🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Invicti vs. Competitors
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
MSSP
Documentation
Vulnerability Database
Get a demo
Home
/
Web Application Vulnerabilities
/ Known Vulnerabilities
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
Known Vulnerabilities
This page lists
14981 vulnerabilities
in this category.
Critical: 1612
High: 4015
Medium: 8569
Low: 783
Information: 2
Vulnerability Name
CVE
CWE
Severity
MongoDb Out-of-bounds Write Vulnerability (CVE-2026-8053)
CVE-2026-8053
CWE-787
High
Oracle JRE CVE-2012-0503 Vulnerability (CVE-2012-0503)
CVE-2012-0503
-
High
Oracle JRE CVE-2012-0505 Vulnerability (CVE-2012-0505)
CVE-2012-0505
-
High
XWiki Cleartext Storage of Sensitive Information Vulnerability (CVE-2023-50719)
CVE-2023-50719
CWE-312
High
Squid Uncontrolled Recursion Vulnerability (CVE-2023-50269)
CVE-2023-50269
CWE-674
High
Grandnode Path Traversal (CVE-2019-12276)
CVE-2019-12276
CWE-22
High
Family Connections Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-0699)
CVE-2012-0699
CWE-352
High
Oracle Database Server CVE-2012-0519 Vulnerability (CVE-2012-0519)
CVE-2012-0519
-
High
Grafana Plugin Dir Traversal (CVE-2021-43798)
CVE-2021-43798
CWE-200
High
Grafana CVE-2023-4822 Vulnerability (CVE-2023-4822)
CVE-2023-4822
-
High
OpenSSL CVE-2023-4807 Vulnerability (CVE-2023-4807)
CVE-2023-4807
-
High
Jboss EAP Improper Initialization Vulnerability (CVE-2023-4503)
CVE-2023-4503
CWE-665
High
Grafana CVE-2023-4399 Vulnerability (CVE-2023-4399)
CVE-2023-4399
-
High
Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-4226)
CVE-2023-4226
CWE-434
High
Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-4225)
CVE-2023-4225
CWE-434
High
Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-4224)
CVE-2023-4224
CWE-434
High
Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-4223)
CVE-2023-4223
CWE-434
High
Chamilo Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2023-4222)
CVE-2023-4222
CWE-138
High
MySQL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2012-0553)
CVE-2012-0553
CWE-119
High
Chamilo Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2023-4221)
CVE-2023-4221
CWE-138
High
Dolibarr Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2023-4197)
CVE-2023-4197
CWE-138
High
Grav CMS Unauthenticated RCE (CVE-2021-21425)
CVE-2021-21425
CWE-284
High
Ghost CMS Theme Preview XSS (CVE-2021-29484)
CVE-2021-29484
CWE-79
High
ntopng Authentication Bypass (CVE-2021-28073)
CVE-2021-28073
CWE-287
High
Telerik Web UI Unrestricted File Upload (CVE-2017-11317)
CVE-2017-11317
CWE-78
High
Moodle Insertion of Sensitive Information into Log File Vulnerability (CVE-2012-1156)
CVE-2012-1156
CWE-532
High
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-46243)
CVE-2023-46243
CWE-94
High
XWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-46242)
CVE-2023-46242
CWE-352
High
Citrix XenMobile Server Path Traversal
CVE-2020-8209
CWE-22
High
Werkzeug WSGI Out-of-bounds Write Vulnerability (CVE-2023-46136)
CVE-2023-46136
CWE-787
High
Citrix ADC/Gateway Unauthenticated Remote Code Execution
CVE-2019-19781
CWE-22
High
GibbonEdu Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-45880)
CVE-2023-45880
CWE-22
High
IBMHttpServer Reachable Assertion Vulnerability (CVE-2026-8852)
CVE-2026-8852
CWE-617
High
Oracle WebLogic Remote Code Execution via IIOP
CVE-2020-2551
CWE-502
High
Moodle Improper Input Validation Vulnerability (CVE-2012-1168)
