Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Known Vulnerabilities

This page lists 14673 vulnerabilities in this category.

Critical: 1573 High: 3882 Medium: 8446 Low: 770 Information: 2
Vulnerability Name
CVE
CWE
Severity
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2022-28129)
CVE-2022-28129
CWE-20
High
qdPM Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-26180)
CVE-2022-26180
CWE-352
High
Chamilo Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2022-27427)
CVE-2022-27427
CWE-94
High
Chamilo Server-Side Request Forgery (SSRF) Vulnerability (CVE-2022-27426)
CVE-2022-27426
CWE-918
High
Chamilo Improper Privilege Management Vulnerability (CVE-2022-27421)
CVE-2022-27421
CWE-269
High
GibbonEdu Session Fixation Vulnerability (CVE-2022-27305)
CVE-2022-27305
CWE-384
High
AbanteCart Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-26521)
CVE-2022-26521
CWE-434
High
Python Untrusted Search Path Vulnerability (CVE-2022-26488)
CVE-2022-26488
CWE-426
High
Apache HTTP Server Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2022-26377)
CVE-2022-26377
CWE-444
High
Piwigo Exposure of Resource to Wrong Sphere Vulnerability (CVE-2022-26267)
CVE-2022-26267
CWE-668
High
Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-26266)
CVE-2022-26266
CWE-138
High
MODX Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-26149)
CVE-2022-26149
CWE-434
High
Drupal Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-25277)
CVE-2022-25277
CWE-434
High
PrestaShop Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-39528)
CVE-2023-39528
CWE-22
High
MathJax Inefficient Regular Expression Complexity Vulnerability (CVE-2023-39663)
CVE-2023-39663
CWE-1333
High
Jboss EAP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-3171)
CVE-2023-3171
CWE-770
High
UAParser.js Inefficient Regular Expression Complexity Vulnerability (CVE-2022-25927)
CVE-2022-25927
CWE-1333
High
AngularJS Inefficient Regular Expression Complexity Vulnerability (CVE-2022-25844)
CVE-2022-25844
CWE-1333
High
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2022-25763)
CVE-2022-25763
CWE-20
High
Apache Tomcat Improper Resource Shutdown or Release Vulnerability (CVE-2022-25762)
CVE-2022-25762
CWE-404
High
Undertow CVE-2023-3223 Vulnerability (CVE-2023-3223)
CVE-2023-3223
-
High
Oracle HTTP Server Integer Overflow or Wraparound Vulnerability (CVE-2022-25314)
CVE-2022-25314
CWE-190
High
Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-37270)
CVE-2023-37270
CWE-138
High
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2022-31778)
CVE-2022-31778
CWE-20
High
OpenSSL Improper Locking Vulnerability (CVE-2022-3996)
CVE-2022-3996
CWE-667
High
TYPO3 Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2022-36104)
CVE-2022-36104
CWE-770
High
Liferay Portal Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-33945)
CVE-2023-33945
CWE-138
High
Liferay DXP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-33945)
CVE-2023-33945
CWE-138
High
Payara Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-37422)
CVE-2022-37422
CWE-22
High
Liferay Portal Missing Authorization Vulnerability (CVE-2023-33948)
CVE-2023-33948
CWE-862
High
Liferay Portal Insecure Default Initialization of Resource Vulnerability (CVE-2023-33949)
CVE-2023-33949
CWE-1188
High
Liferay DXP Insecure Default Initialization of Resource Vulnerability (CVE-2023-33949)
CVE-2023-33949
CWE-1188
High
Liferay Portal Inefficient Regular Expression Complexity Vulnerability (CVE-2023-33950)
CVE-2023-33950
CWE-1333
High
XWiki Improper Privilege Management Vulnerability (CVE-2023-34465)
CVE-2023-34465
CWE-269
High
Django Download of Code Without Integrity Check Vulnerability (CVE-2022-36359)
