🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Invicti vs. Competitors
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
MSSP
Documentation
Vulnerability Database
Get a demo
Home
/
Web Application Vulnerabilities
/ Known Vulnerabilities
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
Known Vulnerabilities
This page lists
14981 vulnerabilities
in this category.
Critical: 1612
High: 4015
Medium: 8569
Low: 783
Information: 2
Vulnerability Name
CVE
CWE
Severity
Piwigo Missing Authorization Vulnerability (CVE-2026-27833)
CVE-2026-27833
CWE-862
High
Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-27834)
CVE-2026-27834
CWE-138
High
Ruby Improper Input Validation Vulnerability (CVE-2009-5147)
CVE-2009-5147
CWE-20
High
phpMyFAQ Missing Authorization Vulnerability (CVE-2026-27836)
CVE-2026-27836
CWE-862
High
Grafana CVE-2026-27877 Vulnerability (CVE-2026-27877)
CVE-2026-27877
-
High
e107 Other Vulnerability (CVE-2005-1966)
CVE-2005-1966
-
High
Craft CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-52293)
CVE-2024-52293
CWE-22
High
e107 Other Vulnerability (CVE-2005-1949)
CVE-2005-1949
-
High
Craft CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-52291)
CVE-2024-52291
CWE-22
High
Drupal Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2005-1921)
CVE-2005-1921
CWE-94
High
Drupal Other Vulnerability (CVE-2005-1871)
CVE-2005-1871
-
High
Werkzeug WSGI Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-49767)
CVE-2024-49767
CWE-770
High
WordPress Other Vulnerability (CVE-2005-1687)
CVE-2005-1687
-
High
Oracle Database Server CVE-2010-0860 Vulnerability (CVE-2010-0860)
CVE-2010-0860
-
High
Oracle Database Server CVE-2010-0853 Vulnerability (CVE-2010-0853)
CVE-2010-0853
-
High
Oracle Application Server Other Vulnerability (CVE-2005-1495)
CVE-2005-1495
-
High
Next.js Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-27979)
CVE-2026-27979
CWE-770
High
OpenSSL Cryptographic Issues Vulnerability (CVE-2010-0742)
CVE-2010-0742
-
High
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2024-50305)
CVE-2024-50305
CWE-20
High
osTicket Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2010-0605)
CVE-2010-0605
CWE-138
High
WordPress Other Vulnerability (CVE-2005-1810)
CVE-2005-1810
-
High
Next.js Incorrect Authorization Vulnerability (CVE-2024-51479)
CVE-2024-51479
CWE-863
High
Ampache Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-51484)
CVE-2024-51484
CWE-352
High
Ampache Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-51485)
CVE-2024-51485
CWE-352
High
Ampache Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-51486)
CVE-2024-51486
CWE-707
High
Ampache Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-51487)
CVE-2024-51487
CWE-352
High
Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-27885)
CVE-2026-27885
CWE-138
High
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2024-38023)
CVE-2024-38023
CWE-502
High
Apache HTTP Server Incorrect Calculation of Buffer Size Vulnerability (CVE-2004-0940)
CVE-2004-0940
CWE-131
High
Moodle Other Vulnerability (CVE-2005-3648)
CVE-2005-3648
-
High
Apache HTTP Server Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-27316)
CVE-2024-27316
CWE-770
High
PHP Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') Vulnerability (CVE-2002-0985)
CVE-2002-0985
CWE-707
High
Jboss EAP Incorrect Authorization Vulnerability (CVE-2026-3009)
CVE-2026-3009
CWE-863
High
phpMyFAQ Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2024-28105)
CVE-2024-28105
CWE-434
High
Envoy Proxy Detection of Error Condition Without Action Vulnerability (CVE-2024-27919)
CVE-2024-27919
CWE-390
