🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
Documentation
Get a demo
Home
/
Web Application Vulnerabilities
/ Known Vulnerabilities
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
Known Vulnerabilities
This page lists
14673 vulnerabilities
in this category.
Critical: 1573
High: 3882
Medium: 8446
Low: 770
Information: 2
Vulnerability Name
CVE
CWE
Severity
WebLogic CVE-2023-21996 Vulnerability (CVE-2023-21996)
CVE-2023-21996
-
High
MySQL CVE-2023-21980 Vulnerability (CVE-2023-21980)
CVE-2023-21980
-
High
SharePoint CVE-2022-41036 Vulnerability (CVE-2022-41036)
CVE-2022-41036
-
High
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-40313)
CVE-2022-40313
CWE-707
High
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2022-23307)
CVE-2022-23307
CWE-502
High
Envoy Proxy Reachable Assertion Vulnerability (CVE-2022-29228)
CVE-2022-29228
CWE-617
High
Undertow Uncontrolled Resource Consumption Vulnerability (CVE-2022-2053)
CVE-2022-2053
CWE-400
High
Jetty Uncontrolled Resource Consumption Vulnerability (CVE-2022-2048)
CVE-2022-2048
CWE-400
High
Craft CMS Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2022-29933)
CVE-2022-29933
CWE-640
High
Microsoft SQL Server CVE-2023-38169 Vulnerability (CVE-2023-38169)
CVE-2023-38169
-
High
IBM WebSEAL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2023-38371)
CVE-2023-38371
CWE-327
High
Apache Tomcat CVE-2022-29885 Vulnerability (CVE-2022-29885)
CVE-2022-29885
-
High
Apache Traffic Server Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2023-38522)
CVE-2023-38522
-
High
Drupal Reliance on Cookies without Validation and Integrity Checking Vulnerability (CVE-2022-29248)
CVE-2022-29248
CWE-565
High
Envoy Proxy Use After Free Vulnerability (CVE-2022-29227)
CVE-2022-29227
CWE-416
High
Jetty Improper Resource Shutdown or Release Vulnerability (CVE-2022-2191)
CVE-2022-2191
CWE-404
High
Apache HTTP Server Improper Validation of Specified Quantity in Input Vulnerability (CVE-2023-38709)
CVE-2023-38709
CWE-1284
High
Envoy Proxy Improper Handling of Highly Compressed Data (Data Amplification) Vulnerability (CVE-2022-29225)
CVE-2022-29225
CWE-409
High
Grafana URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-29170)
CVE-2022-29170
CWE-601
High
Dolibarr CVE-2023-38886 Vulnerability (CVE-2023-38886)
CVE-2023-38886
-
High
Liferay Portal Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-28981)
CVE-2022-28981
CWE-22
High
Ruby Out-of-bounds Read Vulnerability (CVE-2022-28739)
CVE-2022-28739
CWE-125
High
Dolibarr Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-38887)
CVE-2023-38887
CWE-434
High
PostgreSQL Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-39417)
CVE-2023-39417
CWE-138
High
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2023-39456)
CVE-2023-39456
CWE-20
High
CubeCart Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-38130)
CVE-2023-38130
CWE-352
High
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-37914)
CVE-2023-37914
CWE-94
High
MediaWiki CVE-2022-28204 Vulnerability (CVE-2022-28204)
CVE-2022-28204
-
High
Grafana Incorrect Authorization Vulnerability (CVE-2022-31107)
CVE-2022-31107
CWE-863
High
PHP Out-of-bounds Read Vulnerability (CVE-2022-31630)
CVE-2022-31630
CWE-125
High
PHP Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2022-31626)
CVE-2022-31626
CWE-120
High
PHP Release of Invalid Pointer or Reference Vulnerability (CVE-2022-31625)
CVE-2022-31625
CWE-763
High
XWiki Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') Vulnerability (CVE-2023-37462)
CVE-2023-37462
CWE-707
High
XWiki CVE-2022-31166 Vulnerability (CVE-2022-31166)
CVE-2022-31166
-
High
jQuery Validation Other Vulnerability (CVE-2022-31147)
CVE-2022-31147
-
High
Grafana Insufficiently Protected Credentials Vulnerability (CVE-2022-31130)
