🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Invicti vs. Competitors
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
MSSP
Documentation
Vulnerability Database
Get a demo
Home
/
Web Application Vulnerabilities
/ Known Vulnerabilities
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
Known Vulnerabilities
This page lists
14981 vulnerabilities
in this category.
Critical: 1612
High: 4015
Medium: 8569
Low: 783
Information: 2
Vulnerability Name
CVE
CWE
Severity
MediaWiki Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2025-61646)
CVE-2025-61646
CWE-22
Medium
IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-20520)
CVE-2021-20520
CWE-707
Medium
IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-20519)
CVE-2021-20519
CWE-707
Medium
IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-20518)
CVE-2021-20518
CWE-707
Medium
Next.js Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-44581)
CVE-2026-44581
CWE-707
Medium
IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-20507)
CVE-2021-20507
CWE-707
Medium
IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-20504)
CVE-2021-20504
CWE-707
Medium
Python Improper Neutralization of CRLF Sequences ('CRLF Injection') Vulnerability (CVE-2019-9740)
CVE-2019-9740
CWE-707
Medium
IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-20503)
CVE-2021-20503
CWE-707
Medium
osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-16193)
CVE-2020-16193
CWE-707
Medium
Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-9714)
CVE-2019-9714
CWE-707
Medium
WebLogic Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-61764)
CVE-2025-61764
CWE-200
Medium
LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-16192)
CVE-2020-16192
CWE-707
Medium
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-16145)
CVE-2020-16145
CWE-707
Medium
Apache Tomcat Improper Resource Shutdown or Release Vulnerability (CVE-2025-61795)
CVE-2025-61795
CWE-404
Medium
TCExam Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-5748)
CVE-2020-5748
CWE-707
Medium
Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-22148)
CVE-2020-22148
CWE-707
Medium
OpenSSL Missing Cryptographic Step Vulnerability (CVE-2025-69418)
CVE-2025-69418
CWE-325
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-33051)
CVE-2026-33051
CWE-707
Medium
MySQL CVE-2020-2930 Vulnerability (CVE-2020-2930)
CVE-2020-2930
-
Medium
MySQL CVE-2020-14575 Vulnerability (CVE-2020-14575)
CVE-2020-14575
-
Medium
MySQL CVE-2020-2928 Vulnerability (CVE-2020-2928)
CVE-2020-2928
-
Medium
MySQL CVE-2020-2926 Vulnerability (CVE-2020-2926)
CVE-2020-2926
-
Medium
Next.js Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2026-27978)
CVE-2026-27978
CWE-352
Medium
MySQL CVE-2020-2925 Vulnerability (CVE-2020-2925)
CVE-2020-2925
-
Medium
MySQL CVE-2020-14576 Vulnerability (CVE-2020-14576)
CVE-2020-14576
-
Medium
MySQL CVE-2020-2924 Vulnerability (CVE-2020-2924)
CVE-2020-2924
-
Medium
WebLogic CVE-2020-2934 Vulnerability (CVE-2020-2934)
CVE-2020-2934
-
Medium
MySQL CVE-2020-2923 Vulnerability (CVE-2020-2923)
CVE-2020-2923
-
Medium
MySQL CVE-2020-2921 Vulnerability (CVE-2020-2921)
CVE-2020-2921
-
Medium
MySQL CVE-2020-14586 Vulnerability (CVE-2020-14586)
CVE-2020-14586
-
Medium
MySQL CVE-2020-2904 Vulnerability (CVE-2020-2904)
CVE-2020-2904
-
Medium
MongoDb Use of Uninitialized Resource Vulnerability (CVE-2026-4147)
CVE-2026-4147
CWE-908
Medium
MySQL CVE-2020-2903 Vulnerability (CVE-2020-2903)
CVE-2020-2903
-
Medium
MySQL CVE-2020-2901 Vulnerability (CVE-2020-2901)
CVE-2020-2901
-
Medium
