🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Invicti vs. Competitors
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
MSSP
Documentation
Vulnerability Database
Get a demo
Home
/
Web Application Vulnerabilities
/ Known Vulnerabilities
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
Known Vulnerabilities
This page lists
14981 vulnerabilities
in this category.
Critical: 1612
High: 4015
Medium: 8569
Low: 783
Information: 2
Vulnerability Name
CVE
CWE
Severity
HipChat for JIRA plugin - Velocity template injection
CVE-2015-5603
CWE-94
High
MongoDb Out-of-bounds Write Vulnerability (CVE-2026-9753)
CVE-2026-9753
CWE-787
High
JBoss Seam remoting vulnerabilities
CVE-2013-6448
CWE-611
High
JBoss Seam framework remote code execution
CVE-2010-1871
CWE-94
High
ImageMagick remote code execution
CVE-2016-3714
CWE-78
High
IBM Web Content Manager XPath injection
CVE-2013-6735
CWE-643
High
The Heartbleed Bug
CVE-2014-0160
CWE-200
High
Oracle Sun GlassFish/Java System Application Server Remote Authentication Bypass Vulnerability
CVE-2011-0807
CWE-287
High
Multiple XSS vulnerabilities in Google Web Toolkit
CVE-2013-4204
CWE-80
High
Cross-site scripting vulnerability in Google Web Toolkit (CVE-2012-5920)
CVE-2012-5920
CWE-80
High
Cross-site scripting vulnerability in Google Web Toolkit
CVE-2012-4563
CWE-80
High
FCKeditor spellchecker.php cross site scripting vulnerability
CVE-2012-4000
CWE-79
High
Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-37270)
CVE-2023-37270
CWE-138
High
EktronCMS Saxon XSLT parser remote code execution
CVE-2015-0931
CWE-78
High
SharePoint CVE-2023-36892 Vulnerability (CVE-2023-36892)
CVE-2023-36892
-
High
DotNetNuke multiple vulnerabilities
CVE-2012-1030
CWE-79
High
SharePoint CVE-2023-36891 Vulnerability (CVE-2023-36891)
CVE-2023-36891
-
High
Security update: Hotfix available for ColdFusion
CVE-2013-0632
CWE-287
High
Adobe ColdFusion 9 administrative login bypass
CVE-2013-0632
CWE-287
High
Adobe ColdFusion directory traversal
CVE-2013-3336
CWE-22
High
SharePoint CVE-2023-36764 Vulnerability (CVE-2023-36764)
CVE-2023-36764
-
High
SharePoint CVE-2023-36762 Vulnerability (CVE-2023-36762)
CVE-2023-36762
-
High
Microsoft SQL Server CVE-2023-36730 Vulnerability (CVE-2023-36730)
CVE-2023-36730
-
High
Jenkins Improper Input Validation Vulnerability (CVE-2012-4438)
CVE-2012-4438
CWE-20
High
CodeIgniter 2.1.3 xss_clean() filter bypass
CVE-2013-4891
CWE-80
High
CakePHP 1.3.5 / 1.2.8 unserialize() vulnerability
CVE-2010-4335
CWE-20
High
Apache Roller OGNL injection
CVE-2013-4212
CWE-20
High
Joomla! remote code execution vulnerability
CVE-2015-8562
CWE-94
High
Contao Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-4383)
CVE-2012-4383
CWE-138
High
Rails remote code execution using render :inline
CVE-2016-2098
CWE-94
High
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-37914)
CVE-2023-37914
CWE-94
High
Ruby on Rails SQL injection
CVE-2012-2695
CWE-89
High
IBM WebSEAL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2023-38371)
CVE-2023-38371
CWE-327
High
Rails mass assignment
-
CWE-915
High
Parallels Plesk SQL injection vulnerability
CVE-2012-1557
CWE-89
High
PHP-CGI remote code execution
CVE-2012-2311
CWE-20
High
Oracle Reports rwservlet vulnerabilities
CVE-2012-3153
CWE-20
High
Oracle JavaServer Faces multiple vulnerabilities
CVE-2013-3827
CWE-22
High
Microsoft SQL Server CVE-2023-38169 Vulnerability (CVE-2023-38169)
CVE-2023-38169
-
High
CubeCart Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-38130)
CVE-2023-38130
CWE-352
High
OpenX xajaxargs SQL injection vulnerability
-
CWE-89
High
Nagios core config manager SQL injection vulnerability
CVE-2013-6875
CWE-89
High
MovableType remote code execution
CVE-2015-1592
CWE-94
High
Moveable Type 4.x unauthenticated remote command execution
CVE-2013-0209
CWE-287
High
MongoDB injection
-
CWE-943
High
Misfortune Cookie vulnerability
CVE-2014-9222
CWE-119
High
Joomla! component Kunena Forum multiple vulnerabilities
CVE-2014-9103
CWE-89
High
phpList Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-3953)
CVE-2012-3953
CWE-138
High
XWiki Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-37913)
CVE-2023-37913
CWE-22
High
Chamilo Improper Input Validation Vulnerability (CVE-2012-4030)
CVE-2012-4030
CWE-20
High
XWiki Missing Authorization Vulnerability (CVE-2023-37910)
CVE-2023-37910
CWE-862
High
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-37909)
CVE-2023-37909
CWE-94
High
MediaWiki chunked uploads security issue
CVE-2013-2114
CWE-434
High
XWiki Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') Vulnerability (CVE-2023-37462)
CVE-2023-37462
CWE-707
High
MantisBT multiple security issues
CVE-2015-1042
CWE-200
High
Magento remote code execution
CVE-2015-1399
CWE-94
High
Security vulnerability in MySQL/MariaDB sql/password.c
CVE-2012-2122
CWE-287
High
MediaWiki Improper Access Control Vulnerability (CVE-2012-4380)
CVE-2012-4380
CWE-284
High
MediaWiki Use of Hard-coded Credentials Vulnerability (CVE-2012-4381)
CVE-2012-4381
CWE-798
High
HTTP.sys remote code execution vulnerability
CVE-2015-1635
CWE-119
High
Joomla! SQL injection vulnerability
CVE-2015-7858
CWE-89
High
XWiki CVE-2023-40573 Vulnerability (CVE-2023-40573)
CVE-2023-40573
-
High
Resin Application Server Other Vulnerability (CVE-2012-2967)
CVE-2012-2967
-
High
Kentico CMS Deserialization RCE
CVE-2019-10068
CWE-502
High
Confluence Widget Connector SSTI
CVE-2019-3396
CWE-22
High
Apache REST RCE CVE-2018-11770
CVE-2018-11770
CWE-94
High
OpenSSL Out-of-bounds Read Vulnerability (CVE-2026-9076)
CVE-2026-9076
CWE-125
High
SAP Hybris Deserialization RCE
CVE-2019-0344
CWE-502
High
Pulse Secure SSL VPN Arbitrary File reading (CVE-2019-11510)
CVE-2019-11510
CWE-22
High
PHP Address Book Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-1911)
CVE-2012-1911
CWE-138
High
Oracle Business Intelligence ReportTemplateService XXE (CVE-2021-2400)
CVE-2021-2400
CWE-611
High
Oracle Business Intelligence ReportTemplateService XXE CVE-2019-2616
CVE-2019-2616
CWE-611
High
Oracle Business Intelligence Convert XXE CVE-2019-2767
CVE-2019-2767
CWE-611
High
Oracle Business Intelligence AuthBypass CVE-2019-2768
CVE-2019-2768
CWE-200
High
OpenSSL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2012-2110)
CVE-2012-2110
CWE-119
High
«
1
...
70
71
72
...
200
»