🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Invicti vs. Competitors
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
MSSP
Documentation
Vulnerability Database
Get a demo
Home
/
Web Application Vulnerabilities
/ Known Vulnerabilities
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
Known Vulnerabilities
This page lists
14981 vulnerabilities
in this category.
Critical: 1612
High: 4015
Medium: 8569
Low: 783
Information: 2
Vulnerability Name
CVE
CWE
Severity
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2017-5659)
CVE-2017-5659
CWE-20
High
Apache Tomcat Improper Resource Shutdown or Release Vulnerability (CVE-2017-5650)
CVE-2017-5650
CWE-404
High
PrestaShop CVE-2020-26224 Vulnerability (CVE-2020-26224)
CVE-2020-26224
-
High
qdPM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2020-26165)
CVE-2020-26165
CWE-94
High
Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-5647)
CVE-2017-5647
CWE-200
High
MediaWiki Incorrect Authorization Vulnerability (CVE-2020-26121)
CVE-2020-26121
CWE-863
High
Sqlite NULL Pointer Dereference Vulnerability (CVE-2020-9327)
CVE-2020-9327
CWE-476
High
Serendipity Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-5609)
CVE-2017-5609
CWE-138
High
Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-9402)
CVE-2020-9402
CWE-138
High
Envoy Proxy Uncontrolled Resource Consumption Vulnerability (CVE-2020-8663)
CVE-2020-8663
CWE-400
High
Java Unspesificed Vulnerability (CVE-2018-2964)
CVE-2018-2964
-
High
Apache Traffic Server Uncontrolled Resource Consumption Vulnerability (CVE-2020-9481)
CVE-2020-9481
CWE-400
High
Joomla Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-8419)
CVE-2020-8419
CWE-352
High
Ruby on Rails Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2020-8163)
CVE-2020-8163
CWE-94
High
Ruby on Rails Deserialization of Untrusted Data Vulnerability (CVE-2020-8164)
CVE-2020-8164
CWE-502
High
Java Unspesificed Vulnerability (CVE-2018-2941)
CVE-2018-2941
-
High
TYPO3 Cleartext Storage of Sensitive Information Vulnerability (CVE-2020-26228)
CVE-2020-26228
CWE-312
High
Drupal CVE-2017-6919 Vulnerability (CVE-2017-6919)
CVE-2017-6919
-
High
Lodash Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2020-8203)
CVE-2020-8203
CWE-1321
High
Joomla Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-8420)
CVE-2020-8420
CWE-352
High
Squid Improper Input Validation Vulnerability (CVE-2020-8517)
CVE-2020-8517
CWE-20
High
Squid Exposure of Resource to Wrong Sphere Vulnerability (CVE-2020-8449)
CVE-2020-8449
CWE-668
High
Squid Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2020-8450)
CVE-2020-8450
CWE-119
High
PHP NULL Pointer Dereference Vulnerability (CVE-2017-6441)
CVE-2017-6441
CWE-476
High
Drupal Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2017-6381)
CVE-2017-6381
CWE-829
High
Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-6379)
CVE-2017-6379
CWE-352
High
Drupal Incorrect Authorization Vulnerability (CVE-2017-6377)
CVE-2017-6377
CWE-863
High
Ruby Improper Input Validation Vulnerability (CVE-2017-6181)
CVE-2017-6181
CWE-20
High
Python Improper Encoding or Escaping of Output Vulnerability (CVE-2020-26116)
CVE-2020-26116
CWE-116
High
WordPress Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Vulnerability (CVE-2017-5493)
CVE-2017-5493
CWE-338
High
WebLogic CVE-2017-3506 Vulnerability (CVE-2017-3506)
CVE-2017-3506
-
High
MySQL CVE-2018-3155 Vulnerability (CVE-2018-3155)
CVE-2018-3155
-
High
Magento Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2020-9588)
CVE-2020-9588
-
High
Magento Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-9591)
CVE-2020-9591
CWE-200
High
PostgreSQL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2020-25694)
CVE-2020-25694
CWE-327
High
