🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Invicti vs. Competitors
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
MSSP
Documentation
Vulnerability Database
Get a demo
Home
/
Web Application Vulnerabilities
/ Known Vulnerabilities
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
Known Vulnerabilities
This page lists
14981 vulnerabilities
in this category.
Critical: 1612
High: 4015
Medium: 8569
Low: 783
Information: 2
Vulnerability Name
CVE
CWE
Severity
Oracle Business Intelligence Adfresource Path traversal CVE-2019-2588
CVE-2019-2588
CWE-200
High
Jira SSTI CVE-2019-11581
CVE-2019-11581
CWE-22
High
Fortigate SSL VPN Arbitrary File reading (CVE-2018-13379)
CVE-2018-13379
CWE-22
High
OpenSSL Numeric Errors Vulnerability (CVE-2012-2131)
CVE-2012-2131
-
High
ColdFusion FlashGateway Deserialization RCE CVE-2019-7091
CVE-2019-7091
CWE-502
High
Oracle Weblogic T3 XXE (CVE-2019-2888)
CVE-2019-2888
CWE-611
High
Jira Unauthorized SSRF via REST API
CVE-2019-8451
CWE-918
High
WordPress Plugin WPML Unauthenticated Stored XSS
CVE-2018-18069
CWE-80
High
Oracle WebLogic Remote Code Execution via T3
CVE-2018-3245
CWE-502
High
Piwigo Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2012-2208)
CVE-2012-2208
CWE-22
High
Oracle WebLogic Authentication Bypass
CVE-2018-2894
CWE-287
High
RCE with Spring Data Commons
CVE-2018-1273
CWE-94
High
PHPUnit Remote Code Execution
CVE-2017-9841
CWE-94
High
LimeSurvey Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-56421)
CVE-2025-56421
CWE-138
High
Node.js path validation vulnerability
CVE-2017-14849
CWE-22
High
PHP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-2311)
CVE-2012-2311
CWE-138
High
JBoss Application Server Improper Privilege Management Vulnerability (CVE-2012-2312)
CVE-2012-2312
CWE-269
High
MyBB Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-2324)
CVE-2012-2324
CWE-138
High
ACME mini_httpd arbitrary file read
CVE-2018-18778
CWE-23
High
MyBB Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-2325)
CVE-2012-2325
CWE-138
High
Oracle Weblogic T3 XXE (CVE-2019-2647)
CVE-2019-2647
CWE-611
High
PleskLin Exposure of Resource to Wrong Sphere Vulnerability (CVE-2023-43784)
CVE-2023-43784
CWE-668
High
jQuery File Upload unauthenticated arbitrary file upload
CVE-2018-9206
CWE-434
High
Oracle Database Server Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1675)
CVE-2012-1675
CWE-264
High
DNN (DotNetNuke) CMS Cookie Deserialization RCE CVE-2017-9822
CVE-2017-9822
CWE-502
High
MediaWiki Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-45371)
CVE-2023-45371
CWE-770
High
Cisco Adaptive Security Appliance (ASA) Path Traversal CVE-2020-3452
CVE-2020-3452
CWE-20
High
Webmin v1.920 Unauhenticated Remote Command Execution
CVE-2019-15107
CWE-94
High
MediaWiki Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2023-45363)
CVE-2023-45363
CWE-835
High
Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1598)
CVE-2012-1598
CWE-264
High
File Content Disclosure in Action View
CVE-2019-5418
CWE-200
High
XWiki Improper Encoding or Escaping of Output Vulnerability (CVE-2023-45135)
CVE-2023-45135
CWE-116
High
Nagios XI Unauthenticated SQLi CVE-2018-8734
CVE-2018-8734
CWE-89
High
Nagios XI Magpie_debug.php Unauthenticated RCE
CVE-2018-15708
CWE-94
High
Jetty Uncontrolled Resource Consumption Vulnerability (CVE-2023-44487)
CVE-2023-44487
CWE-400
High
