Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Known Vulnerabilities

This page lists 14673 vulnerabilities in this category.

Critical: 1573 High: 3882 Medium: 8446 Low: 770 Information: 2
Vulnerability Name
CVE
CWE
Severity
Multiple XSS vulnerabilities in Google Web Toolkit
CVE-2013-4204
CWE-80
High
AjaxPro.NET Professional Deserialization RCE (CVE-2021-23758)
CVE-2021-23758
CWE-502
High
PHP Other Vulnerability (CVE-2007-0905)
CVE-2007-0905
-
High
Zimbra Collaboration Suite SSRF (CVE-2020-7796)
CVE-2020-7796
CWE-918
High
phpMyAdmin Other Vulnerability (CVE-2006-1804)
CVE-2006-1804
-
High
Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2006-4785)
CVE-2006-4785
CWE-138
High
GlassFish CVE-2011-3559 Vulnerability (CVE-2011-3559)
CVE-2011-3559
-
High
DotNetNuke multiple vulnerabilities
CVE-2012-1030
CWE-79
High
Apache Tomcat Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-3190)
CVE-2011-3190
CWE-264
High
Apache HTTP Server Uncontrolled Resource Consumption Vulnerability (CVE-2011-3192)
CVE-2011-3192
CWE-400
High
PHP Other Vulnerability (CVE-2006-4481)
CVE-2006-4481
-
High
ManageEngine Desktop Central Deserialization RCE (CVE-2020-10189)
CVE-2020-10189
CWE-502
High
Apache OFBiz SOAPService Deserialization RCE
CVE-2021-26295
CWE-502
High
EktronCMS Saxon XSLT parser remote code execution
CVE-2015-0931
CWE-78
High
Authentication bypass via MongoDB operator injection
-
CWE-943
High
Moveable Type 4.x unauthenticated remote command execution
CVE-2013-0209
CWE-287
High
Jenkins Git Plugin missing permission check (CVE-2022-36883)
CVE-2022-36883
CWE-862
High
DotCMS unrestricted file upload (CVE-2022-26352)
CVE-2022-26352
CWE-434
High
Unauthenticated remote code execution vulnerability in Confluence Server and Data Center
CVE-2022-26134
CWE-917
High
Apache HTTP Server CVE-2013-2249 Vulnerability (CVE-2013-2249)
CVE-2013-2249
-
High
FCKeditor spellchecker.php cross site scripting vulnerability
CVE-2012-4000
CWE-79
High
The GHOST Vulnerability
CVE-2015-0235
CWE-119
High
Cross-site scripting vulnerability in Google Web Toolkit
CVE-2012-4563
CWE-80
High
Bonita Authorization Bypass (CVE-2022-25237)
CVE-2022-25237
CWE-863
High
Microsoft Exchange Server Server-Side Request Forgery (SSRF) vulnerability
CVE-2021-26855
CWE-918
High
Vulnerable package dependencies [high]
-
CWE-1104
High
ManageEngine ADSelfService Plus Authentication Bypass (CVE-2021-40539)
CVE-2021-40539
CWE-287
High
Joomla! core remote file inclusion
CVE-2014-7228.xml
CWE-98
High
ImageMagick remote code execution
CVE-2016-3714
CWE-78
High
F5 iControl REST unauthenticated remote command execution vulnerability
CVE-2021-22986
CWE-78
High
HTTP.sys remote code execution vulnerability
CVE-2015-1635
CWE-119
High
ForgeRock AM / OpenAM Deserialization RCE (CVE-2021-35464)
CVE-2021-35464
CWE-502
High
ForgeRock OpenAM Deserialization RCE (CVE-2021-29156)
CVE-2021-29156
CWE-502
High
Joomla! SQL injection vulnerability
CVE-2015-7858
CWE-89
High
Joomla! component Kunena Forum multiple vulnerabilities
CVE-2014-9103
CWE-89
High
