🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Invicti vs. Competitors
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
MSSP
Documentation
Vulnerability Database
Get a demo
Home
/
Web Application Vulnerabilities
/ Known Vulnerabilities
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
Known Vulnerabilities
This page lists
14981 vulnerabilities
in this category.
Critical: 1612
High: 4015
Medium: 8569
Low: 783
Information: 2
Vulnerability Name
CVE
CWE
Severity
Magento Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2020-9578)
CVE-2020-9578
CWE-138
Critical
Magento CVE-2020-9579 Vulnerability (CVE-2020-9579)
CVE-2020-9579
-
Critical
Magento CVE-2020-9580 Vulnerability (CVE-2020-9580)
CVE-2020-9580
-
Critical
phpMyAdmin Other Vulnerability (CVE-2007-0203)
CVE-2007-0203
-
Critical
Magento Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2020-9583)
CVE-2020-9583
CWE-138
Critical
SharePoint CVE-2021-1707 Vulnerability (CVE-2021-1707)
CVE-2021-1707
-
Critical
Magento CVE-2020-9585 Vulnerability (CVE-2020-9585)
CVE-2020-9585
-
Critical
Magento Improper Privilege Management Vulnerability (CVE-2020-9630)
CVE-2020-9630
CWE-269
Critical
Magento CVE-2020-9631 Vulnerability (CVE-2020-9631)
CVE-2020-9631
-
Critical
Magento CVE-2020-9632 Vulnerability (CVE-2020-9632)
CVE-2020-9632
-
Critical
Magento Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2020-9664)
CVE-2020-9664
CWE-94
Critical
Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-9691)
CVE-2020-9691
CWE-707
Critical
PHP CVE-2007-0910 Vulnerability (CVE-2007-0910)
CVE-2007-0910
-
Critical
phpList Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-20029)
CVE-2017-20029
CWE-138
Critical
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-5344)
CVE-2017-5344
CWE-138
Critical
Jenkins Other Vulnerability (CVE-2021-21696)
CVE-2021-21696
-
Critical
Jenkins Missing Authorization Vulnerability (CVE-2021-21694)
CVE-2021-21694
CWE-862
Critical
Jenkins Protection Mechanism Failure Vulnerability (CVE-2021-21696 )
CVE-2021-21696
CWE-693
Critical
PHP Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-1581)
CVE-2007-1581
CWE-94
Critical
Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-17900)
CVE-2017-17900
CWE-138
Critical
Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-17899)
CVE-2017-17899
CWE-138
Critical
Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-17897)
CVE-2017-17897
CWE-138
Critical
Jenkins Other Vulnerability (CVE-2021-21697)
CVE-2021-21697
-
Critical
Jenkins Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-21692)
CVE-2021-21692
CWE-22
Critical
Ruby Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2017-17790)
CVE-2017-17790
CWE-138
Critical
Nexus Repository Manager Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2017-17717)
CVE-2017-17717
CWE-327
Critical
GeoServer Improper Restriction of XML External Entity Reference Vulnerability (CVE-2025-58360)
CVE-2025-58360
CWE-611
Critical
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2017-17485)
CVE-2017-17485
CWE-502
Critical
PHP Use After Free Vulnerability (CVE-2021-21708)
CVE-2021-21708
CWE-416
Critical
Moodle Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-21809)
CVE-2021-21809
CWE-732
Critical
Jenkins Improper Authorization Vulnerability (CVE-2021-21693)
CVE-2021-21693
CWE-285
Critical
Jenkins Incorrect Authorization Vulnerability (CVE-2021-21692 )
CVE-2021-21692
CWE-863
Critical
Nginx Integer Overflow or Wraparound Vulnerability (CVE-2017-20005)
CVE-2017-20005
CWE-190
Critical
phpMyAdmin CVE-2017-18264 Vulnerability (CVE-2017-18264)
CVE-2017-18264
-
Critical
WebLogic Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2021-21347)
CVE-2021-21347
CWE-434
Critical
WebLogic CVE-2021-21350 Vulnerability (CVE-2021-21350)
CVE-2021-21350
