🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Invicti vs. Competitors
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
MSSP
Documentation
Vulnerability Database
Get a demo
Home
/
Web Application Vulnerabilities
/ Known Vulnerabilities
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
Known Vulnerabilities
This page lists
14981 vulnerabilities
in this category.
Critical: 1612
High: 4015
Medium: 8569
Low: 783
Information: 2
Vulnerability Name
CVE
CWE
Severity
Directory Traversal (lib/translation.functions.php) (CMS Made Simple) v1.6.x
CVE-2010-2797
CWE-22
High
Python Untrusted Search Path Vulnerability (CVE-2023-41105)
CVE-2023-41105
CWE-426
High
Serendipity Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-2762)
CVE-2012-2762
CWE-138
High
Web Server Cache Poisoning (CMS Made Simple) v2.x
CVE-2016-2784
CWE-20
High
SQL Injection (stylesheet.php) (CMS Made Simple)
CVE-2007-2473
CWE-89
High
Remote File Inclusion (admin/lang.php) (CMS Made Simple)
CVE-2005-2846
-
High
Nginx PHP code execution via FastCGI
-
CWE-94
High
OpenX arbitrary file upload
CVE-2009-4140
CWE-434
High
VMware directory traversal and privilege escalation vulnerabilities
CVE-2009-3733
CWE-22
High
Zope Web Application Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2023-41050)
CVE-2023-41050
CWE-200
High
phpThumb() fltr[] parameter command injection vulnerability
CVE-2010-1598
CWE-20
High
Resin Application Server Improper Input Validation Vulnerability (CVE-2012-2965)
CVE-2012-2965
CWE-20
High
Resin Application Server Other Vulnerability (CVE-2012-2966)
CVE-2012-2966
-
High
SharePoint Out-of-bounds Write Vulnerability (CVE-2012-2539)
CVE-2012-2539
CWE-787
High
ColdFusion AMF Deserialization RCE
CVE-2017-3066
CWE-502
High
Ektron CMS authentication bypass
CVE-2018-12596
CWE-285
High
Jenkins Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-43497)
CVE-2023-43497
CWE-434
High
Apache CouchDB JSON Remote Privilege Escalation Vulnerability
CVE-2017-12635
CWE-285
High
Adobe Experience Manager Misconfiguration
CVE-2016-0957
CWE-1188
High
Serendipity Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-2332)
CVE-2012-2332
CWE-138
High
Oracle Weblogic WLS-WSAT Component Deserialization RCE
CVE-2017-10271
CWE-94
High
IBM WebSphere RCE Java Deserialization Vulnerability
CVE-2015-7450
CWE-502
High
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2335)
CVE-2012-2335
CWE-264
High
IBMHttpServer Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-9170)
CVE-2026-9170
CWE-94
High
Telerik.Web.UI.dll Cryptographic Weakness
CVE-2017-9248
CWE-338
High
Django Improper Validation of Specified Quantity in Input Vulnerability (CVE-2023-43665)
CVE-2023-43665
CWE-1284
High
Apache Struts Remote Code Execution (S2-057)
CVE-2018-11776
CWE-917
High
Apache HTTP Server Uncontrolled Resource Consumption Vulnerability (CVE-2023-43622)
CVE-2023-43622
CWE-400
High
Data Binding Expression Vulnerability in Spring Web Flow
CVE-2017-4971
CWE-78
High
Spring Security Authentication Bypass
CVE-2016-5007
CWE-287
High
Jenkins CVE-2023-43498 Vulnerability (CVE-2023-43498)
CVE-2023-43498
-
High
Jenkins Incorrect Default Permissions Vulnerability (CVE-2023-43496)
CVE-2023-43496
CWE-276
High
ColdFusion Arbitrary File Upload
CVE-2018-15961
CWE-434
High
JavaMelody XML External Entity (XXE) vulnerability
CVE-2018-15531
CWE-611
High
ColdFusion JNDI injection RCE
CVE-2018-15957
CWE-502
High
Artifactory Improper Handling of Exceptional Conditions Vulnerability (CVE-2023-42509)
CVE-2023-42509
CWE-755
High
