🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Invicti vs. Competitors
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
MSSP
Documentation
Vulnerability Database
Get a demo
Home
/
Web Application Vulnerabilities
/ Known Vulnerabilities
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
Known Vulnerabilities
This page lists
14981 vulnerabilities
in this category.
Critical: 1612
High: 4015
Medium: 8569
Low: 783
Information: 2
Vulnerability Name
CVE
CWE
Severity
LimeSurvey CVE-2009-1604 Vulnerability (CVE-2009-1604)
CVE-2009-1604
-
High
SharePoint Untrusted Pointer Dereference Vulnerability (CVE-2026-20948)
CVE-2026-20948
CWE-822
High
Apache HTTP Server Uncontrolled Resource Consumption Vulnerability (CVE-2009-1890)
CVE-2009-1890
CWE-400
High
Apache HTTP Server Uncontrolled Resource Consumption Vulnerability (CVE-2009-1891)
CVE-2009-1891
CWE-400
High
SharePoint Improper Input Validation Vulnerability (CVE-2026-20951)
CVE-2026-20951
CWE-20
High
PHP Improper Input Validation Vulnerability (CVE-2025-1736)
CVE-2025-1736
CWE-20
High
PHP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-1735)
CVE-2025-1735
CWE-138
High
Joomla Other Vulnerability (CVE-2006-1028)
CVE-2006-1028
-
High
Apache HTTP Server Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') Vulnerability (CVE-2009-1955)
CVE-2009-1955
CWE-776
High
Oracle Database Server CVE-2009-1963 Vulnerability (CVE-2009-1963)
CVE-2009-1963
-
High
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2026-20963)
CVE-2026-20963
CWE-502
High
Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2025-23209)
CVE-2025-23209
CWE-94
High
Internet Information Services Improper Authentication Vulnerability (CVE-2009-1122)
CVE-2009-1122
CWE-287
High
WordPress Other Vulnerability (CVE-2006-1012)
CVE-2006-1012
-
High
Sqlite Heap-based Buffer Overflow Vulnerability (CVE-2026-11822)
CVE-2026-11822
CWE-122
High
Oracle Database Server CVE-2006-1874 Vulnerability (CVE-2006-1874)
CVE-2006-1874
-
High
MyBB Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-29459)
CVE-2025-29459
CWE-918
High
MyBB Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-29458)
CVE-2025-29458
CWE-918
High
MyBB Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-29457)
CVE-2025-29457
CWE-918
High
Oracle Database Server Other Vulnerability (CVE-2006-1872)
CVE-2006-1872
-
High
Seo Panel Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-29452)
CVE-2025-29452
CWE-918
High
Seo Panel Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-29451)
CVE-2025-29451
CWE-918
High
Oracle Database Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2006-1868)
CVE-2006-1868
CWE-119
High
Sqlite Integer Overflow or Wraparound Vulnerability (CVE-2025-29087)
CVE-2025-29087
CWE-190
High
phpMyAdmin Other Vulnerability (CVE-2006-1804)
CVE-2006-1804
-
High
SharePoint Untrusted Pointer Dereference Vulnerability (CVE-2025-27747)
CVE-2025-27747
CWE-822
High
OpenSSL Improper Authentication Vulnerability (CVE-2009-0653)
CVE-2009-0653
CWE-287
High
Jboss EAP Improper Resource Shutdown or Release Vulnerability (CVE-2025-9784)
CVE-2025-9784
CWE-404
High
TYPO3 Deserialization of Untrusted Data Vulnerability (CVE-2026-0859)
CVE-2026-0859
CWE-502
High
Sqlite Heap-based Buffer Overflow Vulnerability (CVE-2026-11824)
CVE-2026-11824
CWE-122
High
Opencart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-1027)
CVE-2009-1027
CWE-138
High
Django Inefficient Algorithmic Complexity Vulnerability (CVE-2026-1285)
CVE-2026-1285
CWE-407
High
Jetty Missing Release of Memory after Effective Lifetime Vulnerability (CVE-2026-1605)
CVE-2026-1605
CWE-401
High
Oracle Database Server CVE-2009-1019 Vulnerability (CVE-2009-1019)
CVE-2009-1019
-
High
Joomla CVE-2025-25227 Vulnerability (CVE-2025-25227)
