Platform
Solutions
Pricing
Why Invicti
Resources Library
Get a demo
Home
/
Web Application Vulnerabilities
/ Known Vulnerabilities
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
Known Vulnerabilities
This page lists
13509 vulnerabilities
in this category.
Critical: 1465
High: 3387
Medium: 7907
Low: 748
Information: 2
Vulnerability Name
CVE
CWE
Severity
Reflected Cross-Site Scripting (XSS) vulnerability in PAN-OS management web interface
CVE-2020-2036
CWE-79
High
MySQL Other Vulnerability (CVE-2002-1375)
CVE-2002-1375
-
High
MySQL Other Vulnerability (CVE-2002-1376)
CVE-2002-1376
-
High
MyBB Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-29458)
CVE-2025-29458
CWE-918
High
Oracle Business Intelligence Adfresource Path traversal CVE-2019-2588
CVE-2019-2588
CWE-200
High
Oracle Business Intelligence AuthBypass CVE-2019-2768
CVE-2019-2768
CWE-200
High
Oracle Business Intelligence ReportTemplateService XXE CVE-2019-2616
CVE-2019-2616
CWE-611
High
AppWeb Authentication Bypass (CVE-2018-8715)
CVE-2018-8715
CWE-287
High
Apache Tomcat Other Vulnerability (CVE-2002-1394)
CVE-2002-1394
-
High
Moodle Improper Validation of Integrity Check Value Vulnerability (CVE-2012-1170)
CVE-2012-1170
CWE-354
High
Grafana URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-29170)
CVE-2022-29170
CWE-601
High
Oracle Business Intelligence Convert XXE CVE-2019-2767
CVE-2019-2767
CWE-611
High
PHP Other Vulnerability (CVE-2002-1396)
CVE-2002-1396
-
High
Seo Panel Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-29452)
CVE-2025-29452
CWE-918
High
TYPO3 Missing Authorization Vulnerability (CVE-2025-59017)
CVE-2025-59017
CWE-862
High
Envoy Proxy Reachable Assertion Vulnerability (CVE-2022-29228)
CVE-2022-29228
CWE-617
High
SharePoint CVE-2022-44693 Vulnerability (CVE-2022-44693)
CVE-2022-44693
-
High
Moodle Improper Input Validation Vulnerability (CVE-2012-1168)
CVE-2012-1168
CWE-20
High
Oracle Application Server Other Vulnerability (CVE-2002-1631)
CVE-2002-1631
-
High
PostgreSQL Other Vulnerability (CVE-2002-1397)
CVE-2002-1397
-
High
Envoy Proxy Use After Free Vulnerability (CVE-2022-29227)
CVE-2022-29227
CWE-416
High
Ruby on Rails DoubleTap RCE (CVE-2019-5420)
CVE-2019-5420
CWE-502
High
DNN (DotNetNuke) CMS Cookie Deserialization RCE CVE-2017-9822
CVE-2017-9822
CWE-502
High
SAP Hybris Deserialization RCE
CVE-2019-0344
CWE-502
High
Liferay Portal Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-28981)
CVE-2022-28981
CWE-22
High
SAP NetWeaver RECON CVE-2020-6287
CVE-2020-6287
CWE-287
High
Moodle Insertion of Sensitive Information into Log File Vulnerability (CVE-2012-1156)
CVE-2012-1156
CWE-532
High
XWikiplatform Incorrect Authorization Vulnerability (CVE-2025-29924)
CVE-2025-29924
CWE-863
High
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2025-29793)
CVE-2025-29793
CWE-502
High
ntopng Authentication Bypass (CVE-2021-28073)
CVE-2021-28073
CWE-287
High
MyBB Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-29459)
CVE-2025-29459
CWE-918
High
SharePoint CVE-2022-44690 Vulnerability (CVE-2022-44690)
CVE-2022-44690
-
High
AjaxPro.NET Professional Deserialization RCE (CVE-2021-23758)
CVE-2021-23758
CWE-502
High
Authentication bypass via MongoDB operator injection
-
CWE-943
High
Oracle E-Business Suite SQL injection (CVE-2017-3549)
CVE-2017-3549
CWE-89
High
Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2011-2930)
CVE-2011-2930
CWE-138
High
