Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Known Vulnerabilities

This page lists 14673 vulnerabilities in this category.

Critical: 1573 High: 3882 Medium: 8446 Low: 770 Information: 2
Vulnerability Name
CVE
CWE
Severity
Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-31857)
CVE-2026-31857
CWE-94
High
Craft CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-31858)
CVE-2026-31858
CWE-138
High
Chamilo Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2026-31939)
CVE-2026-31939
CWE-22
High
Oracle JRE CVE-2014-2414 Vulnerability (CVE-2014-2414)
CVE-2014-2414
-
High
Oracle JRE CVE-2014-2412 Vulnerability (CVE-2014-2412)
CVE-2014-2412
-
High
Chamilo Session Fixation Vulnerability (CVE-2026-31940)
CVE-2026-31940
CWE-384
High
Tornado Uncontrolled Resource Consumption Vulnerability (CVE-2026-31958)
CVE-2026-31958
CWE-400
High
Oracle Database Server CVE-2014-2406 Vulnerability (CVE-2014-2406)
CVE-2014-2406
-
High
Oracle JRE CVE-2014-2402 Vulnerability (CVE-2014-2402)
CVE-2014-2402
-
High
Caddy Web Server Improper Authentication Vulnerability (CVE-2026-30851)
CVE-2026-30851
CWE-287
High
PostgreSQL Heap-based Buffer Overflow Vulnerability (CVE-2026-2007)
CVE-2026-2007
CWE-122
High
FrontAccounting Multiple SQL Injection Vulnerabilities (CVE-2014-3973)
CVE-2014-3973
-
High
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3530)
CVE-2014-3530
CWE-200
High
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3834)
CVE-2014-3834
CWE-264
High
Drupal Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-3704)
CVE-2014-3704
CWE-138
High
PHP Numeric Errors Vulnerability (CVE-2014-3669)
CVE-2014-3669
-
High
Jenkins Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-3666)
CVE-2014-3666
CWE-94
High
Craft CMS Improper Neutralization of Special Elements Used in a Template Engine Vulnerability (CVE-2026-28784)
CVE-2026-28784
CWE-138
High
Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2026-29041)
CVE-2026-29041
CWE-434
High
Apache Tomcat Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2026-29129)
CVE-2026-29129
CWE-327
High
OpenSSL Improper Input Validation Vulnerability (CVE-2014-3567)
CVE-2014-3567
CWE-20
High
Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2014-3541)
CVE-2014-3541
CWE-94
High
Apache Tomcat Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2026-29146)
CVE-2026-29146
CWE-209
High
PostgreSQL Improper Validation of Array Index Vulnerability (CVE-2026-2006)
CVE-2026-2006
CWE-129
High
PHP CVE-2014-3515 Vulnerability (CVE-2014-3515)
CVE-2014-3515
-
High
Ruby on Rails Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3514)
CVE-2014-3514
CWE-264
High
OpenSSL Improper Input Validation Vulnerability (CVE-2014-3513)
CVE-2014-3513
CWE-20
High
OpenSSL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-3512)
CVE-2014-3512
CWE-119
High
PostgreSQL Improper Validation of Specified Type of Input Vulnerability (CVE-2026-2004)
CVE-2026-2004
CWE-1287
High
Jboss EAP Other Vulnerability (CVE-2014-3490)
CVE-2014-3490
-
High
Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-3483)
CVE-2014-3483
CWE-138
High
Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-3482)
CVE-2014-3482
CWE-138
High
PostgreSQL Heap-based Buffer Overflow Vulnerability (CVE-2026-2005)
CVE-2026-2005
CWE-122
High
WebLogic CVE-2016-0572 Vulnerability (CVE-2016-0572)
CVE-2016-0572
-
High
WebLogic CVE-2016-0574 Vulnerability (CVE-2016-0574)
CVE-2016-0574
-
High
Jenkins Improper Input Validation Vulnerability (CVE-2017-1000391)
CVE-2017-1000391
CWE-20
High
Jboss EAP Permission Issues Vulnerability (CVE-2016-7066)
CVE-2016-7066
-
High
Chamilo Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2025-50197)
CVE-2025-50197
CWE-138
High
PHP Integer Overflow or Wraparound Vulnerability (CVE-2016-7133)
CVE-2016-7133
CWE-190
High
PHP NULL Pointer Dereference Vulnerability (CVE-2016-7132)
CVE-2016-7132
CWE-476
High
PHP NULL Pointer Dereference Vulnerability (CVE-2016-7131)
CVE-2016-7131
CWE-476
High
PHP NULL Pointer Dereference Vulnerability (CVE-2016-7130)
CVE-2016-7130
CWE-476
High
AbanteCart Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2025-50971)
CVE-2025-50971
CWE-22
High
PHP Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2016-7125)
CVE-2016-7125
CWE-138
High
XWikiplatform Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2025-51991)
CVE-2025-51991
CWE-94
High
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2016-7065)
CVE-2016-7065
CWE-502
High
Chamilo Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2025-50196)
CVE-2025-50196
CWE-138
High
OpenSSL Improper Access Control Vulnerability (CVE-2016-7054)
CVE-2016-7054
CWE-284
High
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2016-7053)
CVE-2016-7053
CWE-476
High
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2016-7052)
CVE-2016-7052
CWE-476
High
PostgreSQL Improper Access Control Vulnerability (CVE-2016-7048)
CVE-2016-7048
CWE-284
High
Moodle Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2016-7038)
CVE-2016-7038
CWE-640
High
WordPress Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2016-6896)
CVE-2016-6896
CWE-22
High
Mailman Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-6893)
CVE-2016-6893
CWE-352
High
Apache Tomcat Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-6817)
CVE-2016-6817
CWE-119
High
Apache Tomcat Improper Input Validation Vulnerability (CVE-2016-6816)
CVE-2016-6816
CWE-20
High
Django 7PK - Security Features Vulnerability (CVE-2016-7401)
CVE-2016-7401
-
High
Chamilo Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2025-50195)
CVE-2025-50195
CWE-138
High
Jboss EAP CVE-2016-6796 Vulnerability (CVE-2016-6796)
CVE-2016-6796
-
High
Dotclear Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2016-7902)
CVE-2016-7902
CWE-434
High
Liferay Portal Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-4581)
CVE-2025-4581
CWE-918
High
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-8657)
CVE-2016-8657
CWE-264
High
Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-8656)
CVE-2016-8656
CWE-264
High
Jboss EAP Uncontrolled Resource Consumption Vulnerability (CVE-2016-8610)
CVE-2016-8610
CWE-400
High
WebLogic Uncontrolled Resource Consumption Vulnerability (CVE-2016-8610)
CVE-2016-8610
CWE-400
High
OpenSSL Uncontrolled Resource Consumption Vulnerability (CVE-2016-8610)
CVE-2016-8610
CWE-400
High
Dot CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-8600)
CVE-2016-8600
CWE-264
High
Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-7919)
CVE-2016-7919
CWE-138
High
Oracle JRE Improper Access Control Vulnerability (CVE-2025-50059)
CVE-2025-50059
CWE-284
High
Chamilo Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2025-50194)
CVE-2025-50194
CWE-138
High
Oracle JRE CVE-2025-50106 Vulnerability (CVE-2025-50106)
CVE-2025-50106
-
High
Chamilo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-50188)
CVE-2025-50188
CWE-138
High
PHP Other Vulnerability (CVE-2016-7478)
CVE-2016-7478
-
High
PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-7418)
CVE-2016-7418
CWE-119
High
Chamilo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-50189)
CVE-2025-50189
CWE-138
High