🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Invicti vs. Competitors
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
MSSP
Documentation
Vulnerability Database
Get a demo
Home
/
Web Application Vulnerabilities
/ Known Vulnerabilities
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
Known Vulnerabilities
This page lists
14981 vulnerabilities
in this category.
Critical: 1612
High: 4015
Medium: 8569
Low: 783
Information: 2
Vulnerability Name
CVE
CWE
Severity
Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-21632)
CVE-2026-21632
CWE-707
Medium
Chamilo Missing Authorization Vulnerability (CVE-2026-33708)
CVE-2026-33708
CWE-862
Medium
Atlassian Jira CVE-2020-4029 Vulnerability (CVE-2020-4029)
CVE-2020-4029
-
Medium
Atlassian Jira Observable Discrepancy Vulnerability (CVE-2020-4028)
CVE-2020-4028
CWE-203
Medium
MySQL CVE-2020-14870 Vulnerability (CVE-2020-14870)
CVE-2020-14870
-
Medium
WordPress Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) Vulnerability (CVE-2020-4047)
CVE-2020-4047
CWE-707
Medium
Apache HTTP Server Out-of-bounds Read Vulnerability (CVE-2026-33857)
CVE-2026-33857
CWE-125
Medium
MySQL CVE-2020-14869 Vulnerability (CVE-2020-14869)
CVE-2020-14869
-
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-24303)
CVE-2020-24303
CWE-707
Medium
IBM RTC Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2020-4544)
CVE-2020-4544
CWE-209
Medium
Sqlite Integer Overflow or Wraparound Vulnerability (CVE-2020-13434)
CVE-2020-13434
CWE-190
Medium
IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-4525)
CVE-2020-4525
CWE-707
Medium
IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-4524)
CVE-2020-4524
CWE-707
Medium
Sqlite NULL Pointer Dereference Vulnerability (CVE-2020-13435)
CVE-2020-13435
CWE-476
Medium
Liferay Portal CVE-2020-13444 Vulnerability (CVE-2020-13444)
CVE-2020-13444
-
Medium
Pega Infinity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-23957)
CVE-2020-23957
CWE-707
Medium
IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-4522)
CVE-2020-4522
CWE-707
Medium
IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-4445)
CVE-2020-4445
CWE-707
Medium
Pega Infinity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-24353)
CVE-2020-24353
CWE-707
Medium
SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-47640)
CVE-2026-47640
CWE-707
Medium
SharePoint CVE-2026-47641 Vulnerability (CVE-2026-47641)
CVE-2026-47641
-
Medium
SharePoint Server-Side Request Forgery (SSRF) Vulnerability (CVE-2026-20958)
CVE-2026-20958
CWE-918
Medium
Envoy Proxy Improper Handling of Length Parameter Inconsistency Vulnerability (CVE-2026-47692)
CVE-2026-47692
CWE-130
Medium
IBM RTC Generation of Error Message Containing Sensitive Information (CVE-2020-4487)
CVE-2020-4487
CWE-209
Medium
IBM WebSEAL Improper Input Validation Vulnerability (CVE-2020-4461)
CVE-2020-4461
CWE-20
Medium
SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-20959)
CVE-2026-20959
CWE-707
Medium
Atlassian Confluence Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2020-4027)
CVE-2020-4027
CWE-138
Medium
Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-4025)
CVE-2020-4025
CWE-707
Medium
PrestaShop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-33673)
CVE-2026-33673
CWE-707
Medium
Drupal Incorrect Default Permissions Vulnerability (CVE-2020-13667)
CVE-2020-13667
CWE-276
Medium
osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-24917)
CVE-2020-24917
CWE-707
Medium
SugarCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-36501)
CVE-2020-36501
CWE-707
Medium
phpList Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-36399)
CVE-2020-36399
CWE-707
Medium
Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13666)
CVE-2020-13666
CWE-707
Medium
MySQL CVE-2020-14867 Vulnerability (CVE-2020-14867)
CVE-2020-14867
-
Medium