CVE-2025-25227
-
High
GibbonEdu Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2025-26211)
CVE-2025-26211
CWE-352
High
Moodle Files or Directories Accessible to External Parties Vulnerability (CVE-2025-26525)
CVE-2025-26525
CWE-552
High
Oracle Application Server CVE-2009-0993 Vulnerability (CVE-2009-0993)
CVE-2009-0993
-
High
SharePoint Integer Overflow or Wraparound Vulnerability (CVE-2025-26642)
CVE-2025-26642
CWE-190
High
Django Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2025-27556)
CVE-2025-27556
CWE-770
High
Claroline Other Vulnerability (CVE-2006-1594)
CVE-2006-1594
-
High
Django Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2025-26699)
CVE-2025-26699
CWE-770
High
MongoDb Use After Free Vulnerability (CVE-2026-11933)
CVE-2026-11933
CWE-416
High
axios Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-27152)
CVE-2025-27152
CWE-918
High
Claroline Other Vulnerability (CVE-2006-1596)
CVE-2006-1596
-
High
GeoServer Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2025-27511)
CVE-2025-27511
CWE-138
High
OpenSSL Out-of-bounds Write Vulnerability (CVE-2025-15467)
CVE-2025-15467
CWE-787
High
MongoDb Improper Handling of Length Parameter Inconsistency Vulnerability (CVE-2025-14847)
CVE-2025-14847
CWE-130
High
MyBB Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-29460)
CVE-2025-29460
CWE-918
High
PHP CVE-2009-3292 Vulnerability (CVE-2009-3292)
CVE-2009-3292
-
High
PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2006-0097)
CVE-2006-0097
CWE-119
High
Jetty Uncontrolled Resource Consumption Vulnerability (CVE-2024-9823)
CVE-2024-9823
CWE-400
High
osTicket Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2026-22200)
CVE-2026-22200
CWE-138
High
Dolibarr Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-22666)
CVE-2026-22666
CWE-94
High
Python Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2024-9287)
CVE-2024-9287
CWE-138
High
Grafana Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2024-9264)
CVE-2024-9264
CWE-138
High
TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2005-4875)
CVE-2005-4875
CWE-200
High
Spring Cloud Gateway External Control of System or Configuration Setting Vulnerability (CVE-2026-22750)
CVE-2026-22750
CWE-15
High
Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2005-4836)
CVE-2005-4836
CWE-200
High
Skipper Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-23742)
CVE-2026-23742
CWE-94
High
Internet Information Services Unchecked Return Value Vulnerability (CVE-2005-4360)
CVE-2005-4360
CWE-252
High
React Uncontrolled Resource Consumption Vulnerability (CVE-2026-23864)
CVE-2026-23864
CWE-400
High
e107 Other Vulnerability (CVE-2005-4224)
CVE-2005-4224
-
High
PHP Improper Input Validation Vulnerability (CVE-2009-3291)
CVE-2009-3291
CWE-20
High
PHP CVE-2009-3293 Vulnerability (CVE-2009-3293)
CVE-2009-3293
-
High
WordPress Ultimate Member Plugin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-0308)
CVE-2025-0308
CWE-138
High
Mailman Other Vulnerability (CVE-2005-4153)
CVE-2005-4153
-
High
PHP Other Vulnerability (CVE-2024-8927)
CVE-2024-8927
-
High
Joomla External Control of File Name or Path Vulnerability (CVE-2026-23898)
CVE-2026-23898
CWE-73
High
MediaWiki Other Vulnerability (CVE-2005-4031)
CVE-2005-4031
-
High
Joomla Improper Access Control Vulnerability (CVE-2026-23899)
CVE-2026-23899
CWE-284
High
Apache HTTP Server Double Free Vulnerability (CVE-2026-23918)
CVE-2026-23918
CWE-415
High
PHP Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2024-8926)
CVE-2024-8926
CWE-138
High
Apache HTTP Server Improper Privilege Management Vulnerability (CVE-2026-24072)
CVE-2026-24072
CWE-269
High
Dotclear Other Vulnerability (CVE-2005-3963)
CVE-2005-3963
-
High
«
1
...
62
63
64
...
200
»