Next.js Missing Origin Validation in WebSockets Vulnerability (CVE-2026-27977)
CVE-2026-27977
-
Medium
Angular Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-27970)
CVE-2026-27970
CWE-707
Medium
MySQL CVE-2020-14591 Vulnerability (CVE-2020-14591)
CVE-2020-14591
-
Medium
MySQL CVE-2020-14550 Vulnerability (CVE-2020-14550)
CVE-2020-14550
-
Medium
Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-48903)
CVE-2026-48903
CWE-707
Medium
Chamilo Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2026-33141)
CVE-2026-33141
CWE-639
Medium
Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-48905)
CVE-2026-48905
CWE-707
Medium
Grafana Out-of-bounds Write Vulnerability (CVE-2026-27879)
CVE-2026-27879
CWE-787
Medium
SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-33113)
CVE-2026-33113
CWE-707
Medium
markdown-it Uncontrolled Resource Consumption Vulnerability (CVE-2026-48988)
CVE-2026-48988
CWE-400
Medium
MySQL CVE-2020-14547 Vulnerability (CVE-2020-14547)
CVE-2020-14547
-
Medium
MySQL CVE-2020-14553 Vulnerability (CVE-2020-14553)
CVE-2020-14553
-
Medium
WebLogic Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-14572)
CVE-2020-14572
CWE-707
Medium
Oracle JRE CVE-2020-14556 Vulnerability (CVE-2020-14556)
CVE-2020-14556
-
Medium
WebLogic CVE-2020-14557 Vulnerability (CVE-2020-14557)
CVE-2020-14557
-
Medium
MySQL CVE-2020-14559 Vulnerability (CVE-2020-14559)
CVE-2020-14559
-
Medium
MySQL CVE-2020-14567 Vulnerability (CVE-2020-14567)
CVE-2020-14567
-
Medium
MySQL CVE-2020-14568 Vulnerability (CVE-2020-14568)
CVE-2020-14568
-
Medium
DOMPurify Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-26870)
CVE-2020-26870
CWE-707
Medium
Oracle HTTP Server CVE-2020-2952 Vulnerability (CVE-2020-2952)
CVE-2020-2952
-
Medium
MySQL CVE-2020-2898 Vulnerability (CVE-2020-2898)
CVE-2020-2898
-
Medium
MongoDb Improper Validation of Specified Quantity in Input Vulnerability (CVE-2026-6915)
CVE-2026-6915
CWE-1284
Medium
MySQL CVE-2020-14827 Vulnerability (CVE-2020-14827)
CVE-2020-14827
-
Medium
WebLogic CVE-2020-14636 Vulnerability (CVE-2020-14636)
CVE-2020-14636
-
Medium
WebLogic CVE-2020-2829 Vulnerability (CVE-2020-2829)
CVE-2020-2829
-
Medium
Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2026-33007)
CVE-2026-33007
CWE-476
Medium
MySQL CVE-2020-14631 Vulnerability (CVE-2020-14631)
CVE-2020-14631
-
Medium
Grafana Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-28376)
CVE-2026-28376
CWE-770
Medium
MySQL CVE-2020-2814 Vulnerability (CVE-2020-2814)
CVE-2020-2814
-
Medium
MySQL CVE-2020-14632 Vulnerability (CVE-2020-14632)
CVE-2020-14632
-
Medium
Grafana Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2026-28379)
CVE-2026-28379
CWE-362
Medium
CKEditor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-27193)
CVE-2020-27193
CWE-707
Medium
Oracle JRE CVE-2020-2830 Vulnerability (CVE-2020-2830)
CVE-2020-2830
-
Medium
MySQL CVE-2020-2812 Vulnerability (CVE-2020-2812)
CVE-2020-2812
-
Medium
WebLogic CVE-2020-14637 Vulnerability (CVE-2020-14637)
CVE-2020-14637
-
Medium
WebLogic CVE-2020-14638 Vulnerability (CVE-2020-14638)
CVE-2020-14638
-
Medium
Jenkins URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2026-53436)
CVE-2026-53436
CWE-601
Medium
Django Use of Cache Containing Sensitive Information Vulnerability (CVE-2026-6907)
CVE-2026-6907
CWE-524
Medium
Grafana Missing Authorization Vulnerability (CVE-2026-28380)
CVE-2026-28380
CWE-862
Medium
Grafana Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-28383)
CVE-2026-28383
CWE-770
Medium
«
1
...
82
83
84
...
200
»