🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Invicti vs. Competitors
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
MSSP
Documentation
Vulnerability Database
Get a demo
Home
/
Web Application Vulnerabilities
/ Known Vulnerabilities
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
Known Vulnerabilities
This page lists
14981 vulnerabilities
in this category.
Critical: 1612
High: 4015
Medium: 8569
Low: 783
Information: 2
Vulnerability Name
CVE
CWE
Severity
Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-9839)
CVE-2017-9839
CWE-138
High
Apache HTTP Server Use After Free Vulnerability (CVE-2017-9798)
CVE-2017-9798
CWE-416
High
Apache HTTP Server Use After Free Vulnerability (CVE-2017-9789)
CVE-2017-9789
CWE-416
High
Squid CVE-2018-1000024 Vulnerability (CVE-2018-1000024)
CVE-2018-1000024
-
High
Roundcube Unspesificed Vulnerability (CVE-2018-1000071)
CVE-2018-1000071
-
High
PHP Out-of-bounds Read Vulnerability (CVE-2018-20783)
CVE-2018-20783
CWE-125
High
Artifactory Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-1000206)
CVE-2018-1000206
CWE-352
High
WebLogic Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2020-5258)
CVE-2020-5258
CWE-1321
High
Sqlite Integer Overflow or Wraparound Vulnerability (CVE-2018-20506)
CVE-2018-20506
CWE-190
High
Oracle Database Server CVE-2020-2518 Vulnerability (CVE-2020-2518)
CVE-2020-2518
-
High
Dojo Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2020-5258)
CVE-2020-5258
CWE-1321
High
MODX Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-1000208)
CVE-2018-1000208
CWE-22
High
MODX Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2018-1000207)
CVE-2018-1000207
CWE-732
High
Jenkins Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-1000194)
CVE-2018-1000194
CWE-22
High
RubyGems Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2018-1000073)
CVE-2018-1000073
CWE-59
High
WebLogic Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-1000180)
CVE-2018-1000180
CWE-327
High
Jboss EAP Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-1000180)
CVE-2018-1000180
CWE-327
High
PrestaShop Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-20717)
CVE-2018-20717
CWE-94
High
Gunicorn Improper Neutralization of CRLF Sequences ('CRLF Injection') Vulnerability (CVE-2018-1000164)
CVE-2018-1000164
CWE-707
High
Oracle Database Server CVE-2020-2511 Vulnerability (CVE-2020-2511)
CVE-2020-2511
-
High
RubyGems Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-1000075)
CVE-2018-1000075
CWE-835
High
RubyGems Deserialization of Untrusted Data Vulnerability (CVE-2018-1000074)
CVE-2018-1000074
CWE-502
High
Oracle Database Server CVE-2020-2510 Vulnerability (CVE-2020-2510)
CVE-2020-2510
-
High
Highcharts JS Incorrect Regular Expression Vulnerability (CVE-2018-20801)
CVE-2018-20801
CWE-185
High
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-8810)
CVE-2017-8810
CWE-200
High
MediaWiki Insufficiently Protected Credentials Vulnerability (CVE-2020-29005)
CVE-2020-29005
CWE-522
High
Oracle JRE CVE-2018-2633 Vulnerability (CVE-2018-2633)
CVE-2018-2633
-
High
Oracle JRE CVE-2018-2637 Vulnerability (CVE-2018-2637)
CVE-2018-2637
-
High
PHP NULL Pointer Dereference Vulnerability (CVE-2020-7062)
CVE-2020-7062
CWE-476
High
WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-9062)
CVE-2017-9062
CWE-707
High
Oracle JRE CVE-2018-2638 Vulnerability (CVE-2018-2638)
CVE-2018-2638
-
High
Oracle JRE CVE-2018-2639 Vulnerability (CVE-2018-2639)
CVE-2018-2639
-
High
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-29004)
CVE-2020-29004
CWE-352
High
Oracle JRE CVE-2018-2627 Vulnerability (CVE-2018-2627)
CVE-2018-2627
-
High
PHP Out-of-bounds Write Vulnerability (CVE-2020-7065)