-
Critical
phpMyFAQ CVE-2025-59943 Vulnerability (CVE-2025-59943)
CVE-2025-59943
-
Critical
Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-59681)
CVE-2025-59681
CWE-138
Critical
Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-59543)
CVE-2025-59543
CWE-707
Critical
Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-59542)
CVE-2025-59542
CWE-707
Critical
PHP Numeric Errors Vulnerability (CVE-2007-1383)
CVE-2007-1383
-
Critical
Jenkins Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2021-21691)
CVE-2021-21691
CWE-59
Critical
PHP Other Vulnerability (CVE-2007-1399)
CVE-2007-1399
-
Critical
Jenkins Missing Authorization Vulnerability (CVE-2021-21685)
CVE-2021-21685
CWE-862
Critical
Jenkins Missing Authorization Vulnerability (CVE-2021-21687)
CVE-2021-21687
CWE-862
Critical
Jenkins Other Vulnerability (CVE-2021-21689)
CVE-2021-21689
-
Critical
Jenkins Protection Mechanism Failure Vulnerability (CVE-2021-21690 )
CVE-2021-21690
CWE-693
Critical
Jenkins Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-21690)
CVE-2021-21690
CWE-22
Critical
PHP Integer Overflow or Wraparound Vulnerability (CVE-2017-5340)
CVE-2017-5340
CWE-190
Critical
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-9547)
CVE-2020-9547
CWE-502
Critical
WordPress CVE-2006-4028 Vulnerability (CVE-2006-4028)
CVE-2006-4028
-
Critical
Jboss EAP Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-7465)
CVE-2017-7465
CWE-94
Critical
Moodle Improper Input Validation Vulnerability (CVE-2006-4936)
CVE-2006-4936
CWE-20
Critical
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2017-7525)
CVE-2017-7525
CWE-502
Critical
Jboss Deserialization of Untrusted Data Vulnerability (CVE-2017-7504)
CVE-2017-7504
CWE-502
Critical
Jboss EAP Improper Restriction of XML External Entity Reference Vulnerability (CVE-2017-7503)
CVE-2017-7503
CWE-611
Critical
Liferay Portal Deserialization of Untrusted Data Vulnerability (CVE-2020-7961)
CVE-2020-7961
CWE-502
Critical
Dolibarr Improper Authentication Vulnerability (CVE-2020-7995)
CVE-2020-7995
CWE-287
Critical
Jboss EAP Improper Restriction of XML External Entity Reference Vulnerability (CVE-2017-7464)
CVE-2017-7464
CWE-611
Critical
PHP Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2006-4812)
CVE-2006-4812
CWE-94
Critical
MODX Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-7324)
CVE-2017-7324
CWE-94
Critical
MODX Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-7321)
CVE-2017-7321
CWE-94
Critical
Oracle Database Server CVE-2006-5332 Vulnerability (CVE-2006-5332)
CVE-2006-5332
-
Critical
Internet Information Services Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2017-7269)
CVE-2017-7269
CWE-119
Critical
Oracle Database Server CVE-2006-5335 Vulnerability (CVE-2006-5335)
CVE-2006-5335
-
Critical
Oracle Database Server CVE-2006-5336 Vulnerability (CVE-2006-5336)
CVE-2006-5336
-
Critical
Moodle Improper Input Validation Vulnerability (CVE-2006-4935)
CVE-2006-4935
CWE-20
Critical
Plone CMS Improper Privilege Management Vulnerability (CVE-2020-7941)
CVE-2020-7941
CWE-269
Critical
Oracle Database Server CVE-2006-5338 Vulnerability (CVE-2006-5338)
CVE-2006-5338
-
Critical
SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-64672)
CVE-2025-64672
CWE-707
Critical
Apache Tomcat Improper Certificate Validation Vulnerability (CVE-2025-66614)
CVE-2025-66614
CWE-295
Critical
Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-7471)
CVE-2020-7471
CWE-138
Critical
SugarCRM Missing Authorization Vulnerability (CVE-2020-7472)
CVE-2020-7472
CWE-862
Critical
Dolibarr Inadequate Encryption Strength Vulnerability (CVE-2017-7888)
CVE-2017-7888
CWE-326
Critical
Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-7886)
CVE-2017-7886
CWE-138
Critical
«
1
...
6
7
8
...
200
»