Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

Known Vulnerabilities

This page lists 13509 vulnerabilities in this category.

Critical: 1465 High: 3387 Medium: 7907 Low: 748 Information: 2
Vulnerability Name
CVE
CWE
Severity
XOOPS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-7290)
CVE-2017-7290
CWE-138
High
PHP Server-Side Request Forgery (SSRF) Vulnerability (CVE-2017-7272)
CVE-2017-7272
CWE-918
High
Apache HTTP Server Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2020-11993)
CVE-2020-11993
CWE-444
High
Jetty CVE-2017-7656 Vulnerability (CVE-2017-7656)
CVE-2017-7656
-
High
WordPress Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-14722)
CVE-2017-14722
CWE-22
High
Envoy Proxy Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2020-12604)
CVE-2020-12604
CWE-119
High
Dolibarr Incorrect Authorization Vulnerability (CVE-2020-12669)
CVE-2020-12669
CWE-863
High
PostgreSQL Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2017-14798)
CVE-2017-14798
CWE-362
High
Restlet Framework Improper Restriction of XML External Entity Reference Vulnerability (CVE-2017-14868)
CVE-2017-14868
CWE-611
High
Restlet Framework Improper Restriction of XML External Entity Reference Vulnerability (CVE-2017-14949)
CVE-2017-14949
CWE-611
High
Apache Tomcat Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-7675)
CVE-2017-7675
CWE-22
High
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2017-7671)
CVE-2017-7671
CWE-20
High
Apache HTTP Server Out-of-bounds Read Vulnerability (CVE-2017-7668)
CVE-2017-7668
CWE-125
High
PostgreSQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-15098)
CVE-2017-15098
CWE-200
High
Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2017-7659)
CVE-2017-7659
CWE-476
High
Sqlite NULL Pointer Dereference Vulnerability (CVE-2017-15286)
CVE-2017-15286
CWE-476
High
Envoy Proxy Uncontrolled Resource Consumption Vulnerability (CVE-2020-12605)
CVE-2020-12605
CWE-400
High
Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2017-15710)
CVE-2017-15710
CWE-787
High
Apache HTTP Server Improper Input Validation Vulnerability (CVE-2017-15715)
CVE-2017-15715
CWE-20
High
Envoy Proxy Uncontrolled Resource Consumption Vulnerability (CVE-2020-12603)
CVE-2020-12603
CWE-400
High
WordPress Use of Insufficiently Random Values Vulnerability (CVE-2017-17091)
CVE-2017-17091
CWE-330
High
phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-15729)
CVE-2017-15729
CWE-352
High
phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-15730)
CVE-2017-15730
CWE-352
High
phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-15731)
CVE-2017-15731
CWE-352
High
phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-15732)
CVE-2017-15732
CWE-352
High
phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-15733)
CVE-2017-15733
CWE-352
High
phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-15734)
CVE-2017-15734
CWE-352
High
phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-15735)
CVE-2017-15735
CWE-352
High
phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-15808)
CVE-2017-15808
CWE-352
High
D3.js Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-16044)
CVE-2017-16044
CWE-200
High
PHP-Fusion Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-12461)
CVE-2020-12461
CWE-138
High
PHP Out-of-bounds Read Vulnerability (CVE-2017-16642)
CVE-2017-16642
CWE-125
High
Roundcube Files or Directories Accessible to External Parties Vulnerability (CVE-2017-16651)
CVE-2017-16651
CWE-552
High
Next.js Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-16877)
CVE-2017-16877
CWE-22
High
Apache Tomcat Uncontrolled Resource Consumption Vulnerability (CVE-2020-11996)
CVE-2020-11996
CWE-400
High
Magento Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-7890)
CVE-2019-7890
CWE-639
High
PHP Out-of-bounds Read Vulnerability (CVE-2018-10549)
CVE-2018-10549
CWE-125
High
MediaWiki Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2020-35625)
CVE-2020-35625
CWE-732
High
Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-19994)
CVE-2018-19994
CWE-138
High
Python CVE-2018-1060 Vulnerability (CVE-2018-1060)
CVE-2018-1060
-
High
PostgreSQL CVE-2018-1058 Vulnerability (CVE-2018-1058)
CVE-2018-1058
-
High
PostgreSQL Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2018-1053)
CVE-2018-1053
CWE-732
High
WordPress CVE-2020-28033 Vulnerability (CVE-2020-28033)
CVE-2020-28033
-
High
Jboss EAP Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-1048)
CVE-2018-1048
CWE-22
High
MediaWiki Improper Access Control Vulnerability (CVE-2015-8008)
CVE-2015-8008
CWE-284
High
Atlassian Confluence Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-3398)
CVE-2019-3398
CWE-22
High
osCommerce Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-27975)
CVE-2020-27975
CWE-352
High
Atlassian Jira Missing Authorization Vulnerability (CVE-2019-3399)
CVE-2019-3399
CWE-862
High
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-27848)
CVE-2020-27848
CWE-138
High
Jboss EAP Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-1041)
CVE-2018-1041
CWE-835
High
CakePHP Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-8379)
CVE-2015-8379
CWE-352
High
Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-19998)
CVE-2018-19998
CWE-138
High
PHP Integer Overflow or Wraparound Vulnerability (CVE-2015-8387)
CVE-2015-8387
CWE-190
High
MongoDb Improper Authentication Vulnerability (CVE-2015-7882)
CVE-2015-7882
CWE-287
High
phpMyAdmin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-19969)
CVE-2018-19969
CWE-352
High
PHP NULL Pointer Dereference Vulnerability (CVE-2018-19935)
CVE-2018-19935
CWE-476
High
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-8393)
CVE-2015-8393
CWE-200
High
Prototype CVE-2020-27511 Vulnerability (CVE-2020-27511)
CVE-2020-27511
-
High
Joomla Improper Input Validation Vulnerability (CVE-2015-8562)
CVE-2015-8562
CWE-20
High
PHP Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-19520)
CVE-2018-19520
CWE-94
High
Joomla Improper Input Validation Vulnerability (CVE-2015-8564)
CVE-2015-8564
CWE-20
High
Joomla Improper Input Validation Vulnerability (CVE-2015-8565)
CVE-2015-8565
CWE-20
High
Jetty Uncontrolled Resource Consumption Vulnerability (CVE-2020-27223)
CVE-2020-27223
CWE-400
High
PHP Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') Vulnerability (CVE-2018-19518)
CVE-2018-19518
CWE-707
High
PHP Other Vulnerability (CVE-2015-8616)
CVE-2015-8616
-
High
Vanilla Forums Deserialization of Untrusted Data Vulnerability (CVE-2018-19499)
CVE-2018-19499
CWE-502
High
Jetty Other Vulnerability (CVE-2020-27216)
CVE-2020-27216
-
High
Python CVE-2018-1061 Vulnerability (CVE-2018-1061)
CVE-2018-1061
-
High
Atlassian Confluence Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-3394)
CVE-2019-3394
CWE-22
High
WebERP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-19436)
CVE-2018-19436
CWE-138
High
Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-7537)
CVE-2015-7537
CWE-352
High
WebLogic CVE-2019-2891 Vulnerability (CVE-2019-2891)
CVE-2019-2891
-
High
ProjectSend Improper Privilege Management Vulnerability (CVE-2020-28874)
CVE-2020-28874
CWE-269
High
ReviveAdserver Improper Access Control Vulnerability (CVE-2015-7369)
CVE-2015-7369
CWE-284
High
FluxBB Use of Password Hash With Insufficient Computational Effort Vulnerability (CVE-2020-28873)
CVE-2020-28873
CWE-916
High