CVE-2022-31130
CWE-522
High
Moment.js Other Vulnerability (CVE-2022-31129)
CVE-2022-31129
-
High
Grafana Improper Verification of Cryptographic Signature Vulnerability (CVE-2022-31123)
CVE-2022-31123
CWE-347
High
TYPO3 Insufficient Session Expiration Vulnerability (CVE-2022-31050)
CVE-2022-31050
CWE-613
High
PostgreSQL Improper Control of Dynamically-Managed Code Resources Vulnerability (CVE-2022-2625)
CVE-2022-2625
CWE-913
High
Play Framework Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2022-31023)
CVE-2022-31023
CWE-209
High
Play Framework Uncontrolled Resource Consumption Vulnerability (CVE-2022-31018)
CVE-2022-31018
CWE-400
High
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-37909)
CVE-2023-37909
CWE-94
High
Lighttpd Uncontrolled Resource Consumption Vulnerability (CVE-2022-30780)
CVE-2022-30780
CWE-400
High
XWiki Missing Authorization Vulnerability (CVE-2023-37910)
CVE-2023-37910
CWE-862
High
XWiki Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-37913)
CVE-2023-37913
CWE-22
High
Apache HTTP Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-30556)
CVE-2022-30556
CWE-200
High
Apache HTTP Server Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2022-30522)
CVE-2022-30522
CWE-770
High
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-2986)
CVE-2022-2986
CWE-352
High
MediaWiki CVE-2022-28323 Vulnerability (CVE-2022-28323)
CVE-2022-28323
-
High
MediaWiki Release of Invalid Pointer or Reference Vulnerability (CVE-2022-28203)
CVE-2022-28203
CWE-763
High
ownCloud Exposure of Resource to Wrong Sphere Vulnerability (CVE-2022-31649)
CVE-2022-31649
CWE-668
High
Django Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2022-23833)
CVE-2022-23833
CWE-835
High
Jboss EAP CVE-2023-3223 Vulnerability (CVE-2023-3223)
CVE-2023-3223
-
High
XWiki Incorrect Use of Privileged APIs Vulnerability (CVE-2022-24821)
CVE-2022-24821
CWE-648
High
Twisted Web HTTP Server Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2022-24801)
CVE-2022-24801
CWE-444
High
Moment.js Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-24785)
CVE-2022-24785
CWE-22
High
MyBB Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2022-24734)
CVE-2022-24734
CWE-94
High
Drupal Inefficient Regular Expression Complexity Vulnerability (CVE-2022-24729)
CVE-2022-24729
CWE-1333
High
CKEditor Other Vulnerability (CVE-2022-24729)
CVE-2022-24729
-
High
PHP Improper Restriction of XML External Entity Reference Vulnerability (CVE-2023-3823)
CVE-2023-3823
CWE-611
High
Craft CMS Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-40035)
CVE-2023-40035
CWE-138
High
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-40177)
CVE-2023-40177
CWE-94
High
Drupal Improper Input Validation Vulnerability (CVE-2022-25273)
CVE-2022-25273
CWE-20
High
XWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-40572)
CVE-2023-40572
CWE-352
High
XWiki CVE-2023-40573 Vulnerability (CVE-2023-40573)
CVE-2023-40573
-
High
Joomla Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-23793)
CVE-2022-23793
CWE-22
High
Next.js User Interface (UI) Misrepresentation of Critical Information Vulnerability (CVE-2022-23646)
CVE-2022-23646
CWE-451
High
XWiki Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2022-23619)
CVE-2022-23619
CWE-640
High
TYPO3 Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2022-23503)
CVE-2022-23503
CWE-94
High
TYPO3 Uncontrolled Recursion Vulnerability (CVE-2022-23500)
CVE-2022-23500
CWE-674
High
Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-23498)
CVE-2022-23498
CWE-200
High
Joomla CVE-2023-40626 Vulnerability (CVE-2023-40626)
CVE-2023-40626
-
High
Drupal Improper Input Validation Vulnerability (CVE-2022-25271)
CVE-2022-25271
CWE-20
High
Drupal Other Vulnerability (CVE-2022-25275)
CVE-2022-25275
-
High
«
1
...
46
47
48
...
196
»
