🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Invicti vs. Competitors
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
MSSP
Documentation
Vulnerability Database
Get a demo
Home
/
Web Application Vulnerabilities
/ Known Vulnerabilities
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
Known Vulnerabilities
This page lists
14981 vulnerabilities
in this category.
Critical: 1612
High: 4015
Medium: 8569
Low: 783
Information: 2
Vulnerability Name
CVE
CWE
Severity
Python Uncontrolled Search Path Element Vulnerability (CVE-2017-20052)
CVE-2017-20052
CWE-427
High
Squid Improper Input Validation Vulnerability (CVE-2020-24606)
CVE-2020-24606
CWE-20
High
TYPO3 Cleartext Storage of Sensitive Information Vulnerability (CVE-2021-21339)
CVE-2021-21339
CWE-312
High
Magento Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2021-21015)
CVE-2021-21015
CWE-138
High
phpList Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-20030)
CVE-2017-20030
CWE-138
High
WebLogic CVE-2018-3246 Vulnerability (CVE-2018-3246)
CVE-2018-3246
-
High
Django Incorrect Default Permissions Vulnerability (CVE-2020-24584)
CVE-2020-24584
CWE-276
High
Django Incorrect Default Permissions Vulnerability (CVE-2020-24583)
CVE-2020-24583
CWE-276
High
TYPO3 Files or Directories Accessible to External Parties Vulnerability (CVE-2021-21355)
CVE-2021-21355
CWE-552
High
TYPO3 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2021-21357)
CVE-2021-21357
CWE-434
High
Jenkins Deserialization of Untrusted Data Vulnerability (CVE-2017-2608)
CVE-2017-2608
CWE-502
High
concrete5 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-24986)
CVE-2020-24986
CWE-434
High
TYPO3 Uncontrolled Recursion Vulnerability (CVE-2021-21359)
CVE-2021-21359
CWE-674
High
GlassFish Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-3250)
CVE-2017-3250
CWE-200
High
Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-20187)
CVE-2021-20187
CWE-94
High
MySQL CVE-2017-3329 Vulnerability (CVE-2017-3329)
CVE-2017-3329
-
High
Squid Improper Input Validation Vulnerability (CVE-2020-25097)
CVE-2020-25097
CWE-20
High
MySQL CVE-2017-3309 Vulnerability (CVE-2017-3309)
CVE-2017-3309
-
High
MySQL CVE-2017-3308 Vulnerability (CVE-2017-3308)
CVE-2017-3308
-
High
MySQL Use After Free Vulnerability (CVE-2017-3302)
CVE-2017-3302
CWE-416
High
GlassFish CVE-2017-3249 Vulnerability (CVE-2017-3249)
CVE-2017-3249
-
High
IBM RTC Improper Restriction of XML External Entity Reference Vulnerability (CVE-2021-20502)
CVE-2021-20502
CWE-611
High
Envoy Proxy CVE-2020-25018 Vulnerability (CVE-2020-25018)
CVE-2020-25018
-
High
IBM WebSEAL Insufficiently Protected Credentials Vulnerability (CVE-2021-20439)
CVE-2021-20439
CWE-522
High
Dot CMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-3189)
CVE-2017-3189
CWE-434
High
Dot CMS Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-3187)
CVE-2017-3187
CWE-352
High
Envoy Proxy Other Vulnerability (CVE-2020-25017)
CVE-2020-25017
-
High
Jboss EAP Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2017-2670)
CVE-2017-2670
CWE-835
High
Undertow Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2017-2670)
CVE-2017-2670
CWE-835
High
IBM RTC Inadequate Encryption Strength Vulnerability (CVE-2017-1701)
CVE-2017-1701
CWE-326
High
Envoy Proxy Improper Authentication Vulnerability (CVE-2021-21378)
CVE-2021-21378
CWE-287
High
TCExam Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-20114)
CVE-2021-20114
CWE-200
High
Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-17827)
CVE-2017-17827
CWE-352
High
Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-17919)
CVE-2017-17919
CWE-138
High
Django Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-6188)
CVE-2018-6188
CWE-200
High
Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-17917)
