🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Invicti vs. Competitors
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
MSSP
Documentation
Vulnerability Database
Get a demo
Home
/
Web Application Vulnerabilities
/ Known Vulnerabilities
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
Known Vulnerabilities
This page lists
14981 vulnerabilities
in this category.
Critical: 1612
High: 4015
Medium: 8569
Low: 783
Information: 2
Vulnerability Name
CVE
CWE
Severity
Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2017-15710)
CVE-2017-15710
CWE-787
High
Opencart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-20491)
CVE-2020-20491
CWE-138
High
Restlet Framework Improper Restriction of XML External Entity Reference Vulnerability (CVE-2017-14949)
CVE-2017-14949
CWE-611
High
Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2018-8011)
CVE-2018-8011
CWE-476
High
Restlet Framework Improper Restriction of XML External Entity Reference Vulnerability (CVE-2017-14868)
CVE-2017-14868
CWE-611
High
PostgreSQL Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2017-14798)
CVE-2017-14798
CWE-362
High
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2018-8022)
CVE-2018-8022
CWE-20
High
ReviveAdserver Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2021-22948)
CVE-2021-22948
CWE-327
High
Apache HTTP Server Improper Input Validation Vulnerability (CVE-2017-15715)
CVE-2017-15715
CWE-20
High
Oracle HTTP Server NULL Pointer Dereference Vulnerability (CVE-2020-1967)
CVE-2020-1967
CWE-476
High
phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-15808)
CVE-2017-15808
CWE-352
High
Roundcube Files or Directories Accessible to External Parties Vulnerability (CVE-2017-16651)
CVE-2017-16651
CWE-552
High
PHP Out-of-bounds Read Vulnerability (CVE-2017-16642)
CVE-2017-16642
CWE-125
High
Ruby Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-6914)
CVE-2018-6914
CWE-22
High
FrontAccounting Cross-site Request Forgery (CSRF) Vulnerability (CVE-2018-7176)
CVE-2018-7176
-
High
D3.js Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-16044)
CVE-2017-16044
CWE-200
High
Ruby on Rails CVE-2021-22902 Vulnerability (CVE-2021-22902)
CVE-2021-22902
-
High
phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-15735)
CVE-2017-15735
CWE-352
High
Ruby on Rails Other Vulnerability (CVE-2021-22904)
CVE-2021-22904
-
High
phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-15734)
CVE-2017-15734
CWE-352
High
phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-15733)
CVE-2017-15733
CWE-352
High
phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-15732)
CVE-2017-15732
CWE-352
High
phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-15731)
CVE-2017-15731
CWE-352
High
phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-15730)
CVE-2017-15730
CWE-352
High
phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-15729)
CVE-2017-15729
CWE-352
High
phpMyAdmin Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2020-22278)
CVE-2020-22278
CWE-1236
High
Apache Tomcat Improper Certificate Validation Vulnerability (CVE-2018-8034)
CVE-2018-8034
CWE-295
High
WordPress Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-14722)
CVE-2017-14722
CWE-22
High
Apache Tomcat Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-12617)
CVE-2017-12617
CWE-434
High
PHP Use After Free Vulnerability (CVE-2017-12934)
CVE-2017-12934
CWE-416
High
SharePoint CVE-2018-8628 Vulnerability (CVE-2018-8628)
CVE-2018-8628
-
High
Sqlite NULL Pointer Dereference Vulnerability (CVE-2018-8740)
CVE-2018-8740
CWE-476
High
Ruby Uncontrolled Resource Consumption Vulnerability (CVE-2018-8777)
CVE-2018-8777
CWE-400
High
Ruby Use of Externally-Controlled Format String Vulnerability (CVE-2018-8778)
CVE-2018-8778
CWE-134
High
Ruby Improper Input Validation Vulnerability (CVE-2018-8779)
