🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Invicti vs. Competitors
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
MSSP
Documentation
Vulnerability Database
Get a demo
Home
/
Web Application Vulnerabilities
/ Known Vulnerabilities
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
Known Vulnerabilities
This page lists
14981 vulnerabilities
in this category.
Critical: 1612
High: 4015
Medium: 8569
Low: 783
Information: 2
Vulnerability Name
CVE
CWE
Severity
Ruby on Rails Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2006-4111)
CVE-2006-4111
CWE-94
High
WordPress Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-4625)
CVE-2008-4625
CWE-138
High
Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2006-4475)
CVE-2006-4475
CWE-264
High
Envoy Proxy Use After Free Vulnerability (CVE-2025-62504)
CVE-2025-62504
CWE-416
High
phpMyFAQ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-62519)
CVE-2025-62519
CWE-138
High
SharePoint Use After Free Vulnerability (CVE-2025-62555)
CVE-2025-62555
CWE-416
High
SharePoint Use After Free Vulnerability (CVE-2025-62558)
CVE-2025-62558
CWE-416
High
Drupal Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-3223)
CVE-2008-3223
CWE-138
High
SharePoint Use After Free Vulnerability (CVE-2025-62559)
CVE-2025-62559
CWE-416
High
SharePoint Use After Free Vulnerability (CVE-2025-62562)
CVE-2025-62562
CWE-416
High
Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2006-4785)
CVE-2006-4785
CWE-138
High
Joomla Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2008-3227)
CVE-2008-3227
CWE-59
High
Joomla Configuration Vulnerability (CVE-2008-3228)
CVE-2008-3228
-
High
e107 Other Vulnerability (CVE-2006-4548)
CVE-2006-4548
-
High
Django Inefficient Algorithmic Complexity Vulnerability (CVE-2025-64458)
CVE-2025-64458
CWE-407
High
PHP Other Vulnerability (CVE-2006-4481)
CVE-2006-4481
-
High
Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2006-4476)
CVE-2006-4476
CWE-264
High
Django Inefficient Algorithmic Complexity Vulnerability (CVE-2025-64460)
CVE-2025-64460
CWE-407
High
Ruby on Rails CVE-2006-4112 Vulnerability (CVE-2006-4112)
CVE-2006-4112
-
High
Coppermine Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-3486)
CVE-2008-3486
CWE-22
High
PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2008-3658)
CVE-2008-3658
CWE-119
High
Ruby Improper Input Validation Vulnerability (CVE-2008-3657)
CVE-2008-3657
CWE-20
High
Ruby Resource Management Errors Vulnerability (CVE-2008-3656)
CVE-2008-3656
-
High
Ruby Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-3655)
CVE-2008-3655
CWE-264
High
Liferay Portal Insertion of Sensitive Information Into Sent Data Vulnerability (CVE-2025-43768)
CVE-2025-43768
CWE-201
High
Envoy Proxy Improper Null Termination Vulnerability (CVE-2025-66220)
CVE-2025-66220
CWE-170
High
Coppermine Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-3481)
CVE-2008-3481
CWE-94
High
XOOPS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-3296)
CVE-2008-3296
CWE-22
High
Liferay DXP Insertion of Sensitive Information Into Sent Data Vulnerability (CVE-2025-43768)
CVE-2025-43768
CWE-201
High
PHP Other Vulnerability (CVE-2006-4433)
CVE-2006-4433
-
High
Apache Traffic Server Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2025-65114)
CVE-2025-65114
-
High
Joomla CVE-2006-4469 Vulnerability (CVE-2006-4469)
CVE-2006-4469
-
High
Joomla CVE-2006-4470 Vulnerability (CVE-2006-4470)
CVE-2006-4470
-
High
Joomla CVE-2006-4472 Vulnerability (CVE-2006-4472)
CVE-2006-4472
-
High
Roundcube Improper Encoding or Escaping of Output Vulnerability (CVE-2025-68460)
CVE-2025-68460
CWE-116
High
Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2025-3642)