CVE-2017-17917
CWE-138
High
Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-17916)
CVE-2017-17916
CWE-138
High
Dolibarr Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-17898)
CVE-2017-17898
CWE-200
High
Chamilo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-23127)
CVE-2020-23127
CWE-352
High
PHP NULL Pointer Dereference Vulnerability (CVE-2021-21702)
CVE-2021-21702
CWE-476
High
Next.js Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-6184)
CVE-2018-6184
CWE-22
High
PHP Out-of-bounds Write Vulnerability (CVE-2021-21703)
CVE-2021-21703
CWE-787
High
Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-17774)
CVE-2017-17774
CWE-352
High
WordPress Uncontrolled Resource Consumption Vulnerability (CVE-2018-6389)
CVE-2018-6389
CWE-400
High
Python Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2017-17522)
CVE-2017-17522
CWE-138
High
Perl Out-of-bounds Read Vulnerability (CVE-2018-6798)
CVE-2018-6798
CWE-125
High
Ruby Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2017-17405)
CVE-2017-17405
CWE-138
High
Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-17920)
CVE-2017-17920
CWE-138
High
Jenkins Missing Authorization Vulnerability (CVE-2021-21695)
CVE-2021-21695
CWE-862
High
XWiki Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-21380)
CVE-2021-21380
CWE-138
High
Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-18260)
CVE-2017-18260
CWE-138
High
Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-24554)
CVE-2020-24554
CWE-601
High
Ampache Improper Access Control Vulnerability (CVE-2021-21399)
CVE-2021-21399
CWE-284
High
Jenkins Deserialization of Untrusted Data Vulnerability (CVE-2021-21604)
CVE-2021-21604
CWE-502
High
Jenkins Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-21605)
CVE-2021-21605
CWE-22
High
IBM RTC Improper Restriction of XML External Entity Reference Vulnerability (CVE-2017-1103)
CVE-2017-1103
CWE-611
High
Ampache Deserialization of Untrusted Data Vulnerability (CVE-2017-18375)
CVE-2017-18375
CWE-502
High
Jenkins Session Fixation Vulnerability (CVE-2021-21671)
CVE-2021-21671
CWE-384
High
Jboss EAP Incomplete List of Disallowed Inputs Vulnerability (CVE-2018-5968)
CVE-2018-5968
CWE-184
High
Moment.js Uncontrolled Resource Consumption Vulnerability (CVE-2017-18214)
CVE-2017-18214
CWE-400
High
Atlassian Jira Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-18113)
CVE-2017-18113
CWE-94
High
Jenkins Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2021-21686)
CVE-2021-21686
CWE-59
High
Jenkins Missing Authorization Vulnerability (CVE-2021-21688)
CVE-2021-21688
CWE-862
High
Magento Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-24400)
CVE-2020-24400
CWE-138
High
Craft CMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-3814)
CVE-2018-3814
CWE-434
High
Atlassian Jira CVE-2018-5231 Vulnerability (CVE-2018-5231)
CVE-2018-5231
-
High
MySQL CVE-2017-3450 Vulnerability (CVE-2017-3450)
CVE-2017-3450
-
High
Ruby Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2020-25613)
CVE-2020-25613
CWE-444
High
Next.js Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-16877)
CVE-2017-16877
CWE-22
High
Oracle HTTP Server Improper Certificate Validation Vulnerability (CVE-2020-26184)
CVE-2020-26184
CWE-295
High
Pega Infinity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-8774)
CVE-2020-8774
CWE-707
High
Oracle HTTP Server Out-of-bounds Read Vulnerability (CVE-2020-26185)
CVE-2020-26185
CWE-125
High
silverstripeCMS Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-9280)
CVE-2020-9280
CWE-434
High
Apache Tomcat Improper Handling of Exceptional Conditions Vulnerability (CVE-2017-5664)
CVE-2017-5664
CWE-755
High
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2017-5660)
CVE-2017-5660
CWE-20
High
«
1
...
35
36
37
...
200
»