🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Invicti vs. Competitors
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
MSSP
Documentation
Vulnerability Database
Get a demo
Home
/
Web Application Vulnerabilities
/ Missing Update
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
Missing Update
This page lists
23409 vulnerabilities
in this category.
Critical: 1513
High: 12591
Medium: 8518
Low: 783
Information: 4
Vulnerability Name
CVE
CWE
Severity
Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-25226)
CVE-2025-25226
CWE-138
Critical
Jboss EAP Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-7465)
CVE-2017-7465
CWE-94
Critical
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2026-35300)
CVE-2026-35300
CWE-502
Critical
WordPress Deserialization of Untrusted Data Vulnerability (CVE-2018-20148)
CVE-2018-20148
CWE-502
Critical
Oracle JRE CVE-2013-2384 Vulnerability (CVE-2013-2384)
CVE-2013-2384
-
Critical
Jboss EAP Improper Restriction of XML External Entity Reference Vulnerability (CVE-2017-7503)
CVE-2017-7503
CWE-611
Critical
Oracle JRE CVE-2013-2420 Vulnerability (CVE-2013-2420)
CVE-2013-2420
-
Critical
PostgreSQL Improper Authentication Vulnerability (CVE-2017-7546)
CVE-2017-7546
CWE-287
Critical
OpenVPN AS Improper Authentication Vulnerability (CVE-2020-8953)
CVE-2020-8953
CWE-287
Critical
Apache HTTP Server Improper Authentication Vulnerability (CVE-2017-3167)
CVE-2017-3167
CWE-287
Critical
Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2017-3169)
CVE-2017-3169
CWE-476
Critical
Vanilla Forums Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-18903)
CVE-2018-18903
CWE-94
Critical
Oracle JRE CVE-2013-1557 Vulnerability (CVE-2013-1557)
CVE-2013-1557
-
Critical
Python Improper Input Validation Vulnerability (CVE-2025-13462)
CVE-2025-13462
CWE-20
Critical
Oracle JRE CVE-2013-1558 Vulnerability (CVE-2013-1558)
CVE-2013-1558
-
Critical
Python Out-of-bounds Read Vulnerability (CVE-2025-13836)
CVE-2025-13836
CWE-125
Critical
Oracle JRE CVE-2013-2414 Vulnerability (CVE-2013-2414)
CVE-2013-2414
-
Critical
Grafana Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-27876)
CVE-2026-27876
CWE-94
Critical
Python Improper Input Validation Vulnerability (CVE-2021-29921)
CVE-2021-29921
CWE-20
Critical
PHP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-14179)
CVE-2025-14179
CWE-138
Critical
CubeCart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-20716)
CVE-2018-20716
CWE-138
Critical
WebLogic CVE-2017-3248 Vulnerability (CVE-2017-3248)
CVE-2017-3248
-
Critical
XWikiplatform Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-46558)
CVE-2025-46558
CWE-707
Critical
XWikiplatform Missing Authorization Vulnerability (CVE-2025-46557)
CVE-2025-46557
CWE-862
Critical
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2017-7525)
CVE-2017-7525
CWE-502
Critical
Jboss Deserialization of Untrusted Data Vulnerability (CVE-2017-7504)
CVE-2017-7504
CWE-502
Critical
WebERP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-46052)
CVE-2025-46052
CWE-138
Critical
Envoy Proxy Use After Free Vulnerability (CVE-2024-39305)
CVE-2024-39305
CWE-416
Critical
Apache Tomcat Exposure of Resource to Wrong Sphere Vulnerability (CVE-2017-5648)
CVE-2017-5648
CWE-668
Critical
Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-9435)
CVE-2017-9435
CWE-138
Critical
Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-13449)
CVE-2018-13449
CWE-138
Critical
Perl Out-of-bounds Write Vulnerability (CVE-2018-6797)
CVE-2018-6797
CWE-787
Critical
WebLogic CVE-2017-10352 Vulnerability (CVE-2017-10352)
CVE-2017-10352
-
Critical
Oracle JRE CVE-2013-0442 Vulnerability (CVE-2013-0442)
CVE-2013-0442
-
Critical
Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-64459)
CVE-2025-64459
CWE-138
Critical
Moodle CVE-2024-33999 Vulnerability (CVE-2024-33999)