CVE-2025-3642
CWE-94
High
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2025-29793)
CVE-2025-29793
CWE-502
High
Oracle JRE CVE-2025-30749 Vulnerability (CVE-2025-30749)
CVE-2025-30749
-
High
PostgreSQL Other Vulnerability (CVE-2006-2313)
CVE-2006-2313
-
High
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-32044)
CVE-2025-32044
CWE-200
High
MongoDb Excessive Iteration Vulnerability (CVE-2025-6714)
CVE-2025-6714
CWE-834
High
Apache Traffic Server Improper Access Control Vulnerability (CVE-2025-31698)
CVE-2025-31698
CWE-284
High
Drupal Improper Control of Dynamically-Managed Code Resources Vulnerability (CVE-2025-31674)
CVE-2025-31674
CWE-913
High
Sqlite Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2008-6592)
CVE-2008-6592
CWE-22
High
Sqlite Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-6593)
CVE-2008-6593
CWE-138
High
Mailman Other Vulnerability (CVE-2006-2191)
CVE-2006-2191
-
High
silverstripeCMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-6753)
CVE-2008-6753
CWE-138
High
Apache Tomcat Incomplete Cleanup Vulnerability (CVE-2025-31650)
CVE-2025-31650
CWE-459
High
WebLogic Missing Authentication for Critical Function Vulnerability (CVE-2025-30762)
CVE-2025-30762
CWE-306
High
Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-6852)
CVE-2008-6852
CWE-138
High
phpBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2025-70810)
CVE-2025-70810
CWE-352
High
Oracle Database Server Incorrect Authorization Vulnerability (CVE-2025-30751)
CVE-2025-30751
CWE-863
High
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-7002)
CVE-2008-7002
CWE-264
High
MongoDb Uncontrolled Recursion Vulnerability (CVE-2025-6710)
CVE-2025-6710
CWE-674
High
WeBid Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-7116)
CVE-2008-7116
CWE-138
High
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2025-30384)
CVE-2025-30384
CWE-502
High
WeBid Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-7119)
CVE-2008-7119
CWE-138
High
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2025-30382)
CVE-2025-30382
CWE-502
High
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2025-30378)
CVE-2025-30378
CWE-502
High
Prototype CVE-2008-7220 Vulnerability (CVE-2008-7220)
CVE-2008-7220
-
High
Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2006-20001)
CVE-2006-20001
CWE-787
High
Sqlite Improper Clearing of Heap Memory Before Release ('Heap Inspection') Vulnerability (CVE-2025-70873)
CVE-2025-70873
CWE-244
High
Envoy Proxy CVE-2025-30157 Vulnerability (CVE-2025-30157)
CVE-2025-30157
-
High
GeoServer Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2025-30145)
CVE-2025-30145
CWE-835
High
MOVEit Transfer Improper Privilege Management Vulnerability (CVE-2025-2324)
CVE-2025-2324
CWE-269
High
SharePoint CVE-2025-29976 Vulnerability (CVE-2025-29976)
CVE-2025-29976
-
High
XWikiplatform Incorrect Authorization Vulnerability (CVE-2025-29924)
CVE-2025-29924
CWE-863
High
SharePoint Improper Authorization Vulnerability (CVE-2025-29794)
CVE-2025-29794
CWE-285
High
PostgreSQL Other Vulnerability (CVE-2006-2314)
CVE-2006-2314
-
High
phpList Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-6178)
CVE-2008-6178
CWE-94
High
Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2025-3641)
CVE-2025-3641
CWE-94
High
OpenSSL Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2025-69420)
CVE-2025-69420
CWE-754
High
Drupal CVE-2008-4793 Vulnerability (CVE-2008-4793)
CVE-2008-4793
-
High
Python Integer Overflow or Wraparound Vulnerability (CVE-2008-4864)
CVE-2008-4864
CWE-190
High
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2025-3638)
CVE-2025-3638
CWE-352
High
«
1
...
64
65
66
...
200
»