CVE-2022-36359
CWE-494
High
XWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2022-36100)
CVE-2022-36100
CWE-116
High
Lighttpd NULL Pointer Dereference Vulnerability (CVE-2022-37797)
CVE-2022-37797
CWE-476
High
XWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2022-36099)
CVE-2022-36099
CWE-116
High
XWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2023-34467)
CVE-2023-34467
CWE-668
High
XWiki Improper Authentication Vulnerability (CVE-2022-36093)
CVE-2022-36093
CWE-287
High
XWiki Improper Authentication Vulnerability (CVE-2022-36092)
CVE-2022-36092
CWE-287
High
XWiki Missing Authorization Vulnerability (CVE-2022-36091)
CVE-2022-36091
CWE-862
High
XWiki Other Vulnerability (CVE-2022-36090)
CVE-2022-36090
-
High
Chamilo Other Vulnerability (CVE-2023-34962)
CVE-2023-34962
-
High
Apache Tomcat CVE-2023-34981 Vulnerability (CVE-2023-34981)
CVE-2023-34981
-
High
RubyGems Improper Authentication Vulnerability (CVE-2022-36073)
CVE-2022-36073
CWE-287
High
Craft CMS Missing Encryption of Sensitive Data Vulnerability (CVE-2022-37783)
CVE-2022-37783
CWE-311
High
SharePoint CVE-2022-37961 Vulnerability (CVE-2022-37961)
CVE-2022-37961
-
High
Sqlite Improper Validation of Array Index Vulnerability (CVE-2022-35737)
CVE-2022-35737
CWE-129
High
Jboss EAP Observable Discrepancy Vulnerability (CVE-2022-3143)
CVE-2022-3143
CWE-203
High
Dolibarr Files or Directories Accessible to External Parties Vulnerability (CVE-2023-33568)
CVE-2023-33568
CWE-552
High
WordPress Ultimate Member Plugin Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-3966)
CVE-2022-3966
CWE-22
High
OpenSSL Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2022-3786)
CVE-2022-3786
CWE-120
High
Apache Traffic Server CVE-2023-33933 Vulnerability (CVE-2023-33933)
CVE-2023-33933
-
High
phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-3608)
CVE-2022-3608
CWE-707
High
OpenSSL Out-of-bounds Write Vulnerability (CVE-2022-3602)
CVE-2022-3602
CWE-787
High
WordPress Ultimate Member Plugin Other Vulnerability (CVE-2022-3384)
CVE-2022-3384
-
High
WordPress Ultimate Member Plugin Other Vulnerability (CVE-2022-3383)
CVE-2022-3383
-
High
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2022-3358)
CVE-2022-3358
CWE-476
High
Grafana Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2022-39328)
CVE-2022-39328
CWE-362
High
SharePoint CVE-2022-38008 Vulnerability (CVE-2022-38008)
CVE-2022-38008
-
High
Grafana Improper Input Validation Vulnerability (CVE-2022-39306)
CVE-2022-39306
CWE-20
High
MyBB Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2022-39265)
CVE-2022-39265
CWE-138
High
Drupal Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-39261)
CVE-2022-39261
CWE-22
High
Grafana CVE-2022-39201 Vulnerability (CVE-2022-39201)
CVE-2022-39201
-
High
Nginx Out-of-bounds Read Vulnerability (CVE-2022-38890)
CVE-2022-38890
CWE-125
High
EspoCRM Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2022-38844)
CVE-2022-38844
CWE-1236
High
EspoCRM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-38843)
CVE-2022-38843
CWE-434
High
SharePoint CVE-2022-38053 Vulnerability (CVE-2022-38053)
CVE-2022-38053
-
High
SharePoint CVE-2022-38009 Vulnerability (CVE-2022-38009)
CVE-2022-38009
-
High
SharePoint CVE-2022-35823 Vulnerability (CVE-2022-35823)
CVE-2022-35823
-
High
Moodle Improper Input Validation Vulnerability (CVE-2022-35650)
CVE-2022-35650
CWE-20
High
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2022-31779)
CVE-2022-31779
CWE-20
High
XWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-36470)
CVE-2023-36470
CWE-138
High
Envoy Proxy Use After Free Vulnerability (CVE-2023-35943)
CVE-2023-35943
CWE-416
High