CVE-2024-33999
-
Critical
Oracle JRE CVE-2013-0441 Vulnerability (CVE-2013-0441)
CVE-2013-0441
-
Critical
Perl Integer Overflow to Buffer Overflow Vulnerability (CVE-2026-8376)
CVE-2026-8376
CWE-680
Critical
Jboss EAP Improper Restriction of XML External Entity Reference Vulnerability (CVE-2017-12629)
CVE-2017-12629
CWE-611
Critical
PrestaShop CVE-2018-13784 Vulnerability (CVE-2018-13784)
CVE-2018-13784
-
Critical
Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-13450)
CVE-2018-13450
CWE-138
Critical
GeoServer Improper Restriction of XML External Entity Reference Vulnerability (CVE-2025-58360)
CVE-2025-58360
CWE-611
Critical
WebLogic CVE-2018-3252 Vulnerability (CVE-2018-3252)
CVE-2018-3252
-
Critical
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2018-3245)
CVE-2018-3245
CWE-502
Critical
Oracle Database Server CVE-2018-3259 Vulnerability (CVE-2018-3259)
CVE-2018-3259
-
Critical
Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-13448)
CVE-2018-13448
CWE-138
Critical
Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-13447)
CVE-2018-13447
CWE-138
Critical
Masa CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-32641)
CVE-2024-32641
CWE-94
Critical
WebLogic CVE-2020-2551 Vulnerability (CVE-2020-2551)
CVE-2020-2551
-
Critical
SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-64672)
CVE-2025-64672
CWE-707
Critical
Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-9691)
CVE-2020-9691
CWE-707
Critical
Oracle JRE CVE-2013-0437 Vulnerability (CVE-2013-0437)
CVE-2013-0437
-
Critical
Microsoft SQL Server Other Vulnerability (CVE-2002-1145)
CVE-2002-1145
-
Critical
Joomla Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2024-27185)
CVE-2024-27185
-
Critical
XWikiplatform Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-31996)
CVE-2024-31996
CWE-94
Critical
Phusion Passenger Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2018-12026)
CVE-2018-12026
CWE-59
Critical
Dolibarr Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-33816)
CVE-2021-33816
CWE-94
Critical
Plone CMS Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-33509)
CVE-2021-33509
CWE-732
Critical
Ruby Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-8780)
CVE-2018-8780
CWE-22
Critical
PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2018-7584)
CVE-2018-7584
CWE-119
Critical
Jenkins Deserialization of Untrusted Data Vulnerability (CVE-2017-1000353)
CVE-2017-1000353
CWE-502
Critical
PrestaShop Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-8824)
CVE-2018-8824
CWE-138
Critical
Oracle JRE CVE-2017-10346 Vulnerability (CVE-2017-10346)
CVE-2017-10346
-
Critical
PrestaShop Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-8823)
CVE-2018-8823
CWE-94
Critical
LimeSurvey Deserialization of Untrusted Data Vulnerability (CVE-2025-56422)
CVE-2025-56422
CWE-502
Critical
Perl Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2017-12883)
CVE-2017-12883
CWE-119
Critical
Jenkins Missing Authorization Vulnerability (CVE-2021-21687)
CVE-2021-21687
CWE-862
Critical
WebLogic CVE-2018-3201 Vulnerability (CVE-2018-3201)
CVE-2018-3201
-
Critical
Perl Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2017-12814)
CVE-2017-12814
CWE-119
Critical
GlassFish Use of Hard-coded Credentials Vulnerability (CVE-2018-14324)
CVE-2018-14324
CWE-798
Critical
axios Unintended Proxy or Intermediary ('Confused Deputy') Vulnerability (CVE-2025-62718)
CVE-2025-62718
CWE-441
Critical
Oracle JRE CVE-2013-0445 Vulnerability (CVE-2013-0445)
CVE-2013-0445
-
Critical
Drupal Improper Input Validation Vulnerability (CVE-2018-7600)
CVE-2018-7600
CWE-20
Critical
Drupal CVE-2018-7602 Vulnerability (CVE-2018-7602)
CVE-2018-7602
-
Critical
phpMyFAQ Improper Restriction of Excessive Authentication Attempts Vulnerability (CVE-2017-11187)
CVE-2017-11187
CWE-307
Critical
«
1
...
17
18
19
...
313
»