🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Invicti vs. Competitors
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
MSSP
Documentation
Vulnerability Database
Get a demo
Home
/
Web Application Vulnerabilities
/ Missing Update
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
Missing Update
This page lists
23409 vulnerabilities
in this category.
Critical: 1513
High: 12591
Medium: 8518
Low: 783
Information: 4
Vulnerability Name
CVE
CWE
Severity
PrestaShop Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-19355)
CVE-2018-19355
CWE-434
Critical
Oracle JRE CVE-2012-5083 Vulnerability (CVE-2012-5083)
CVE-2012-5083
-
Critical
Drupal Data Processing Errors Vulnerability (CVE-2017-6920)
CVE-2017-6920
-
Critical
XWikiplatform Missing Authorization Vulnerability (CVE-2025-29926)
CVE-2025-29926
CWE-862
Critical
Beego Framework Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-30223)
CVE-2025-30223
CWE-707
Critical
Oracle JRE CVE-2012-5076 Vulnerability (CVE-2012-5076)
CVE-2012-5076
-
Critical
IBM WebSEAL CVE-2018-1722 Vulnerability (CVE-2018-1722)
CVE-2018-1722
-
Critical
Dot CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2020-6754)
CVE-2020-6754
CWE-22
Critical
Jetty Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2026-2332)
CVE-2026-2332
-
Critical
CrushFTP Server Other Vulnerability (CVE-2025-31161)
CVE-2025-31161
-
Critical
PHP Out-of-bounds Read Vulnerability (CVE-2020-7059)
CVE-2020-7059
CWE-125
Critical
Apache Tomcat Improper Encoding or Escaping of Output Vulnerability (CVE-2025-31651)
CVE-2025-31651
CWE-116
Critical
PHP Out-of-bounds Read Vulnerability (CVE-2020-7060)
CVE-2020-7060
CWE-125
Critical
PHP Out-of-bounds Read Vulnerability (CVE-2020-7061)
CVE-2020-7061
CWE-125
Critical
Dolibarr Improper Authentication Vulnerability (CVE-2020-7995)
CVE-2020-7995
CWE-287
Critical
Telerik Web UI Missing Authorization Vulnerability (CVE-2021-28141)
CVE-2021-28141
CWE-862
Critical
Artifactory Insufficient Verification of Data Authenticity Vulnerability (CVE-2018-19971)
CVE-2018-19971
CWE-345
Critical
Drupal CVE-2017-6925 Vulnerability (CVE-2017-6925)
CVE-2017-6925
-
Critical
Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-2091)
CVE-2013-2091
CWE-138
Critical
PHP Integer Overflow or Wraparound Vulnerability (CVE-2017-5340)
CVE-2017-5340
CWE-190
Critical
Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-26533)
CVE-2025-26533
CWE-138
Critical
WebLogic Improper Access Control Vulnerability (CVE-2026-35263)
CVE-2026-35263
CWE-284
Critical
MODX Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-7324)
CVE-2017-7324
CWE-94
Critical
Chamilo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-28430)
CVE-2026-28430
CWE-138
Critical
Joomla CVE-2026-35223 Vulnerability (CVE-2026-35223)
CVE-2026-35223
-
Critical
Craft CMS Improper Neutralization of Special Elements Used in a Template Engine Vulnerability (CVE-2026-28697)
CVE-2026-28697
CWE-138
Critical
Apache HTTP Server Heap-based Buffer Overflow Vulnerability (CVE-2026-28780)
CVE-2026-28780
CWE-122
Critical
Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-35222)
CVE-2026-35222
CWE-138
Critical
MODX Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-7321)
CVE-2017-7321
CWE-94
Critical
Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-28783)
CVE-2026-28783
CWE-94
Critical
Oracle JRE CVE-2012-5086 Vulnerability (CVE-2012-5086)
CVE-2012-5086
-
Critical
Internet Information Services Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2017-7269)
CVE-2017-7269
CWE-119
Critical
PrestaShop Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-19126)
CVE-2018-19126
CWE-434
Critical
Apache Tomcat Improper Authentication Vulnerability (CVE-2026-29145)
CVE-2026-29145
CWE-287
Critical
Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-35221)
CVE-2026-35221
CWE-138
Critical
Apache HTTP Server Use After Free Vulnerability (CVE-2026-29167)
CVE-2026-29167
CWE-416
Critical