Oracle JRE CVE-2026-21933 Vulnerability (CVE-2026-21933)
CVE-2026-21933
-
Medium
MySQL CVE-2020-14866 Vulnerability (CVE-2020-14866)
CVE-2020-14866
-
Medium
Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13668)
CVE-2020-13668
CWE-707
Medium
TinyMCE Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-47760)
CVE-2026-47760
CWE-707
Medium
MySQL CVE-2020-14861 Vulnerability (CVE-2020-14861)
CVE-2020-14861
-
Medium
PrestaShop Improper Use of Validation Framework Vulnerability (CVE-2026-33674)
CVE-2026-33674
CWE-1173
Medium
MySQL CVE-2026-21964 Vulnerability (CVE-2026-21964)
CVE-2026-21964
-
Medium
phpList Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-36398)
CVE-2020-36398
CWE-707
Medium
Oracle HTTP Server Out-of-bounds Read Vulnerability (CVE-2020-24977)
CVE-2020-24977
CWE-125
Medium
Oracle JRE Protection Mechanism Failure Vulnerability (CVE-2026-22013)
CVE-2026-22013
CWE-693
Medium
TinyMCE Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-47761)
CVE-2026-47761
CWE-707
Medium
LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-36993)
CVE-2020-36993
CWE-707
Medium
Drupal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-13662)
CVE-2020-13662
CWE-601
Medium
MySQL CVE-2020-14868 Vulnerability (CVE-2020-14868)
CVE-2020-14868
-
Medium
Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-3758)
CVE-2020-3758
CWE-707
Medium
Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-4024)
CVE-2020-4024
CWE-707
Medium
Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-4022)
CVE-2020-4022
CWE-707
Medium
Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2026-21722)
CVE-2026-21722
CWE-200
Medium
Grafana Improper Authorization Vulnerability (CVE-2026-21724)
CVE-2026-21724
CWE-285
Medium
Joomla URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2020-24598)
CVE-2020-24598
CWE-601
Medium
Werkzeug WSGI Improper Handling of Windows Device Names Vulnerability (CVE-2026-21860)
CVE-2026-21860
CWE-67
Medium
Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-4021)
CVE-2020-4021
CWE-707
Medium
Django Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13596)
CVE-2020-13596
CWE-707
Medium
Collabtive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13655)
CVE-2020-13655
CWE-707
Medium
Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-24599)
CVE-2020-24599
CWE-707
Medium
Chamilo Insertion of Sensitive Information into Externally-Accessible File or Directory Vulnerability (CVE-2026-33705)
CVE-2026-33705
CWE-538
Medium
Magento Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2020-3717)
CVE-2020-3717
CWE-22
Medium
Sqlite CVE-2020-13631 Vulnerability (CVE-2020-13631)
CVE-2020-13631
-
Medium
Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-3715)
CVE-2020-3715
CWE-707
Medium
Sqlite NULL Pointer Dereference Vulnerability (CVE-2020-13632)
CVE-2020-13632
CWE-476
Medium
Oracle JRE CVE-2026-21925 Vulnerability (CVE-2026-21925)
CVE-2026-21925
-
Medium
TinyMCE Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-47759)
CVE-2026-47759
CWE-707
Medium
reveal.js Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-8127)
CVE-2020-8127
CWE-707
Medium
MediaWiki CVE-2023-36674 Vulnerability (CVE-2023-36674)
CVE-2023-36674
-
Medium
Ruby on Rails URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2021-22942)
CVE-2021-22942
CWE-601
Medium
Moodle URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-35652)
CVE-2022-35652
CWE-601
Medium
XWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2022-36095)
CVE-2022-36095
CWE-352
Medium
Opencart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-21515)
CVE-2024-21515
CWE-707
Medium
Opencart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-21516)
CVE-2024-21516
CWE-707
Medium
Opencart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-21517)
CVE-2024-21517
CWE-707
Medium
«
1
...
90
91
92
...
200
»