Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

Known Vulnerabilities

This page lists 13509 vulnerabilities in this category.

Critical: 1465 High: 3387 Medium: 7907 Low: 748 Information: 2
Vulnerability Name
CVE
CWE
Severity
Ivanti EPMM API Authentication bypass (CVE-2023-35078/CVE-2023-35082)
CVE-2023-35082
CWE-287
High
Next.js Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-57822)
CVE-2025-57822
CWE-918
High
Craft CMS Improper Neutralization of Special Elements Used in a Template Engine Vulnerability (CVE-2025-57811)
CVE-2025-57811
CWE-138
High
Internet Information Services Other Vulnerability (CVE-2002-1180)
CVE-2002-1180
-
High
CRMEB SQL Injection (CVE-2024-36837)
CVE-2024-36837
CWE-89
High
silverstripeCMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2011-4960)
CVE-2011-4960
CWE-138
High
GlassFish CVE-2011-3559 Vulnerability (CVE-2011-3559)
CVE-2011-3559
-
High
Apache HTTP Server Other Vulnerability (CVE-1999-0071)
CVE-1999-0071
-
High
Liferay Portal Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-42123)
CVE-2022-42123
CWE-22
High
Mailman Other Vulnerability (CVE-2002-0855)
CVE-2002-0855
-
High
Apache HTTP Server Other Vulnerability (CVE-2002-0843)
CVE-2002-0843
-
High
Oracle Database Server Other Vulnerability (CVE-2002-0843)
CVE-2002-0843
-
High
Vite Arbitrary File Read (CVE-2025-30208, CVE-2025-31125)
CVE-2025-31125
CWE-200
High
Liferay Portal Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-42125)
CVE-2022-42125
CWE-22
High
Liferay DXP Inefficient Regular Expression Complexity Vulnerability (CVE-2022-42124)
CVE-2022-42124
CWE-1333
High
Liferay Portal Inefficient Regular Expression Complexity Vulnerability (CVE-2022-42124)
CVE-2022-42124
CWE-1333
High
Liferay DXP Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-42123)
CVE-2022-42123
CWE-22
High
Liferay DXP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-42121)
CVE-2022-42121
CWE-138
High
Oracle JRE CVE-2025-30749 Vulnerability (CVE-2025-30749)
CVE-2025-30749
-
High
SharePoint Untrusted Pointer Dereference Vulnerability (CVE-2025-54905)
CVE-2025-54905
CWE-822
High
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2025-54897)
CVE-2025-54897
CWE-502
High
Liferay Portal Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-42121)
CVE-2022-42121
CWE-138
High
Apache HTTP Server Other Vulnerability (CVE-1999-0045)
CVE-1999-0045
-
High
Osclass Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-0973)
CVE-2012-0973
CWE-138
High
PHP Other Vulnerability (CVE-1999-0058)
CVE-1999-0058
-
High
PHP Other Vulnerability (CVE-1999-0068)
CVE-1999-0068
-
High
Envoy Proxy Use After Free Vulnerability (CVE-2025-54588)
CVE-2025-54588
CWE-416
High
Joomla Inadequate Encryption Strength Vulnerability (CVE-2011-3629)
CVE-2011-3629
CWE-326
High
SimpleHelp Path Traversal (CVE-2024-57727)
CVE-2024-57728
CWE-22
High
Microsoft SQL Server Other Vulnerability (CVE-2002-1138)
CVE-2002-1138
-
High
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2025-30382)
CVE-2025-30382
CWE-502
High
Microsoft SQL Server Other Vulnerability (CVE-2002-1137)
CVE-2002-1137
-
High
Apache HTTP Server Confusion Attacks
CVE-2023-38709
CWE-436
High
Envoy Proxy Insufficient Session Expiration Vulnerability (CVE-2025-55162)
CVE-2025-55162
CWE-613
High
ColdFusion PMS Arbitrary File Read (CVE-2024-20767)
CVE-2024-20767
CWE-284
High
ColdFusion Access Control bypass (CVE-2023-29298/CVE-2023-38205)
CVE-2023-38205
CWE-284
High
