🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Invicti vs. Competitors
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
MSSP
Documentation
Vulnerability Database
Get a demo
Home
/
Web Application Vulnerabilities
/ Missing Update
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
Missing Update
This page lists
23409 vulnerabilities
in this category.
Critical: 1513
High: 12591
Medium: 8518
Low: 783
Information: 4
Vulnerability Name
CVE
CWE
Severity
PHP Use After Free Vulnerability (CVE-2021-21708)
CVE-2021-21708
CWE-416
Critical
Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-42005)
CVE-2024-42005
CWE-138
Critical
Chamilo Deserialization of Untrusted Data Vulnerability (CVE-2025-52998)
CVE-2025-52998
CWE-502
Critical
Magento CVE-2020-9585 Vulnerability (CVE-2020-9585)
CVE-2020-9585
-
Critical
WordPress Improper Input Validation Vulnerability (CVE-2020-35539)
CVE-2020-35539
CWE-20
Critical
Oracle Database Server Deserialization of Untrusted Data Vulnerability (CVE-2017-15095)
CVE-2017-15095
CWE-502
Critical
Grafana Improper Authentication Vulnerability (CVE-2018-15727)
CVE-2018-15727
CWE-287
Critical
WP Plugin Contact Form 7 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-35489)
CVE-2020-35489
CWE-434
Critical
PHP Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2012-1823)
CVE-2012-1823
CWE-138
Critical
PHP Out-of-bounds Read Vulnerability (CVE-2026-6104)
CVE-2026-6104
CWE-125
Critical
Magento Improper Privilege Management Vulnerability (CVE-2020-9630)
CVE-2020-9630
CWE-269
Critical
Sqlite Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2020-35527)
CVE-2020-35527
CWE-119
Critical
PHP Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2024-3566)
CVE-2024-3566
CWE-138
Critical
MongoDb CVE-2017-15535 Vulnerability (CVE-2017-15535)
CVE-2017-15535
-
Critical
SharePoint Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2013-3889)
CVE-2013-3889
CWE-119
Critical
osTicket Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-15580)
CVE-2017-15580
CWE-434
Critical
Oracle JRE CVE-2013-0809 Vulnerability (CVE-2013-0809)
CVE-2013-0809
-
Critical
Lodash Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-4800)
CVE-2026-4800
CWE-94
Critical
Django Missing Authorization Vulnerability (CVE-2026-4277)
CVE-2026-4277
CWE-862
Critical
Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2020-35613)
CVE-2020-35613
CWE-138
Critical
Perl Other Vulnerability (CVE-2026-4176)
CVE-2026-4176
-
Critical
Telerik Web UI Insufficiently Protected Credentials Vulnerability (CVE-2017-9248)
CVE-2017-9248
CWE-522
Critical
ClipBucket Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2013-10040)
CVE-2013-10040
CWE-434
Critical
Beego Framework CVE-2021-30080 Vulnerability (CVE-2021-30080)
CVE-2021-30080
-
Critical
Moodle Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-21809)
CVE-2021-21809
CWE-732
Critical
Joomla CVE-2026-48904 Vulnerability (CVE-2026-48904)
CVE-2026-48904
-
Critical
Oracle JRE CVE-2013-1486 Vulnerability (CVE-2013-1486)
CVE-2013-1486
-
Critical
Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-17900)
CVE-2017-17900
CWE-138
Critical
Ruby Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2017-17790)
CVE-2017-17790
CWE-138
Critical
Oracle Database Server CVE-2013-3751 Vulnerability (CVE-2013-3751)
CVE-2013-3751
-
Critical
Oracle JRE CVE-2013-1478 Vulnerability (CVE-2013-1478)
CVE-2013-1478
-
Critical
Chamilo Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') Vulnerability (CVE-2025-50187)
CVE-2025-50187
CWE-707
Critical
Oracle JRE CVE-2013-1479 Vulnerability (CVE-2013-1479)
CVE-2013-1479
-
Critical
Oracle JRE CVE-2013-1480 Vulnerability (CVE-2013-1480)
CVE-2013-1480
-
Critical
Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-17897)
CVE-2017-17897
CWE-138
Critical
Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-17899)
CVE-2017-17899
CWE-138
Critical
Oracle Database Server CVE-2026-46833 Vulnerability (CVE-2026-46833)
CVE-2026-46833
-
Critical
Chamilo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-50190)
CVE-2025-50190
CWE-138
Critical
WordPress Deserialization of Untrusted Data Vulnerability (CVE-2020-36326)
CVE-2020-36326
CWE-502
Critical
Oracle JRE CVE-2013-1481 Vulnerability (CVE-2013-1481)
CVE-2013-1481
-
Critical
Oracle JRE CVE-2013-1484 Vulnerability (CVE-2013-1484)
CVE-2013-1484
-
Critical
MediaWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2017-8809)
CVE-2017-8809
CWE-138
Critical
DOMPurify Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2024-48910)
CVE-2024-48910
CWE-1321
Critical
Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-16809)
CVE-2018-16809
CWE-138
Critical
Varnish Cache Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2017-8807)
CVE-2017-8807
CWE-119
Critical
PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2012-2376)
CVE-2012-2376
CWE-119
Critical
Magento Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2020-9578)
CVE-2020-9578
CWE-138
Critical
Oracle JRE CVE-2013-1476 Vulnerability (CVE-2013-1476)
CVE-2013-1476
-
Critical
Oracle JRE CVE-2013-1475 Vulnerability (CVE-2013-1475)
CVE-2013-1475
-
Critical
Joomla CVE-2026-48902 Vulnerability (CVE-2026-48902)
CVE-2026-48902
-
Critical
Magento Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2020-9582)
CVE-2020-9582
CWE-138
Critical
Ruby CVE-2018-16395 Vulnerability (CVE-2018-16395)
CVE-2018-16395
-
Critical
PHP Other Vulnerability (CVE-2000-0967)
CVE-2000-0967
-
Critical
AbanteCart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-50972)
CVE-2025-50972
CWE-138
Critical
Joomla CVE-2026-48899 Vulnerability (CVE-2026-48899)
CVE-2026-48899
-
Critical
WordPress Ultimate Member Plugin Improper Privilege Management Vulnerability (CVE-2020-36155)
CVE-2020-36155
CWE-269
Critical
Joomla CVE-2026-48898 Vulnerability (CVE-2026-48898)
CVE-2026-48898
-
Critical
Magento Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2020-9583)
CVE-2020-9583
CWE-138
Critical
Chamilo Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-50199)
CVE-2025-50199
CWE-918
Critical
WordPress Ultimate Member Plugin CVE-2020-36157 Vulnerability (CVE-2020-36157)
CVE-2020-36157
-
Critical
Envoy Proxy Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2024-45806)
CVE-2024-45806
CWE-639
Critical
WebLogic CVE-2018-2894 Vulnerability (CVE-2018-2894)
CVE-2018-2894
-
Critical
Magento CVE-2020-9580 Vulnerability (CVE-2020-9580)
CVE-2020-9580
-
Critical
WebLogic CVE-2018-2893 Vulnerability (CVE-2018-2893)
CVE-2018-2893
-
Critical
Magento CVE-2020-9579 Vulnerability (CVE-2020-9579)
CVE-2020-9579
-
Critical
PHP Improper Input Validation Vulnerability (CVE-2017-8923)
CVE-2017-8923
CWE-20
Critical
Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-8917)
CVE-2017-8917
CWE-138
Critical
Chamilo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-50192)
CVE-2025-50192
CWE-138
Critical
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2017-17485)
CVE-2017-17485
CWE-502
Critical
Nexus Repository Manager Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2017-17717)
CVE-2017-17717
CWE-327
Critical
MOVEit Transfer Improper Authentication Vulnerability (CVE-2024-6576)
CVE-2024-6576
CWE-287
Critical
Apache Tomcat DEPRECATED: Authentication Bypass Issues Vulnerability (CVE-2026-43512)
CVE-2026-43512
CWE-592
Critical
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2017-15095)
CVE-2017-15095
CWE-502
Critical
OpenSSL Out-of-bounds Write Vulnerability (CVE-2026-31789)
CVE-2026-31789
CWE-787
Critical
Ruby on Rails Deserialization of Untrusted Data Vulnerability (CVE-2020-8165)
CVE-2020-8165
CWE-502
Critical
«
1
...
14
15
16
...
313
»