CVE-2018-8779
CWE-20
High
Ruby Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2017-14033)
CVE-2017-14033
CWE-119
High
Perl Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2017-12837)
CVE-2017-12837
CWE-119
High
MongoDb Out-of-bounds Read Vulnerability (CVE-2017-14227)
CVE-2017-14227
CWE-125
High
Moodle Improper Input Validation Vulnerability (CVE-2020-1756)
CVE-2020-1756
CWE-20
High
Question2Answer Improper Input Validation Vulnerability (CVE-2017-12775)
CVE-2017-12775
CWE-20
High
Roundcube Unspesificed Vulnerability (CVE-2018-9846)
CVE-2018-9846
-
High
OpenSSL Integer Overflow or Wraparound Vulnerability (CVE-2021-23840)
CVE-2021-23840
CWE-190
High
Apache HTTP Server CVE-2019-0190 Vulnerability (CVE-2019-0190)
CVE-2019-0190
-
High
Jboss EAP Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-12617)
CVE-2017-12617
CWE-434
High
Undertow Improper Input Validation Vulnerability (CVE-2020-1757)
CVE-2020-1757
CWE-20
High
Jboss EAP Improper Input Validation Vulnerability (CVE-2020-1757)
CVE-2020-1757
CWE-20
High
WordPress Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-14719)
CVE-2017-14719
CWE-22
High
SugarCRM Improper Input Validation Vulnerability (CVE-2017-14509)
CVE-2017-14509
CWE-20
High
Joomla Improper Input Validation Vulnerability (CVE-2021-23131)
CVE-2021-23131
CWE-20
High
Joomla CVE-2021-23132 Vulnerability (CVE-2021-23132)
CVE-2021-23132
-
High
Artifactory Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2021-23163)
CVE-2021-23163
CWE-352
High
Jboss EAP Improper Handling of Exceptional Conditions Vulnerability (CVE-2018-8039)
CVE-2018-8039
CWE-755
High
PostgreSQL Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-23214)
CVE-2021-23214
CWE-138
High
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2020-1967)
CVE-2020-1967
CWE-476
High
Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-8045)
CVE-2018-8045
CWE-138
High
ASP.NET MVC Improper Authentication Vulnerability (CVE-2018-8171)
CVE-2018-8171
CWE-287
High
MySQL NULL Pointer Dereference Vulnerability (CVE-2020-1967)
CVE-2020-1967
CWE-476
High
SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-14508)
CVE-2017-14508
CWE-138
High
TYPO3 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-14251)
CVE-2017-14251
CWE-434
High
Lodash Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2021-23337)
CVE-2021-23337
CWE-138
High
Dolibarr Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-14240)
CVE-2017-14240
CWE-200
High
SharePoint CVE-2018-8161 Vulnerability (CVE-2018-8161)
CVE-2018-8161
-
High
Underscore.js Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-23358)
CVE-2021-23358
CWE-94
High
WordPress Improper Input Validation Vulnerability (CVE-2020-26596)
CVE-2020-26596
CWE-20
High
Drupal Improper Privilege Management Vulnerability (CVE-2017-6924)
CVE-2017-6924
CWE-269
High
MODX Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-1010123)
CVE-2019-1010123
CWE-434
High
Oracle Database Server CVE-2020-2735 Vulnerability (CVE-2020-2735)
CVE-2020-2735
-
High
WebLogic CVE-2020-2798 Vulnerability (CVE-2020-2798)
CVE-2020-2798
-
High
Magento Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-3719)
CVE-2020-3719
CWE-138
High
Opencart Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-13067)
CVE-2018-13067
CWE-352
High
WordPress Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-12895)
CVE-2018-12895
CWE-22
High
IBM WebSEAL Inadequate Encryption Strength Vulnerability (CVE-2018-1814)
CVE-2018-1814
CWE-326
High
Joomla Improper Input Validation Vulnerability (CVE-2018-12712)
CVE-2018-12712
CWE-20
High
phpMyAdmin Improper Authentication Vulnerability (CVE-2018-12613)
CVE-2018-12613
CWE-287
High
WebLogic Out-of-bounds Write Vulnerability (CVE-2020-36518)
CVE-2020-36518
CWE-787
High
«
1
...
38
39
40
...
200
»