🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Invicti vs. Competitors
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
MSSP
Documentation
Vulnerability Database
Get a demo
Home
/
Web Application Vulnerabilities
/ Missing Update
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
Missing Update
This page lists
23500 vulnerabilities
in this category.
Critical: 1518
High: 12619
Medium: 8575
Low: 784
Information: 4
Vulnerability Name
CVE
CWE
Severity
silverstripeCMS Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-12437)
CVE-2019-12437
CWE-352
High
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-12466)
CVE-2019-12466
CWE-352
High
MODX Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-2736)
CVE-2014-2736
CWE-138
High
MediaWiki CVE-2019-12472 Vulnerability (CVE-2019-12472)
CVE-2019-12472
-
High
phpMyAdmin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-2506)
CVE-2011-2506
CWE-94
High
OpenSSL Improper Input Validation Vulnerability (CVE-2014-3567)
CVE-2014-3567
CWE-20
High
MODX Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-2311)
CVE-2014-2311
CWE-138
High
Oracle HTTP Server Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2019-0217)
CVE-2019-0217
CWE-362
High
ownCloud Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3834)
CVE-2014-3834
CWE-264
High
GSAP CVE-2020-28478 Vulnerability (CVE-2020-28478)
CVE-2020-28478
-
High
Apache Tomcat Uncontrolled Resource Consumption Vulnerability (CVE-2019-0199)
CVE-2019-0199
CWE-400
High
Jboss EAP Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2019-0205)
CVE-2019-0205
CWE-835
High
Jboss EAP Out-of-bounds Read Vulnerability (CVE-2019-0210)
CVE-2019-0210
CWE-125
High
Apache HTTP Server Use After Free Vulnerability (CVE-2019-0211)
CVE-2019-0211
CWE-416
High
Oracle HTTP Server Use After Free Vulnerability (CVE-2019-0211)
CVE-2019-0211
CWE-416
High
Apache HTTP Server CVE-2019-0215 Vulnerability (CVE-2019-0215)
CVE-2019-0215
-
High
Apache HTTP Server Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2019-0217)
CVE-2019-0217
CWE-362
High
Apache Tomcat Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2019-0232)
CVE-2019-0232
CWE-138
High
Roundcube Unspesificed Vulnerability (CVE-2018-9846)
CVE-2018-9846
-
High
PHP Numeric Errors Vulnerability (CVE-2011-1092)
CVE-2011-1092
-
High
SharePoint CVE-2019-0585 Vulnerability (CVE-2019-0585)
CVE-2019-0585
-
High
SharePoint Improper Input Validation Vulnerability (CVE-2019-0594)
CVE-2019-0594
CWE-20
High
PHP Resource Management Errors Vulnerability (CVE-2011-1148)
CVE-2011-1148
-
High
PHP Use of Externally-Controlled Format String Vulnerability (CVE-2011-1153)
CVE-2011-1153
CWE-134
High
SharePoint Improper Input Validation Vulnerability (CVE-2019-0957)
CVE-2019-0957
CWE-20
High
SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-0958)
CVE-2019-0958
CWE-707
High
Drupal Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2014-3704)
CVE-2014-3704
CWE-138
High
Jenkins Insufficient Session Expiration Vulnerability (CVE-2019-1003003)
CVE-2019-1003003
CWE-613
High
Apache HTTP Server CVE-2019-0190 Vulnerability (CVE-2019-0190)
CVE-2019-0190
-
High
WebLogic Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2020-28491)
CVE-2020-28491
CWE-770
High
Jenkins Insufficient Session Expiration Vulnerability (CVE-2019-1003049)
CVE-2019-1003049
CWE-613
High
Liferay Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2020-28885)
CVE-2020-28885
CWE-138
High
Jboss EAP Improper Handling of Exceptional Conditions Vulnerability (CVE-2018-8039)
CVE-2018-8039
CWE-755
High
FrontAccounting Multiple SQL Injection Vulnerabilities (CVE-2014-3973)
CVE-2014-3973
-
High
Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-8045)
CVE-2018-8045
CWE-138
High
MediaWiki Insufficiently Protected Credentials Vulnerability (CVE-2020-29005)
CVE-2020-29005
CWE-522
High