Kong Server Uncontrolled Resource Consumption Vulnerability (CVE-2023-44487)
CVE-2023-44487
CWE-400
High
Jenkins CVE-2023-44487 Vulnerability (CVE-2023-44487)
CVE-2023-44487
-
High
PostgreSQL Other Vulnerability (CVE-2012-1618)
CVE-2012-1618
-
High
Envoy Proxy Uncontrolled Resource Consumption Vulnerability (CVE-2023-44487)
CVE-2023-44487
CWE-400
High
PleskWin Exposure of Resource to Wrong Sphere Vulnerability (CVE-2023-43784)
CVE-2023-43784
CWE-668
High
Caddy Web Server Uncontrolled Resource Consumption Vulnerability (CVE-2023-44487)
CVE-2023-44487
CWE-400
High
Apache Traffic Server CVE-2023-44487 Vulnerability (CVE-2023-44487)
CVE-2023-44487
-
High
Magento (2.2.0 to 2.3.0) Unauthenticated SQL Injection Vulnerability
CVE-2019-7139
CWE-89
High
Horde Imp Unauthenticated Remote Command Execution
CVE-2018-19518
CWE-94
High
Nginx Uncontrolled Resource Consumption Vulnerability (CVE-2023-44487)
CVE-2023-44487
CWE-400
High
Open Resty Uncontrolled Resource Consumption Vulnerability (CVE-2023-44487)
CVE-2023-44487
CWE-400
High
Jboss EAP Uncontrolled Resource Consumption Vulnerability (CVE-2023-44487)
CVE-2023-44487
CWE-400
High
Apache Tomcat CVE-2023-44487 Vulnerability (CVE-2023-44487)
CVE-2023-44487
-
High
Drupal REST Remote Code Execution
CVE-2019-6340
CWE-78
High
Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability
CVE-2018-15440
CWE-80
High
Remote code execution in bootstrap-sass 3.2.0.3
CVE-2019-10842
CWE-95
High
Atlassian Crowd Remote Code Execution
CVE-2019-11580
CWE-78
High
Apache Solr Deserialization of untrusted data via jmx.serviceUrl
CVE-2019-0192
-
High
Oracle Weblogic Async Component Deserialization RCE CVE-2019-2725
CVE-2019-2725
CWE-94
High
Laravel log viewer local file download (LFD)
CVE-2018-8947
CWE-22
High
GoAhead web server remote code execution
CVE-2017-17562
CWE-94
High
Uploadify arbitrary file upload
-
CWE-434
High
Directory Traversal (lib/translation.functions.php) (CMS Made Simple) v1.8.x
CVE-2010-2797
CWE-22
High
Atlassian OAuth Plugin IconUriServlet SSRF
CVE-2017-9506
CWE-918
High
Apache Tomcat Information Disclosure CVE-2017-7674
CVE-2017-12616
CWE-200
High
Apache Shiro Deserialization RCE
CVE-2016-4437
CWE-78
High
Joomla! Core Security Bypass
CVE-2017-11364
-
High
Atlassian Confluence information disclosure
CVE-2017-7415
-
High
MongoDb Uncontrolled Recursion Vulnerability (CVE-2026-9740)
CVE-2026-9740
CWE-674
High
Apache Struts2 Remote Command Execution (S2-052)
CVE-2017-9805
CWE-94
High
Apache Struts2 Remote Command Execution (S2-048)
CVE-2017-9791
CWE-94
High
Ruby on Rails Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-2695)
CVE-2012-2695
CWE-138
High
GeoServer Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-41877)
CVE-2023-41877
CWE-22
High
Apache Traffic Server CVE-2023-41752 Vulnerability (CVE-2023-41752)
CVE-2023-41752
-
High
phpList Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-2740)
CVE-2012-2740
CWE-138
High
Microsoft IIS 6.0 WebDAV Buffer Overflow
CVE-2017-7269
CWE-287
High
Joomla CVE-2012-2747 Vulnerability (CVE-2012-2747)
CVE-2012-2747
-
High
MyBB Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-41362)
CVE-2023-41362
CWE-94
High
Cisco Adaptive Security Appliance (ASA) Path Traversal (CVE-2018-0296)
CVE-2018-0296
CWE-22
High
Django Improper Validation of Specified Quantity in Input Vulnerability (CVE-2023-41164)
CVE-2023-41164
CWE-1284
High
«
1
...
71
72
73
...
200
»