Envoy Proxy Improper Handling of Highly Compressed Data (Data Amplification) Vulnerability (CVE-2022-29225)
CVE-2022-29225
CWE-409
High
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1155)
CVE-2012-1155
CWE-200
High
Grandnode Path Traversal (CVE-2019-12276)
CVE-2019-12276
CWE-22
High
Drupal Reliance on Cookies without Validation and Integrity Checking Vulnerability (CVE-2022-29248)
CVE-2022-29248
CWE-565
High
Alibaba Nacos Authentication Bypass (CVE-2021-29441)
CVE-2021-29441
CWE-287
High
Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-1116)
CVE-2012-1116
CWE-138
High
Oracle Application Server Other Vulnerability (CVE-2002-1630)
CVE-2002-1630
-
High
Grav CMS Unauthenticated RCE (CVE-2021-21425)
CVE-2021-21425
CWE-284
High
MyBB Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-29457)
CVE-2025-29457
CWE-918
High
Deserialization of Untrusted Data (XStream)
CVE-2020-26217
CWE-502
High
WordPress Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2011-3130)
CVE-2011-3130
CWE-138
High
PostgreSQL Other Vulnerability (CVE-2002-1400)
CVE-2002-1400
-
High
SharePoint Improper Authorization Vulnerability (CVE-2025-29794)
CVE-2025-29794
CWE-285
High
DotCMS unrestricted file upload (CVE-2022-26352)
CVE-2022-26352
CWE-434
High
MongoDB $where operator JavaScript injection
-
CWE-943
High
Vulnerable package dependencies [high]
-
CWE-1104
High
MySQL CVE-2020-14799 Vulnerability (CVE-2020-14799)
CVE-2020-14799
-
Medium
MySQL CVE-2020-14785 Vulnerability (CVE-2020-14785)
CVE-2020-14785
-
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-25147)
CVE-2024-25147
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-25145)
CVE-2024-25145
CWE-707
Medium
Liferay DXP Excessive Iteration Vulnerability (CVE-2024-25144)
CVE-2024-25144
CWE-834
Medium
MySQL CVE-2020-14776 Vulnerability (CVE-2020-14776)
CVE-2020-14776
-
Medium
phpList Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13827)
CVE-2020-13827
CWE-707
Medium
Liferay DXP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-25143)
CVE-2024-25143
CWE-770
Medium
Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13828)
CVE-2020-13828
CWE-707
Medium
Drupal Incorrect Authorization Vulnerability (CVE-2020-13676)
CVE-2020-13676
CWE-863
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-25147)
CVE-2024-25147
CWE-707
Medium
TYPO3 Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2025-59016)
CVE-2025-59016
CWE-209
Medium
Sqlite NULL Pointer Dereference Vulnerability (CVE-2019-19242)
CVE-2019-19242
CWE-476
Medium
Liferay Portal Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-25143)
CVE-2024-25143
CWE-770
Medium
MySQL CVE-2024-20981 Vulnerability (CVE-2024-20981)
CVE-2024-20981
-
Medium
MySQL CVE-2020-14777 Vulnerability (CVE-2020-14777)
CVE-2020-14777
-
Medium
Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13688)
CVE-2020-13688
CWE-707
Medium
Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-13674)
CVE-2020-13674
CWE-352
Medium
MySQL CVE-2020-14800 Vulnerability (CVE-2020-14800)
CVE-2020-14800
-
Medium
silverstripeCMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-19325)
CVE-2019-19325
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-25145)
CVE-2024-25145
CWE-707
Medium
LimeSurvey Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2019-16175)
CVE-2019-16175
CWE-1021
Medium
MySQL CVE-2024-20983 Vulnerability (CVE-2024-20983)
CVE-2024-20983
-
Medium
«
1
...
64
65
66
...
181
»