Drupal Remote Code Execution (SA-CORE-2018-002)
CVE-2018-7600
CWE-94
High
Drupal Remote Code Execution (SA-CORE-2018-004)
CVE-2018-7602
CWE-94
High
JBoss InvokerTransformer Remote Code Execution
CVE-2015-7501
CWE-502
High
Jboss Application Server HTTPServerILServlet.java remote code execution
CVE-2017-7504
CWE-502
High
Deserialization of Untrusted Data (Java JSON Deserialization) Jackson
CVE-2017-7525
CWE-502
High
Spring Data REST RCE via PATCH requests
CVE-2017-8046
CWE-94
High
PHP Numeric Errors Vulnerability (CVE-2012-2386)
CVE-2012-2386
-
High
Paperclip gem SSRF (Server side request forgery)
CVE-2017-0889
CWE-918
High
Artifactory CVE-2023-42661 Vulnerability (CVE-2023-42661)
CVE-2023-42661
-
High
Rails Asset Pipeline Directory Traversal Vulnerability
CVE-2018-3760
CWE-22
High
Arbitrary EL Evaluation in RichFaces
CVE-2015-0279
CWE-917
High
Remote Code Execution (RCE) in Spring Security OAuth
CVE-2016-4977
CWE-94
High
Adobe Experience Manager Expression Language injection via cloudsettings
CVE-2025-54246
CWE-94
High
PHP Out-of-bounds Read Vulnerability (CVE-2026-7568)
CVE-2026-7568
CWE-125
High
axios Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-44488)
CVE-2026-44488
CWE-770
High
Zope Web Application Server Other Vulnerability (CVE-2000-0725)
CVE-2000-0725
-
High
OpenSSL Session Fixation Vulnerability (CVE-1999-0428)
CVE-1999-0428
CWE-384
High
Vanilla Forums Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3613)
CVE-2011-3613
CWE-200
High
Opencart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-21514)
CVE-2024-21514
CWE-138
High
Atlassian Confluence Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-21674)
CVE-2024-21674
CWE-94
High
Apache HTTP Server Buffer Over-read Vulnerability (CVE-2026-44185)
CVE-2026-44185
CWE-126
High
Zope Web Application Server Other Vulnerability (CVE-2000-0483)
CVE-2000-0483
-
High
Internet Information Services Other Vulnerability (CVE-1999-0449)
CVE-1999-0449
-
High
Apache HTTP Server Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2026-44186)
CVE-2026-44186
CWE-835
High
IBMHttpServer Other Vulnerability (CVE-2000-1168)
CVE-2000-1168
-
High
Oracle Database Server CVE-2024-21184 Vulnerability (CVE-2024-21184)
CVE-2024-21184
-
High
axios Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2026-44486)
CVE-2026-44486
CWE-200
High
Apache Tomcat CVE-2024-24549 Vulnerability (CVE-2024-24549)
CVE-2024-24549
-
High
Jenkins Origin Validation Error Vulnerability (CVE-2024-23898)
CVE-2024-23898
CWE-346
High
axios Insertion of Sensitive Information Into Sent Data Vulnerability (CVE-2026-44487)
CVE-2026-44487
CWE-201
High
Oracle Database Server CVE-2011-2239 Vulnerability (CVE-2011-2239)
CVE-2011-2239
-
High
Apache HTTP Server Use After Free Vulnerability (CVE-2026-48913)
CVE-2026-48913
CWE-416
High
OpenSSL Missing Cryptographic Step Vulnerability (CVE-2026-45445)
CVE-2026-45445
CWE-325
High
Oracle Application Server Other Vulnerability (CVE-2001-0419)
CVE-2001-0419
-
High
Atlassian Confluence Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-21690)
CVE-2024-21690
CWE-707
High
Django CVE-2024-24680 Vulnerability (CVE-2024-24680)
CVE-2024-24680
-
High
Angular Inefficient Regular Expression Complexity Vulnerability (CVE-2024-21490)
CVE-2024-21490
CWE-1333
High
Atlassian Confluence Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-21677)
CVE-2024-21677
CWE-22
High
Apache HTTP Server Uncontrolled Resource Consumption Vulnerability (CVE-2011-3192)
CVE-2011-3192
CWE-400
High
«
1
...
72
73
74
...
200
»