Joomla! remote code execution vulnerability
CVE-2015-8562
CWE-94
High
Grandnode Path Traversal (CVE-2019-12276)
CVE-2019-12276
CWE-22
High
BuddyPress REST API Privilege Escalation
CVE-2021-21389
CWE-269
High
Claroline Other Vulnerability (CVE-2006-1596)
CVE-2006-1596
-
High
JBoss Seam framework remote code execution
CVE-2010-1871
CWE-94
High
JetLeak vulnerability
CVE-2015-2080
CWE-200
High
GitLab ExifTool RCE (CVE-2021-22205)
CVE-2021-22205
CWE-918
High
JBoss Seam remoting vulnerabilities
CVE-2013-6448
CWE-611
High
Grafana Plugin Dir Traversal (CVE-2021-43798)
CVE-2021-43798
CWE-200
High
PHP Uncontrolled Resource Consumption Vulnerability (CVE-2011-3336)
CVE-2011-3336
CWE-400
High
WordPress Credentials Management Errors Vulnerability (CVE-2009-2762)
CVE-2009-2762
-
High
Apache HTTP Server Improper Locking Vulnerability (CVE-2009-2699)
CVE-2009-2699
CWE-667
High
WordPress Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-4625)
CVE-2008-4625
CWE-138
High
Oracle Database Server CVE-2009-1019 Vulnerability (CVE-2009-1019)
CVE-2009-1019
-
High
Apache HTTP Server mod_proxy SSRF (CVE-2021-40438)
CVE-2021-40438
CWE-918
High
MantisBT multiple security issues
CVE-2015-1042
CWE-200
High
Lucee Server Arbitrary File Creation
CVE-2021-21307
CWE-22
High
Apache Airflow Experimental API Auth Bypass CVE-2020-13927
CVE-2020-13927
CWE-200
High
Apache Flink jobmanager/logs Path Traversal
CVE-2020-17519
CWE-22
High
Magento remote code execution
CVE-2015-1399
CWE-94
High
PostgreSQL Other Vulnerability (CVE-2007-0555)
CVE-2007-0555
-
High
Security vulnerability in MySQL/MariaDB sql/password.c
CVE-2012-2122
CWE-287
High
Apache HTTP Server Insecure Path Normalization (CVE-2021-41773, CVE-2021-42013)
CVE-2021-41773
CWE-22
High
PmWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-4453)
CVE-2011-4453
CWE-94
High
IBM Web Content Manager XPath injection
CVE-2013-6735
CWE-643
High
Oracle Sun GlassFish/Java System Application Server Remote Authentication Bypass Vulnerability
CVE-2011-0807
CWE-287
High
Zenphoto Other Vulnerability (CVE-2007-0616)
CVE-2007-0616
-
High
Apache Shiro authentication bypass
CVE-2020-17523
CWE-287
High
Oracle Application Server CVE-2009-0993 Vulnerability (CVE-2009-0993)
CVE-2009-0993
-
High
SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-2978)
CVE-2009-2978
CWE-138
High
The Heartbleed Bug
CVE-2014-0160
CWE-200
High
Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-2933)
CVE-2009-2933
CWE-138
High
Claroline Other Vulnerability (CVE-2006-1594)
CVE-2006-1594
-
High
e107 Other Vulnerability (CVE-2006-4548)
CVE-2006-4548
-
High
Opencart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2009-1027)
CVE-2009-1027
CWE-138
High
VMware vCenter Server Unauthorized Remote Code Execution
CVE-2021-21972
CWE-78
High
PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2007-0906)
CVE-2007-0906
CWE-119
High
CakePHP 1.3.5 / 1.2.8 unserialize() vulnerability
CVE-2010-4335
CWE-20
High
PHP Other Vulnerability (CVE-2007-0911)
CVE-2007-0911
-
High
Grav CMS Unauthenticated RCE (CVE-2021-21425)
CVE-2021-21425
CWE-284
High