Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

Known Vulnerabilities

This page lists 13509 vulnerabilities in this category.

Critical: 1465 High: 3387 Medium: 7907 Low: 748 Information: 2
Vulnerability Name
CVE
CWE
Severity
Joomla Improper Privilege Management Vulnerability (CVE-2012-1563)
CVE-2012-1563
CWE-269
High
Ektron CMS400.NET ContentRatingGraph.aspx SQL injection
CVE-2008-5122
CWE-89
High
Apache HTTP Server Improper Locking Vulnerability (CVE-2002-1850)
CVE-2002-1850
CWE-667
High
Seo Panel Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-29451)
CVE-2025-29451
CWE-918
High
MongoDB injection
-
CWE-943
High
osCommerce Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2002-2019)
CVE-2002-2019
CWE-94
High
Rails mass assignment
-
CWE-915
High
Parallels Plesk SQL injection vulnerability
CVE-2012-1557
CWE-89
High
e107 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2011-1513)
CVE-2011-1513
CWE-138
High
PHP-CGI remote code execution
CVE-2012-2311
CWE-20
High
Apache HTTP Server Other Vulnerability (CVE-2002-2029)
CVE-2002-2029
-
High
OpenSSL Numeric Errors Vulnerability (CVE-2012-2131)
CVE-2012-2131
-
High
PHP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-0568)
CVE-2023-0568
CWE-770
High
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2022-25763)
CVE-2022-25763
CWE-20
High
Oracle Application Server Other Vulnerability (CVE-2002-2153)
CVE-2002-2153
-
High
OpenX xajaxargs SQL injection vulnerability
-
CWE-89
High
Apache Tomcat Improper Resource Shutdown or Release Vulnerability (CVE-2022-25762)
CVE-2022-25762
CWE-404
High
Moveable Type 4.x unauthenticated remote command execution
CVE-2013-0209
CWE-287
High
Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2025-23209)
CVE-2025-23209
CWE-94
High
Piwigo Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2012-2208)
CVE-2012-2208
CWE-22
High
OpenSSL Improper Certificate Validation Vulnerability (CVE-2023-0464)
CVE-2023-0464
CWE-295
High
XOOPS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2002-2391)
CVE-2002-2391
CWE-138
High
DotNetNuke multiple vulnerabilities
CVE-2012-1030
CWE-79
High
FCKeditor spellchecker.php cross site scripting vulnerability
CVE-2012-4000
CWE-79
High
Ampache Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-0771)
CVE-2023-0771
CWE-138
High
Oracle JRE Improper Access Control Vulnerability (CVE-2025-21587)
CVE-2025-21587
CWE-284
High
PHP Uncontrolled Resource Consumption Vulnerability (CVE-2023-0662)
CVE-2023-0662
CWE-400
High
Apache HTTP Server Other Vulnerability (CVE-2003-0016)
CVE-2003-0016
-
High
XWikiplatform Missing Authorization Vulnerability (CVE-2025-23025)
CVE-2025-23025
CWE-862
High
Oracle Sun GlassFish/Java System Application Server Remote Authentication Bypass Vulnerability
CVE-2011-0807
CWE-287
High
Oracle Application Server Credentials Management Errors Vulnerability (CVE-2002-2345)
CVE-2002-2345
-
High
PHP Resource Management Errors Vulnerability (CVE-2002-2309)
CVE-2002-2309
-
High
Apache Tomcat Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2002-2272)
CVE-2002-2272
CWE-119
High
Cross-site scripting vulnerability in Google Web Toolkit (CVE-2012-5920)
CVE-2012-5920
CWE-80
High
Apache HTTP Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2002-2272)
CVE-2002-2272
CWE-119
High
Oracle HTTP Server Integer Overflow or Wraparound Vulnerability (CVE-2022-25314)
CVE-2022-25314
CWE-190
High
Ruby on Rails SQL injection
CVE-2012-2695
CWE-89
High
Multiple critical vulnerabilities in Apache Struts2
CVE-2012-0393
CWE-264
High
Drupal 7 arbitrary PHP code execution and information disclosure
CVE-2012-4554
CWE-264
High
Umbraco CMS remote code execution
-
CWE-94
High
PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2011-1938)
CVE-2011-1938
CWE-119
High
MySQL Other Vulnerability (CVE-2002-1923)
CVE-2002-1923
-
High
MySQL Other Vulnerability (CVE-2002-1921)
CVE-2002-1921
-
High
Ampache Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-4665)
CVE-2022-4665
CWE-434
High
OpenSSL Double Free Vulnerability (CVE-2022-4450)
CVE-2022-4450
CWE-415
High
timthumb.php remote code execution
CVE-2011-4106
CWE-20
High
phpMyFAQ Cleartext Transmission of Sensitive Information Vulnerability (CVE-2022-4409)
CVE-2022-4409
CWE-319
High
Moodle Files or Directories Accessible to External Parties Vulnerability (CVE-2025-26525)
CVE-2025-26525
CWE-552
High
Python Untrusted Search Path Vulnerability (CVE-2022-26488)
CVE-2022-26488
CWE-426
High
AbanteCart Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-26521)
CVE-2022-26521
CWE-434
High
VirtueMart access control bypass
-
CWE-287
High
WooFramework shortcode exploit
-
CWE-95
High
Zend Framework local file disclosure via XXE injection
CVE-2015-5161
CWE-611
High
CKEditor 4.0.1 cross-site scripting vulnerability
-
CWE-79
High
Struts2/XWork remote command execution (S2-014)
CVE-2013-2115
CWE-94
High
OpenSSL Use After Free Vulnerability (CVE-2023-0215)
CVE-2023-0215
CWE-416
High
AngularJS Inefficient Regular Expression Complexity Vulnerability (CVE-2022-25844)
CVE-2022-25844
CWE-1333
High
qdPM Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-26180)
CVE-2022-26180
CWE-352
High
Joomla CVE-2025-25227 Vulnerability (CVE-2025-25227)
CVE-2025-25227
-
High
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2023-0401)
CVE-2023-0401
CWE-476
High
UAParser.js Inefficient Regular Expression Complexity Vulnerability (CVE-2022-25927)
CVE-2022-25927
CWE-1333
High
OpenSSL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2012-2110)
CVE-2012-2110
CWE-119
High
PHP Address Book Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-1911)
CVE-2012-1911
CWE-138
High
MODX Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-26149)
CVE-2022-26149
CWE-434
High
GibbonEdu Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2025-26211)
CVE-2025-26211
CWE-352
High
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2023-0216)
CVE-2023-0216
CWE-476
High
Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-26266)
CVE-2022-26266
CWE-138
High
OpenSSL Access of Resource Using Incompatible Type ('Type Confusion') Vulnerability (CVE-2023-0286)
CVE-2023-0286
CWE-843
High
Piwigo Exposure of Resource to Wrong Sphere Vulnerability (CVE-2022-26267)
CVE-2022-26267
CWE-668
High
osCommerce Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2002-1991)
CVE-2002-1991
CWE-94
High
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2023-0217)
CVE-2023-0217
CWE-476
High
Apache HTTP Server Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2022-26377)
CVE-2022-26377
CWE-444
High
Arbitrary EL Evaluation in RichFaces
CVE-2015-0279
CWE-917
High
Apache Traffic Server CVE-2022-47185 Vulnerability (CVE-2022-47185)
CVE-2022-47185
-
High
MyBB Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-29460)
CVE-2025-29460
CWE-918
High