CVE-2020-7065
CWE-787
High
MediaWiki Improper Input Validation Vulnerability (CVE-2017-8815)
CVE-2017-8815
CWE-20
High
MediaWiki Improper Input Validation Vulnerability (CVE-2017-8814)
CVE-2017-8814
CWE-20
High
Drupal CVE-2020-28949 Vulnerability (CVE-2020-28949)
CVE-2020-28949
-
High
PHP Out-of-bounds Read Vulnerability (CVE-2020-7067)
CVE-2020-7067
CWE-125
High
Drupal Deserialization of Untrusted Data Vulnerability (CVE-2020-28948)
CVE-2020-28948
CWE-502
High
Python Improper Privilege Management Vulnerability (CVE-2020-29396)
CVE-2020-29396
CWE-269
High
WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-9064)
CVE-2017-9064
CWE-352
High
Jetty Observable Discrepancy Vulnerability (CVE-2017-9735)
CVE-2017-9735
CWE-203
High
qdPM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-25208)
CVE-2018-25208
CWE-138
High
silverstripeCMS CVE-2020-6164 Vulnerability (CVE-2020-6164)
CVE-2020-6164
-
High
Oracle HTTP Server Improper Restriction of XML External Entity Reference Vulnerability (CVE-2018-20843)
CVE-2018-20843
CWE-611
High
Artifactory Insufficiently Protected Credentials Vulnerability (CVE-2020-2165)
CVE-2020-2165
CWE-522
High
Python Improper Restriction of XML External Entity Reference Vulnerability (CVE-2017-9233)
CVE-2017-9233
CWE-611
High
PHP NULL Pointer Dereference Vulnerability (CVE-2017-9229)
CVE-2017-9229
CWE-476
High
Python Out-of-bounds Write Vulnerability (CVE-2018-25032)
CVE-2018-25032
CWE-787
High
MySQL CVE-2018-2562 Vulnerability (CVE-2018-2562)
CVE-2018-2562
-
High
WordPress Improper Input Validation Vulnerability (CVE-2017-9065)
CVE-2017-9065
CWE-20
High
Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-2160)
CVE-2020-2160
CWE-352
High
PHP Out-of-bounds Read Vulnerability (CVE-2017-9118)
CVE-2017-9118
CWE-125
High
MODX Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-9069)
CVE-2017-9069
CWE-434
High
Jenkins Use of Insufficiently Random Values Vulnerability (CVE-2020-2099)
CVE-2020-2099
CWE-330
High
MODX Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-9067)
CVE-2017-9067
CWE-22
High
PHP Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-9067)
CVE-2017-9067
CWE-22
High
WordPress Server-Side Request Forgery (SSRF) Vulnerability (CVE-2017-9066)
CVE-2017-9066
CWE-918
High
MyBB Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-27890)
CVE-2021-27890
CWE-138
High
Jenkins Improper Input Validation Vulnerability (CVE-2017-1000394)
CVE-2017-1000394
CWE-20
High
PHP Other Vulnerability (CVE-2015-6838)
CVE-2015-6838
-
High
Ruby Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-16255)
CVE-2019-16255
CWE-94
High
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2183)
CVE-2016-2183
CWE-200
High
OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2183)
CVE-2016-2183
CWE-200
High
OpenSSL Numeric Errors Vulnerability (CVE-2016-2181)
CVE-2016-2181
-
High
OpenSSL Out-of-bounds Read Vulnerability (CVE-2016-2180)
CVE-2016-2180
CWE-125
High
OpenSSL Resource Management Errors Vulnerability (CVE-2016-2179)
CVE-2016-2179
-
High
MySQL CVE-2020-14878 Vulnerability (CVE-2020-14878)
CVE-2020-14878
-
High
OpenSSL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-2176)
CVE-2016-2176
CWE-119
High
Zope Web Application Server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-32674)
CVE-2021-32674
CWE-22
High
Apache HTTP Server Improper Input Validation Vulnerability (CVE-2016-2161)
CVE-2016-2161
CWE-20
High
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-2157)
CVE-2016-2157
CWE-352
High
Envoy Proxy Incorrect Authorization Vulnerability (CVE-2021-32777)
CVE-2021-32777
CWE-863
High
Envoy Proxy Excessive Iteration Vulnerability (CVE-2021-32778)
CVE-2021-32778
CWE-834
High
«
1
...
42
43
44
...
200
»