Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Known Vulnerabilities

This page lists 14673 vulnerabilities in this category.

Critical: 1573 High: 3882 Medium: 8446 Low: 770 Information: 2
Vulnerability Name
CVE
CWE
Severity
osTicket Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2010-0605)
CVE-2010-0605
CWE-138
High
MediaWiki Other Vulnerability (CVE-2005-4031)
CVE-2005-4031
-
High
Mailman Other Vulnerability (CVE-2005-4153)
CVE-2005-4153
-
High
Harbor Unauthorized Access Vulnerability
CVE-2022-46463
CWE-200
High
GeoServer WMS SSRF (CVE-2023-43795)
CVE-2023-43795
CWE-918
High
GeoServer SSRF (CVE-2021-40822)
CVE-2021-40822
CWE-918
High
ColdFusion Access Control bypass (CVE-2023-29298/CVE-2023-38205)
CVE-2023-38205
CWE-284
High
Grafana Open Redirect (CVE-2025-4123)
CVE-2025-4123
CWE-601
High
ColdFusion PMS Arbitrary File Read (CVE-2024-20767)
CVE-2024-20767
CWE-284
High
Internet Information Services Unchecked Return Value Vulnerability (CVE-2005-4360)
CVE-2005-4360
CWE-252
High
Apache HTTP Server Confusion Attacks
CVE-2023-38709
CWE-436
High
phpMyAdmin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-2506)
CVE-2011-2506
CWE-94
High
XWiki Platform RCE (CVE-2023-37462)
CVE-2023-37462
CWE-95
High
Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2005-4836)
CVE-2005-4836
CWE-200
High
TeamCity Authentication Bypass (CVE-2024-27199)
CVE-2024-27199
CWE-288
High
SAP BO BIP XXE (CVE-2022-28213)
CVE-2022-28213
CWE-112
High
XOOPS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-3296)
CVE-2008-3296
CWE-22
High
Skype for Business SSRF (CVE-2023-41763)
CVE-2023-41763
CWE-918
High
Zimbra Collaboration LFI (CVE-2025-68645)
CVE-2025-68645
CWE-22
High
Joomla Other Vulnerability (CVE-2005-3772)
CVE-2005-3772
-
High
Apache HTTP Server Other Vulnerability (CVE-1999-0071)
CVE-1999-0071
-
High
OpenSSL Cryptographic Issues Vulnerability (CVE-2010-0742)
CVE-2010-0742
-
High
PHP Other Vulnerability (CVE-1999-0068)
CVE-1999-0068
-
High
PHP Resource Management Errors Vulnerability (CVE-2012-0830)
CVE-2012-0830
-
High
PHP Other Vulnerability (CVE-1999-0058)
CVE-1999-0058
-
High
Apache HTTP Server Other Vulnerability (CVE-1999-0045)
CVE-1999-0045
-
High
Next.js Middleware Authorization Bypass
CVE-2025-29927
CWE-285
High
SimpleHelp Path Traversal (CVE-2024-57727)
CVE-2024-57728
CWE-22
High
Adobe Experience Manager writable JCR nodes via querybuilder
CVE-2025-54246
CWE-276
High
Adobe Experience Manager exposed user passwords via querybuilder
CVE-2025-54246
CWE-200
High
Adobe Experience Manager Blind XXE via package upload
CVE-2025-54246
CWE-611
High
Adobe Experience Manager SSRF via MS token verify servlet
CVE-2025-54246
CWE-918
High
Adobe Experience Manager Expression Language injection via cloudsettings
CVE-2025-54246
CWE-94
High
Dotclear Other Vulnerability (CVE-2005-3963)
CVE-2005-3963
-
High
Apache HTTP Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2003-0542)
CVE-2003-0542
CWE-119
High
SolarWinds Serv-U Directory Traversal (CVE-2024-28995)
CVE-2024-28995
CWE-22
High
Sitecore Arbitrary File Read (CVE-2024-46938)
CVE-2024-46938
CWE-200
High
Drupal Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-2687)
CVE-2011-2687
CWE-264
High
PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2008-3658)
CVE-2008-3658
CWE-119
High
MySQL Out-of-bounds Write Vulnerability (CVE-2009-4484)
CVE-2009-4484
CWE-787
High
Authentication Bypass in Ivanti Connect Secure and Policy Secure (CVE-2023-46805)
CVE-2023-46805
CWE-287
High
Ivanti EPM SQLi RCE (CVE-2024-29824)
CVE-2024-29824
CWE-89
High
Coppermine Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-3486)
CVE-2008-3486
CWE-22
High
Ruby Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-3655)
CVE-2008-3655
CWE-264
High
Ruby Resource Management Errors Vulnerability (CVE-2008-3656)
CVE-2008-3656
-
High
Ruby Improper Input Validation Vulnerability (CVE-2008-3657)
CVE-2008-3657
CWE-20
High
Oracle HTTP Server CVE-2006-0435 Vulnerability (CVE-2006-0435)
CVE-2006-0435
-
High
SSRF in Ivanti Connect Secure, Policy Secure and Neurons (CVE-2024-21893)
CVE-2024-21893
CWE-918
High
Oracle Application Server CVE-2006-0435 Vulnerability (CVE-2006-0435)
CVE-2006-0435
-
High
Oracle Database Server Other Vulnerability (CVE-2006-0551)
CVE-2006-0551
-
High
Trac CVE-2009-4405 Vulnerability (CVE-2009-4405)
CVE-2009-4405
-
High
Oracle Application Server Other Vulnerability (CVE-2006-0552)
CVE-2006-0552
-
High
Oracle Database Server Other Vulnerability (CVE-2006-0552)
CVE-2006-0552
-
High
Oracle Application Server Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2006-0586)
CVE-2006-0586
CWE-138
High
ZenCart Other Vulnerability (CVE-2009-4323)
CVE-2009-4323
-
High
MySQL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2012-0553)
CVE-2012-0553
CWE-119
High
Moodle Other Vulnerability (CVE-2006-0147)
CVE-2006-0147
-
High
Securepoint UTM (CVE-2023-22620, CVE-2023-22897)
CVE-2023-22897
CWE-863
High
Nexus Repository Manager 3 Path Traversal (CVE-2024-4956)
CVE-2024-4956
CWE-22
High
Polyfill.io Supply Chain Attack
-
-
High
TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2005-4875)
CVE-2005-4875
CWE-200
High
Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (CVE-2024-6387)
CVE-2024-6387
CWE-362
High
Ruby Improper Input Validation Vulnerability (CVE-2009-5147)
CVE-2009-5147
CWE-20
High
Jenkins Uncontrolled Resource Consumption Vulnerability (CVE-2012-0785)
CVE-2012-0785
CWE-400
High
Apache OFBiz SSRF (CVE-2023-50968)
CVE-2023-50968
CWE-918
High
Nginx Out-of-bounds Write Vulnerability (CVE-2013-2028)
CVE-2013-2028
CWE-787
High
Family Connections Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-0699)
CVE-2012-0699
CWE-352
High
Zenphoto Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-4566)
CVE-2009-4566
CWE-138
High
Jetty Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2009-5045)
CVE-2009-5045
CWE-200
High
PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2006-0097)
CVE-2006-0097
CWE-119
High
TYPO3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-4855)
CVE-2009-4855
CWE-138
High
Plone CMS CVE-2011-2528 Vulnerability (CVE-2011-2528)
CVE-2011-2528
-
High
Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2006-0146)
CVE-2006-0146
CWE-138
High
Zope Web Application Server CVE-2011-2528 Vulnerability (CVE-2011-2528)
CVE-2011-2528
-
High
Coppermine Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-3481)
CVE-2008-3481
CWE-94
High