🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Invicti vs. Competitors
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
MSSP
Documentation
Vulnerability Database
Get a demo
Home
/
Web Application Vulnerabilities
/ Known Vulnerabilities
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
Known Vulnerabilities
This page lists
14981 vulnerabilities
in this category.
Critical: 1612
High: 4015
Medium: 8569
Low: 783
Information: 2
Vulnerability Name
CVE
CWE
Severity
Jenkins Incorrect Authorization Vulnerability (CVE-2021-21609)
CVE-2021-21609
CWE-863
Medium
Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-21608)
CVE-2021-21608
CWE-707
Medium
Jenkins Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2021-21607)
CVE-2021-21607
CWE-770
Medium
Jenkins Improper Input Validation Vulnerability (CVE-2021-21606)
CVE-2021-21606
CWE-20
Medium
Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-21603)
CVE-2021-21603
CWE-707
Medium
Django Relative Path Traversal Vulnerability (CVE-2025-59682)
CVE-2025-59682
CWE-23
Medium
Jenkins Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2021-21602)
CVE-2021-21602
CWE-59
Medium
PrestaShop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-21398)
CVE-2021-21398
CWE-707
Medium
MongoDb Reachable Assertion Vulnerability (CVE-2026-9749)
CVE-2026-9749
CWE-617
Medium
XWiki Improper Preservation of Permissions Vulnerability (CVE-2021-21379)
CVE-2021-21379
CWE-281
Medium
Chamilo Missing Authorization Vulnerability (CVE-2025-59544)
CVE-2025-59544
CWE-862
Medium
TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-21370)
CVE-2021-21370
CWE-707
Medium
TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-21365)
CVE-2021-21365
CWE-707
Medium
Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8450)
CVE-2019-8450
CWE-707
Medium
Apache HTTP Server Improper Privilege Management Vulnerability (CVE-2026-44119)
CVE-2026-44119
CWE-269
Medium
SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-1320)
CVE-2020-1320
CWE-707
Medium
Contao Improper Privilege Management Vulnerability (CVE-2025-57759)
CVE-2025-57759
CWE-269
Medium
Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-19212)
CVE-2020-19212
CWE-138
Medium
ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-22889)
CVE-2021-22889
CWE-707
Medium
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2026-42766)
CVE-2026-42766
CWE-476
Medium
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2026-42767)
CVE-2026-42767
CWE-476
Medium
axios Improper Authentication Vulnerability (CVE-2026-42041)
CVE-2026-42041
CWE-287
Medium
ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-22888)
CVE-2021-22888
CWE-707
Medium
PHP-Fusion Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-17449)
CVE-2020-17449
CWE-707
Medium
Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8279)
CVE-2019-8279
CWE-707
Medium
qdPM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-19515)
CVE-2020-19515
CWE-707
Medium
Hiawatha CVE-2025-57783 Vulnerability (CVE-2025-57783)
CVE-2025-57783
-
Medium
Bootstrap Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8331)
CVE-2019-8331
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-19626)
CVE-2020-19626
CWE-707
Medium
qdPM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8390)
CVE-2019-8390
CWE-707
Medium
SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-17373)
CVE-2020-17373
CWE-138
Medium
qdPM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8391)
CVE-2019-8391
CWE-707
Medium
axios Permissive List of Allowed Inputs Vulnerability (CVE-2026-42042)
CVE-2026-42042
CWE-183
Medium
Contao Improper Access Control Vulnerability (CVE-2025-57758)
CVE-2025-57758
CWE-284
Medium
Ruby on Rails URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-22881)
CVE-2021-22881
CWE-601
Medium
Next.js Use of Cache Containing Sensitive Information Vulnerability (CVE-2025-57752)
CVE-2025-57752
CWE-524
Medium
qdPM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-18468)
CVE-2020-18468
CWE-707
Medium
Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-18469)
CVE-2020-18469
CWE-707
Medium
Rukovoditel Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-18470)
CVE-2020-18470
CWE-707
Medium
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-18670)
CVE-2020-18670
CWE-707
Medium
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-18671)
CVE-2020-18671
CWE-707
Medium
Ruby on Rails URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-22903)
CVE-2021-22903
CWE-601
Medium
MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-19048)
CVE-2020-19048
CWE-707
Medium
Magento Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-8235)
CVE-2019-8235
CWE-639
Medium
Contao Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-57756)
CVE-2025-57756
CWE-200
Medium
MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-19049)
CVE-2020-19049
CWE-707
Medium
Magento Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2019-8232)
CVE-2019-8232
CWE-362
Medium
TinyMCE Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-17480)
CVE-2020-17480
CWE-707
Medium
PHP-Fusion Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-17450)
CVE-2020-17450
CWE-707
Medium
Contao Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-57757)
CVE-2025-57757
CWE-200
Medium
Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8233)
CVE-2019-8233
CWE-707
Medium
OpenSSL Improper Certificate Validation Vulnerability (CVE-2026-42769)
CVE-2026-42769
CWE-295
Medium
ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-22875)
CVE-2021-22875
CWE-707
Medium
TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-59019)
CVE-2025-59019
CWE-200
Medium
SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-1106)
CVE-2020-1106
CWE-707
Medium
PHP Out-of-bounds Write Vulnerability (CVE-2021-21704)
CVE-2021-21704
CWE-787
Medium
TYPO3 Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2025-59016)
CVE-2025-59016
CWE-209
Medium
axios Improper Neutralization of CRLF Sequences ('CRLF Injection') Vulnerability (CVE-2026-42037)
CVE-2026-42037
CWE-707
Medium
axios Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-42036)
CVE-2026-42036
CWE-770
Medium
SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-1104)
CVE-2020-1104
CWE-707
Medium
Atlassian Jira Incorrect Authorization Vulnerability (CVE-2019-8446)
CVE-2019-8446
CWE-863
Medium
SharePoint CVE-2020-17120 Vulnerability (CVE-2020-17120)
CVE-2020-17120
-
Medium
TYPO3 Insufficient Entropy Vulnerability (CVE-2025-59015)
CVE-2025-59015
CWE-331
Medium
SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-1107)
CVE-2020-1107
CWE-707
Medium
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-8447)
CVE-2019-8447
CWE-352
Medium
TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-59018)
CVE-2025-59018
CWE-200
Medium
Atlassian Jira CVE-2019-8448 Vulnerability (CVE-2019-8448)
CVE-2019-8448
-
Medium
Apache HTTP Server Out-of-bounds Read Vulnerability (CVE-2026-43951)
CVE-2026-43951
CWE-125
Medium
Atlassian Jira Missing Authentication for Critical Function Vulnerability (CVE-2019-8449)
CVE-2019-8449
CWE-306
Medium
SharePoint CVE-2020-17115 Vulnerability (CVE-2020-17115)
CVE-2020-17115
-
Medium
PHP Improper Input Validation Vulnerability (CVE-2021-21705)
CVE-2021-21705
CWE-20
Medium
PHP Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-21706)
CVE-2021-21706
CWE-22
Medium
ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-22874)
CVE-2021-22874
CWE-707
Medium
MySQL NULL Pointer Dereference Vulnerability (CVE-2021-22570)
CVE-2021-22570
CWE-476
Medium
SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-1099)
CVE-2020-1099
CWE-707
Medium
«
1
...
79
80
81
...
200
»