Java Unspesificed Vulnerability (CVE-2018-3149)
CVE-2018-3149
-
High
Jboss EAP Uncontrolled Resource Consumption Vulnerability (CVE-2020-25644)
CVE-2020-25644
CWE-400
High
GlassFish CVE-2018-3152 Vulnerability (CVE-2018-3152)
CVE-2018-3152
-
High
Craft CMS Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2020-9757)
CVE-2020-9757
CWE-138
High
PostgreSQL Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-25695)
CVE-2020-25695
CWE-138
High
Microsoft SQL Server Elevation of Privilege Vulnerability (CVE-2021-1636)
CVE-2021-1636
-
High
Moodle Uncontrolled Resource Consumption Vulnerability (CVE-2020-25630)
CVE-2020-25630
CWE-400
High
Moodle Improper Access Control Vulnerability (CVE-2020-25629)
CVE-2020-25629
CWE-284
High
MySQL Integer Overflow or Wraparound Vulnerability (CVE-2017-3599)
CVE-2017-3599
CWE-190
High
WebLogic CVE-2017-3531 Vulnerability (CVE-2017-3531)
CVE-2017-3531
-
High
Java Unspesificed Vulnerability (CVE-2018-3169)
CVE-2018-3169
-
High
Magento Incorrect Authorization Vulnerability (CVE-2020-9587)
CVE-2020-9587
CWE-863
High
PostgreSQL Arbitrary Code Execution Vulnerbality (CVE-2020-25696)
CVE-2020-25696
-
High
WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-5492)
CVE-2017-5492
CWE-352
High
Serendipity Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-5475)
CVE-2017-5475
CWE-352
High
Apache Tomcat Deserialization of Untrusted Data Vulnerability (CVE-2020-9484)
CVE-2020-9484
CWE-502
High
Apache HTTP Server Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2020-9490)
CVE-2020-9490
CWE-444
High
WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-5489)
CVE-2017-5489
CWE-352
High
Apache Traffic Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2020-9494)
CVE-2020-9494
CWE-119
High
b2evolution Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-5480)
CVE-2017-5480
CWE-22
High
Serendipity Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-5476)
CVE-2017-5476
CWE-352
High
MySQL CVE-2018-3064 Vulnerability (CVE-2018-3064)
CVE-2018-3064
-
High
Moodle CVE-2020-25698 Vulnerability (CVE-2020-25698)
CVE-2020-25698
-
High
MediaWiki Improper Handling of Exceptional Conditions Vulnerability (CVE-2020-25869)
CVE-2020-25869
CWE-755
High
MediaWiki Improper Restriction of Excessive Authentication Attempts Vulnerability (CVE-2020-25827)
CVE-2020-25827
CWE-307
High
Jboss EAP Reachable Assertion Vulnerability (CVE-2020-25710)
CVE-2020-25710
CWE-617
High
OpenSSL Improper Input Validation Vulnerability (CVE-2017-3733)
CVE-2017-3733
CWE-20
High
Moodle Improper Privilege Management Vulnerability (CVE-2020-25699)
CVE-2020-25699
CWE-269
High
OpenSSL Out-of-bounds Read Vulnerability (CVE-2017-3731)
CVE-2017-3731
CWE-125
High
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2017-3730)
CVE-2017-3730
CWE-476
High
WordPress Use of Insufficiently Random Values Vulnerability (CVE-2017-17091)
CVE-2017-17091
CWE-330
High
Ruby on Rails Uncontrolled Resource Consumption Vulnerability (CVE-2021-22880)
CVE-2021-22880
CWE-400
High
Oracle Database Server CVE-2018-2939 Vulnerability (CVE-2018-2939)
CVE-2018-2939
-
High
Apache HTTP Server Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2019-0217)
CVE-2019-0217
CWE-362
High
Oracle HTTP Server Use After Free Vulnerability (CVE-2019-0211)
CVE-2019-0211
CWE-416
High
PHP Uncontrolled Resource Consumption Vulnerability (CVE-2017-11142)
CVE-2017-11142
CWE-400
High
Contao Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-10993)
CVE-2017-10993
CWE-22
High
Apache HTTP Server CVE-2019-0215 Vulnerability (CVE-2019-0215)
CVE-2019-0215
-
High
Seo Panel Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-10839)
CVE-2017-10839
CWE-138
High
Ruby Improper Authentication Vulnerability (CVE-2017-10784)
CVE-2017-10784
CWE-287
High
«
1
...
36
37
38
...
200
»