Oracle JRE CVE-2012-5088 Vulnerability (CVE-2012-5088)
CVE-2012-5088
-
Critical
PostgreSQL Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-24213)
CVE-2024-24213
CWE-138
Critical
Dolibarr Improper Input Validation Vulnerability (CVE-2013-2093)
CVE-2013-2093
CWE-20
Critical
Oracle JRE CVE-2012-5087 Vulnerability (CVE-2012-5087)
CVE-2012-5087
-
Critical
OpenSSL Improper Validation of Integrity Check Value Vulnerability (CVE-2026-34182)
CVE-2026-34182
CWE-354
Critical
Atlassian Confluence Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2021-26084)
CVE-2021-26084
CWE-138
Critical
Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-25955)
CVE-2021-25955
CWE-707
Critical
Ruby on Rails Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2026-33202)
CVE-2026-33202
CWE-138
Critical
b2evolution Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-5539)
CVE-2017-5539
CWE-22
Critical
Liferay DXP Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2025-43766)
CVE-2025-43766
CWE-434
Critical
PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1903)
CVE-2013-1903
CWE-264
Critical
Handlebars Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-33937)
CVE-2026-33937
CWE-94
Critical
Liferay Portal Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2025-43766)
CVE-2025-43766
CWE-434
Critical
ReviveAdserver Deserialization of Untrusted Data Vulnerability (CVE-2017-5830)
CVE-2017-5830
CWE-502
Critical
Ruby on Rails Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2026-33195)
CVE-2026-33195
CWE-22
Critical
PostgreSQL Other Vulnerability (CVE-2013-1902)
CVE-2013-1902
-
Critical
XWikiplatform Missing Authorization Vulnerability (CVE-2026-33229)
CVE-2026-33229
CWE-862
Critical
Liferay Portal Missing Authorization Vulnerability (CVE-2025-43773)
CVE-2025-43773
CWE-862
Critical
Apache Tomcat CVE-2017-5651 Vulnerability (CVE-2017-5651)
CVE-2017-5651
-
Critical
EspoCRM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2026-33656)
CVE-2026-33656
CWE-22
Critical
WordPress Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-5611)
CVE-2017-5611
CWE-138
Critical
PostgreSQL Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2018-1115)
CVE-2018-1115
CWE-732
Critical
Chamilo Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2026-33707)
CVE-2026-33707
CWE-640
Critical
WebLogic Improper Handling of Exceptional Conditions Vulnerability (CVE-2017-5638)
CVE-2017-5638
CWE-755
Critical
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2017-5645)
CVE-2017-5645
CWE-502
Critical
Chamilo Files or Directories Accessible to External Parties Vulnerability (CVE-2026-33698)
CVE-2026-33698
CWE-552
Critical
LimeSurvey Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-41375)
CVE-2025-41375
CWE-138
Critical
Pega Infinity Improper Authentication Vulnerability (CVE-2021-27651)
CVE-2021-27651
CWE-287
Critical
Liferay Portal Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2025-3594)
CVE-2025-3594
CWE-22
Critical
XWikiplatform Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-32429)
CVE-2025-32429
CWE-138
Critical
Atlassian Jira Deserialization of Untrusted Data Vulnerability (CVE-2017-5983)
CVE-2017-5983
CWE-502
Critical
Liferay Portal Deserialization of Untrusted Data Vulnerability (CVE-2020-7961)
CVE-2020-7961
CWE-502
Critical
Craft CMS Incorrect Authorization Vulnerability (CVE-2026-32267)
CVE-2026-32267
CWE-863
Critical
Plone CMS Improper Privilege Management Vulnerability (CVE-2020-7941)
CVE-2020-7941
CWE-269
Critical
Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-5344)
CVE-2017-5344
CWE-138
Critical
Craft CMS CVE-2025-32432 Vulnerability (CVE-2025-32432)
CVE-2025-32432
-
Critical
Apache HTTP Server Improper Authentication Vulnerability (CVE-2018-1312)
CVE-2018-1312
CWE-287
Critical
XWikiplatform Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-32969)
CVE-2025-32969
CWE-138
Critical
Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-27903)
CVE-2021-27903
CWE-94
Critical
«
1
...
15
16
17
...
313
»