phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-6046)
CVE-2014-6046
CWE-352
High
phpMyFAQ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-6045)
CVE-2014-6045
CWE-138
High
WordPress CVE-2014-5203 Vulnerability (CVE-2014-5203)
CVE-2014-5203
-
High
WeBid Other Vulnerability (CVE-2014-5114)
CVE-2014-5114
-
High
Next.js Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-27979)
CVE-2026-27979
CWE-770
High
Osclass Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-8084)
CVE-2014-8084
CWE-22
High
Craft CMS Improper Neutralization of Special Elements Used in a Template Engine Vulnerability (CVE-2026-28695)
CVE-2026-28695
CWE-138
High
TYPO3 Improper Input Validation Vulnerability (CVE-2014-9509)
CVE-2014-9509
CWE-20
High
PHP Other Vulnerability (CVE-2015-0231)
CVE-2015-0231
-
High
Piwigo Missing Authorization Vulnerability (CVE-2026-27833)
CVE-2026-27833
CWE-862
High
Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-27834)
CVE-2026-27834
CWE-138
High
phpMyFAQ Missing Authorization Vulnerability (CVE-2026-27836)
CVE-2026-27836
CWE-862
High
Grafana CVE-2026-27877 Vulnerability (CVE-2026-27877)
CVE-2026-27877
-
High
PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-9705)
CVE-2014-9705
CWE-119
High
PHP Improper Input Validation Vulnerability (CVE-2014-9653)
CVE-2014-9653
CWE-20
High
Grafana Out-of-bounds Write Vulnerability (CVE-2026-27880)
CVE-2026-27880
CWE-787
High
Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-27885)
CVE-2026-27885
CWE-138
High
PHP Other Vulnerability (CVE-2014-8142)
CVE-2014-8142
-
High
PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-9427)
CVE-2014-9427
CWE-119
High
PHP DEPRECATED: Code Vulnerability (CVE-2014-9426)
CVE-2014-9426
-
High
PHP Other Vulnerability (CVE-2014-9425)
CVE-2014-9425
-
High
MediaWiki Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2014-9277)
CVE-2014-9277
CWE-138
High
MyBB Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-9240)
CVE-2014-9240
CWE-138
High
Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-9115)
CVE-2014-9115
CWE-138
High
PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-8626)
CVE-2014-8626
CWE-119
High
PHPFusion Multiple SQL Injection Vulnerabilities (CVE-2014-8596)
CVE-2014-8596
-
High
OpenSSL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-8176)
CVE-2014-8176
CWE-119
High
LimeSurvey Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-5017)
CVE-2014-5017
CWE-138
High
Craft CMS Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2026-28696)
CVE-2026-28696
CWE-639
High
Craft CMS Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') Vulnerability (CVE-2026-32263)
CVE-2026-32263
CWE-470
High
Dolibarr Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2026-31019)
CVE-2026-31019
CWE-138
High
MODX Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-2736)
CVE-2014-2736
CWE-138
High
Oracle JRE CVE-2014-2428 Vulnerability (CVE-2014-2428)
CVE-2014-2428
-
High
Caddy Web Server Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2026-30852)
CVE-2026-30852
CWE-138
High
Chamilo Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-30875)
CVE-2026-30875
CWE-94
High
Chamilo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-30881)
CVE-2026-30881
CWE-138
High
Dolibarr Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-31018)
CVE-2026-31018
CWE-94
High
Oracle JRE CVE-2014-2427 Vulnerability (CVE-2014-2427)
CVE-2014-2427
-
High
Oracle JRE CVE-2014-2423 Vulnerability (CVE-2014-2423)
CVE-2014-2423
-
High
OpenSSL Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2026-31790)
CVE-2026-31790
CWE-754
High
markdown-it Inefficient Regular Expression Complexity Vulnerability (CVE-2026-2327)
CVE-2026-2327
CWE-1333
High