CVE-2012-1168
CWE-20
High
Apache Unomi MVEL RCE (CVE-2020-13942)
CVE-2020-13942
CWE-20
High
Total.js Directory Traversal (CVE-2019-8903)
CVE-2019-8903
CWE-22
High
Telerik Web UI RadAsyncUpload Deserialization
CVE-2019-18935
CWE-78
High
Telerik Web UI Insecure Direct Object Reference
CVE-2017-11357
CWE-78
High
Moodle Improper Validation of Integrity Check Value Vulnerability (CVE-2012-1170)
CVE-2012-1170
CWE-354
High
XWiki Incorrect Authorization Vulnerability (CVE-2023-46244)
CVE-2023-46244
CWE-863
High
Telerik Web UI Unrestricted File Upload (CVE-2014-2217)
CVE-2014-2217
CWE-78
High
qdPM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-45855)
CVE-2023-45855
CWE-22
High
SAP NetWeaver RECON CVE-2020-6287
CVE-2020-6287
CWE-287
High
SAP IGS XXE (CVE-2018-2392, CVE-2018-2393)
CVE-2018-2393
CWE-611
High
Ruby on Rails DoubleTap RCE (CVE-2019-5420)
CVE-2019-5420
CWE-502
High
Odoo LFI (CVE-2019-14322)
CVE-2019-14322
CWE-22
High
Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-1225)
CVE-2012-1225
CWE-138
High
Apache OFBiz XMLRPC Deserialization RCE (CVE-2020-9496/CVE-2023-49070)
CVE-2023-49070
CWE-502
High
IBMHttpServer Expired Pointer Dereference Vulnerability (CVE-2026-8854)
CVE-2026-8854
CWE-825
High
Oracle E-Business Suite SSRF (CVE-2017-10246)
CVE-2017-10246
CWE-918
High
Oracle E-Business Suite SQL injection (CVE-2017-3549)
CVE-2017-3549
CWE-89
High
Oracle Business Intelligence AMF Deserialization RCE CVE-2020-2950
CVE-2020-2950
CWE-502
High
Kentico CMS RCE CVE-2017-17736
CVE-2017-17736
CWE-425
High
PleskWin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-1557)
CVE-2012-1557
CWE-138
High
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1155)
CVE-2012-1155
CWE-200
High
Next.js CVE-2023-46298 Vulnerability (CVE-2023-46298)
CVE-2023-46298
-
High
Dragonfly Arbitrary File Read/Write (CVE-2021-33564)
CVE-2021-33564
CWE-20
High
vBulletin Pre-Auth RCE Vulnerability
CVE-2020-17496
CWE-94
High
Unauthenticated OGNL injection in Confluence Server and Data Center
CVE-2021-26084
CWE-917
High
IBMHttpServer Heap-based Buffer Overflow Vulnerability (CVE-2026-8834)
CVE-2026-8834
CWE-122
High
OpenVPN AS Divide By Zero Vulnerability (CVE-2023-46849)
CVE-2023-46849
CWE-369
High
MySQL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2012-0882)
CVE-2012-0882
CWE-119
High
IBMHttpServer Untrusted Pointer Dereference Vulnerability (CVE-2026-8835)
CVE-2026-8835
CWE-822
High
Squid Incorrect Conversion between Numeric Types Vulnerability (CVE-2023-46848)
CVE-2023-46848
CWE-681
High
Squid Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2023-46847)
CVE-2023-46847
CWE-120
High
IBMHttpServer NULL Pointer Dereference Vulnerability (CVE-2026-8850)
CVE-2026-8850
CWE-476
High
Osclass Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-0973)
CVE-2012-0973
CWE-138
High
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-46816)
CVE-2023-46816
CWE-94
High
AppWeb Authentication Bypass (CVE-2018-8715)
CVE-2018-8715
CWE-287
High
Agentejo Cockpit CMS resetpassword NoSQLi (CVE-2020-35847)
CVE-2020-35847
CWE-89
High
WordPress Theme OneTone: Unauthenticated Stored Cross-Site Scripting (XSS)
CVE-2019-17231
CWE-79
High
vBulletin 5.6.1 nodeId SQL injection
CVE-2020-12720
CWE-94
High
SugarCRM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-46815)
CVE-2023-46815
CWE-434
High
Apache Tomcat Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2023-46589)
CVE-2023-46589
-
High
«
1
...
66
67
68
...
200
»