LiteSpeed Web Server Missing Release of Memory after Effective Lifetime Vulnerability (CVE-2025-54939)
CVE-2025-54939
CWE-401
High
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2025-30378)
CVE-2025-30378
CWE-502
High
PHP Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') Vulnerability (CVE-2002-0985)
CVE-2002-0985
CWE-707
High
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2025-30384)
CVE-2025-30384
CWE-502
High
Grafana Open Redirect (CVE-2025-4123)
CVE-2025-4123
CWE-601
High
Oracle Application Server Other Vulnerability (CVE-2002-0947)
CVE-2002-0947
-
High
GeoServer SSRF (CVE-2021-40822)
CVE-2021-40822
CWE-918
High
GeoServer WMS SSRF (CVE-2023-43795)
CVE-2023-43795
CWE-918
High
SharePoint Other Vulnerability (CVE-2025-54906)
CVE-2025-54906
-
High
Vanilla Forums Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3613)
CVE-2011-3613
CWE-200
High
Internet Information Services Other Vulnerability (CVE-2002-0869)
CVE-2002-0869
-
High
Internet Information Services Other Vulnerability (CVE-2002-0862)
CVE-2002-0862
-
High
Oracle Database Server Other Vulnerability (CVE-2002-0857)
CVE-2002-0857
-
High
SAP BO BIP XXE (CVE-2022-28213)
CVE-2022-28213
CWE-112
High
Apache Tomcat 7PK - Security Features Vulnerability (CVE-2002-0493)
CVE-2002-0493
-
High
MyBB Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2022-39265)
CVE-2022-39265
CWE-138
High
XWikiplatform Improper Removal of Sensitive Information Before Storage or Transfer Vulnerability (CVE-2025-58049)
CVE-2025-58049
CWE-212
High
Skipper Incorrect Authorization Vulnerability (CVE-2022-34296)
CVE-2022-34296
CWE-863
High
Apache Tomcat Improper Resource Shutdown or Release Vulnerability (CVE-2025-48989)
CVE-2025-48989
CWE-404
High
Mailman Other Vulnerability (CVE-2001-1132)
CVE-2001-1132
-
High
Moodle Improper Input Validation Vulnerability (CVE-2022-35650)
CVE-2022-35650
CWE-20
High
phpMyAdmin Other Vulnerability (CVE-2001-1060)
CVE-2001-1060
-
High
Oracle Database Server Other Vulnerability (CVE-2001-0943)
CVE-2001-0943
-
High
MediaWiki Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2022-34750)
CVE-2022-34750
CWE-770
High
Grafana Insufficiently Protected Credentials Vulnerability (CVE-2022-31130)
CVE-2022-31130
CWE-522
High
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2025-3638)
CVE-2025-3638
CWE-352
High
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-0046)
CVE-2012-0046
CWE-200
High
Oracle Application Server Other Vulnerability (CVE-2001-1216)
CVE-2001-1216
-
High
Apache Tomcat Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2025-48988)
CVE-2025-48988
CWE-770
High
Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2025-3641)
CVE-2025-3641
CWE-94
High
Internet Information Services Other Vulnerability (CVE-2001-0902)
CVE-2001-0902
-
High
Magento Incorrect Authorization Vulnerability (CVE-2022-34255)
CVE-2022-34255
CWE-863
High
Magento Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-34254)
CVE-2022-34254
CWE-22
High
Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2025-3642)
CVE-2025-3642
CWE-94
High
Magento XML Injection (aka Blind XPath Injection) Vulnerability (CVE-2022-34253)
CVE-2022-34253
CWE-91
High
Oracle Database Server Other Vulnerability (CVE-2001-0833)
CVE-2001-0833
-
High
Moodle Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-3625)
CVE-2025-3625
CWE-639
High
Dotclear Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-5083)
CVE-2011-5083
CWE-264
High
jQuery Validation Other Vulnerability (CVE-2022-31147)
CVE-2022-31147
-
High