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2020-29004)
CVE-2020-29004
CWE-352
High
SharePoint CVE-2018-8161 Vulnerability (CVE-2018-8161)
CVE-2018-8161
-
High
Drupal CVE-2020-28949 Vulnerability (CVE-2020-28949)
CVE-2020-28949
-
High
Drupal Deserialization of Untrusted Data Vulnerability (CVE-2020-28948)
CVE-2020-28948
CWE-502
High
ASP.NET MVC Improper Authentication Vulnerability (CVE-2018-8171)
CVE-2018-8171
CWE-287
High
Liferay Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2020-28884)
CVE-2020-28884
CWE-138
High
Three.js Uncontrolled Resource Consumption Vulnerability (CVE-2020-28496)
CVE-2020-28496
CWE-400
High
ProjectSend Improper Privilege Management Vulnerability (CVE-2020-28874)
CVE-2020-28874
CWE-269
High
FluxBB Use of Password Hash With Insufficient Computational Effort Vulnerability (CVE-2020-28873)
CVE-2020-28873
CWE-916
High
Plone CMS Improper Restriction of XML External Entity Reference Vulnerability (CVE-2020-28736)
CVE-2020-28736
CWE-611
High
Plone CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2020-28735)
CVE-2020-28735
CWE-918
High
Plone CMS Improper Restriction of XML External Entity Reference Vulnerability (CVE-2020-28734)
CVE-2020-28734
CWE-611
High
SharePoint CVE-2018-8628 Vulnerability (CVE-2018-8628)
CVE-2018-8628
-
High
Sqlite NULL Pointer Dereference Vulnerability (CVE-2018-8740)
CVE-2018-8740
CWE-476
High
Ruby Uncontrolled Resource Consumption Vulnerability (CVE-2018-8777)
CVE-2018-8777
CWE-400
High
Ruby Use of Externally-Controlled Format String Vulnerability (CVE-2018-8778)
CVE-2018-8778
CWE-134
High
Ruby Improper Input Validation Vulnerability (CVE-2018-8779)
CVE-2018-8779
CWE-20
High
Jenkins Insufficient Session Expiration Vulnerability (CVE-2019-1003004)
CVE-2019-1003004
CWE-613
High
Tornado Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2020-28476)
CVE-2020-28476
CWE-444
High
MediaWiki Improper Restriction of Excessive Authentication Attempts Vulnerability (CVE-2020-25827)
CVE-2020-25827
CWE-307
High
TYPO3 Cleartext Storage of Sensitive Information Vulnerability (CVE-2020-26228)
CVE-2020-26228
CWE-312
High
Jboss EAP Improper Restriction of XML External Entity Reference Vulnerability (CVE-2019-10172)
CVE-2019-10172
CWE-611
High
PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2011-1938)
CVE-2011-1938
CWE-119
High
Jboss EAP Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') Vulnerability (CVE-2019-10174)
CVE-2019-10174
CWE-470
High
Jboss EAP Missing Authorization Vulnerability (CVE-2019-10184)
CVE-2019-10184
CWE-862
High
Undertow Missing Authorization Vulnerability (CVE-2019-10184)
CVE-2019-10184
CWE-862
High
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-10186)
CVE-2019-10186
CWE-352
High
WordPress Improper Input Validation Vulnerability (CVE-2020-26596)
CVE-2020-26596
CWE-20
High
PostgreSQL Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2019-10208)
CVE-2019-10208
CWE-138
High
PostgreSQL Improper Input Validation Vulnerability (CVE-2019-10210)
CVE-2019-10210
CWE-20
High
PrestaShop CVE-2020-26224 Vulnerability (CVE-2020-26224)
CVE-2020-26224
-
High
Moodle Other Vulnerability (CVE-2019-10154)
CVE-2019-10154
-
High
Oracle HTTP Server Out-of-bounds Read Vulnerability (CVE-2020-26185)
CVE-2020-26185
CWE-125
High
Oracle HTTP Server Improper Certificate Validation Vulnerability (CVE-2020-26184)
CVE-2020-26184
CWE-295
High
Oracle Database Server CVE-2011-2239 Vulnerability (CVE-2011-2239)
CVE-2011-2239
-
High
qdPM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2020-26165)
CVE-2020-26165
CWE-94
High
Oracle Database Server CVE-2011-2253 Vulnerability (CVE-2011-2253)
CVE-2011-2253
-
High
WordPress Ultimate Member Plugin Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2019-10270)
CVE-2019-10270
CWE-640
High
Oracle Database Server CVE-2011-2301 Vulnerability (CVE-2011-2301)
CVE-2011-2301
-
High
«
1
...
166
167
168
...
314
»