High
Plone CMS CVE-2011-0720 Vulnerability (CVE-2011-0720)
CVE-2011-0720
-
High
Python Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2026-3087)
CVE-2026-3087
CWE-22
High
Oracle Application Server Other Vulnerability (CVE-2002-0947)
CVE-2002-0947
-
High
Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-27524)
CVE-2024-27524
CWE-707
High
Jboss EAP Incorrect Privilege Assignment Vulnerability (CVE-2026-3121)
CVE-2026-3121
CWE-266
High
Jboss EAP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-3260)
CVE-2026-3260
CWE-770
High
Internet Information Services Other Vulnerability (CVE-2002-0869)
CVE-2002-0869
-
High
Internet Information Services Other Vulnerability (CVE-2002-0862)
CVE-2002-0862
-
High
Oracle Database Server Other Vulnerability (CVE-2002-0857)
CVE-2002-0857
-
High
Python Improper Input Validation Vulnerability (CVE-2026-3644)
CVE-2026-3644
CWE-20
High
phpMyFAQ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-27299)
CVE-2024-27299
CWE-138
High
Django Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2011-0698)
CVE-2011-0698
CWE-22
High
Joomla Other Vulnerability (CVE-2024-27187)
CVE-2024-27187
-
High
Mailman Other Vulnerability (CVE-2002-0855)
CVE-2002-0855
-
High
Apache HTTP Server Other Vulnerability (CVE-2002-0843)
CVE-2002-0843
-
High
Oracle Database Server Other Vulnerability (CVE-2002-0843)
CVE-2002-0843
-
High
Oracle Application Server Other Vulnerability (CVE-2002-0843)
CVE-2002-0843
-
High
Oracle Application Server Other Vulnerability (CVE-2002-0842)
CVE-2002-0842
-
High
Django Authentication Bypass by Spoofing Vulnerability (CVE-2026-3902)
CVE-2026-3902
CWE-290
High
XWikiplatform Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-40104)
CVE-2026-40104
CWE-770
High
Apache HTTP Server CVE-2002-0839 Vulnerability (CVE-2002-0839)
CVE-2002-0839
-
High
PostgreSQL Other Vulnerability (CVE-2002-0802)
CVE-2002-0802
-
High
PHP Other Vulnerability (CVE-2002-0717)
CVE-2002-0717
-
High
Liferay DXP Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-26273)
CVE-2024-26273
CWE-352
High
Liferay Portal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-26273)
CVE-2024-26273
CWE-352
High
Liferay Portal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-26272)
CVE-2024-26272
CWE-352
High
Serendipity Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') Vulnerability (CVE-2026-39971)
CVE-2026-39971
CWE-707
High
phpMyFAQ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-28107)
CVE-2024-28107
CWE-138
High
Liferay DXP Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-26271)
CVE-2024-26271
CWE-352
High
GeoServer Server-Side Request Forgery (SSRF) Vulnerability (CVE-2024-29198)
CVE-2024-29198
CWE-918
High
WebLogic URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2026-35258)
CVE-2026-35258
CWE-601
High
WebLogic URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2026-35259)
CVE-2026-35259
CWE-601
High
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2024-30044)
CVE-2024-30044
CWE-502
High
SharePoint CVE-2024-30043 Vulnerability (CVE-2024-30043)
CVE-2024-30043
-
High
PostgreSQL Other Vulnerability (CVE-2002-1642)
CVE-2002-1642
-
High
PHP CVE-2024-2757 Vulnerability (CVE-2024-2757)
CVE-2024-2757
-
High
WebLogic Missing Authentication for Critical Function Vulnerability (CVE-2026-35299)
CVE-2026-35299
CWE-306
High
Oracle Application Server Other Vulnerability (CVE-2002-1631)
CVE-2002-1631
-
High
Oracle Application Server Other Vulnerability (CVE-2002-1630)
CVE-2002-1630
-
High
WebLogic URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2026-35302)
CVE-2026-35302
CWE-601
High
«
1
...
54
55
56
...
200
»