Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Missing Update

This page lists 23101 vulnerabilities in this category.

Critical: 1474 High: 12458 Medium: 8395 Low: 770 Information: 4
Vulnerability Name
CVE
CWE
Severity
GeoServer Improper Restriction of XML External Entity Reference Vulnerability (CVE-2025-58360)
CVE-2025-58360
CWE-611
Critical
MediaWiki Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2017-8809)
CVE-2017-8809
CWE-138
Critical
PHP CVE-2004-1063 Vulnerability (CVE-2004-1063)
CVE-2004-1063
-
Critical
Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-9435)
CVE-2017-9435
CWE-138
Critical
PHP CVE-2004-1064 Vulnerability (CVE-2004-1064)
CVE-2004-1064
-
Critical
PHP Improper Input Validation Vulnerability (CVE-2016-7129)
CVE-2016-7129
CWE-20
Critical
PHP Other Vulnerability (CVE-2004-1065)
CVE-2004-1065
-
Critical
ProjectSend Improper Input Validation Vulnerability (CVE-2017-9741)
CVE-2017-9741
CWE-20
Critical
Apache Tomcat CVE-2016-8735 Vulnerability (CVE-2016-8735)
CVE-2016-8735
-
Critical
XWikiplatform Improper Input Validation Vulnerability (CVE-2025-54385)
CVE-2025-54385
CWE-20
Critical
AbanteCart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-50972)
CVE-2025-50972
CWE-138
Critical
PHP Improper Input Validation Vulnerability (CVE-2017-8923)
CVE-2017-8923
CWE-20
Critical
Chamilo Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') Vulnerability (CVE-2025-50187)
CVE-2025-50187
CWE-707
Critical
Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-8917)
CVE-2017-8917
CWE-138
Critical
CrushFTP Server Unprotected Alternate Channel Vulnerability (CVE-2025-54309)
CVE-2025-54309
CWE-420
Critical
PHP Improper Encoding or Escaping of Output Vulnerability (CVE-2024-1874)
CVE-2024-1874
CWE-116
Critical
PHP Integer Overflow or Wraparound Vulnerability (CVE-2024-11236)
CVE-2024-11236
CWE-190
Critical
ProjectSend Incorrect Authorization Vulnerability (CVE-2024-11680)
CVE-2024-11680
CWE-863
Critical
ClipBucket Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-7666)
CVE-2018-7666
CWE-138
Critical
ClipBucket Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-7665)
CVE-2018-7665
CWE-434
Critical
ClipBucket Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2018-7664)
CVE-2018-7664
CWE-138
Critical
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-9788)
CVE-2017-9788
CWE-200
Critical
b2evolution Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2016-8901)
CVE-2016-8901
CWE-138
Critical
PHP Use After Free Vulnerability (CVE-2016-9138)
CVE-2016-9138
CWE-416
Critical
MyBB Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-9403)
CVE-2016-9403
CWE-264
Critical
Oracle Database Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2003-0096)
CVE-2003-0096
CWE-119
Critical
PHP Deserialization of Untrusted Data Vulnerability (CVE-2016-7124)
CVE-2016-7124
CWE-502
Critical
Oracle Database Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2003-0095)
CVE-2003-0095
CWE-119
Critical
PHP Out-of-bounds Write Vulnerability (CVE-2017-9228)
CVE-2017-9228
CWE-787
Critical
Apache HTTP Server Other Vulnerability (CVE-2004-0492)
CVE-2004-0492
-
Critical
Citrix NetScaler Memory Disclosure 'Citrix Bleed 2' (CVE-2025-5777)
CVE-2025-5349
CWE-457
Critical
Jenkins Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') Vulnerability (CVE-2016-9299)
CVE-2016-9299
CWE-138
Critical
MyBB Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-9402)
CVE-2016-9402
CWE-138
Critical
IBMHttpServer Other Vulnerability (CVE-2004-0492)
CVE-2004-0492
-
Critical
Jboss EAP CVE-2018-8088 Vulnerability (CVE-2018-8088)
CVE-2018-8088
-
Critical
phpMyFAQ CVE-2025-59943 Vulnerability (CVE-2025-59943)
CVE-2025-59943
-
Critical
SugarCRM Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-6308)
CVE-2018-6308
CWE-138
Critical
Wordpress Plugin Backup Migration Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2023-6972)
CVE-2023-6972
CWE-22
Critical
Wordpress Plugin Backup Migration Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2023-6971)
CVE-2023-6971
CWE-829
Critical
MySQL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2004-0836)
CVE-2004-0836
CWE-119
Critical
PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-7411)
CVE-2016-7411
CWE-119
Critical
Wordpress Plugin Backup Migration CVE-2023-6553 Vulnerability (CVE-2023-6553)
CVE-2023-6553
-
Critical
PHP Use After Free Vulnerability (CVE-2016-7413)
CVE-2016-7413
CWE-416
Critical
osCommerce Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2023-6579)
CVE-2023-6579
CWE-138
Critical
PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-7414)
CVE-2016-7414
CWE-119
Critical
PHP Improper Input Validation Vulnerability (CVE-2016-7417)
CVE-2016-7417
CWE-20
Critical
Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-6376)
CVE-2018-6376
CWE-138
Critical
PHP CVE-2004-0542 Vulnerability (CVE-2004-0542)
CVE-2004-0542
-
Critical
MySQL Other Vulnerability (CVE-2003-0150)
CVE-2003-0150
-
Critical
WordPress Plugin Erident Custom Login and Dashboard Cross-Site Request Forgery (3.4.1)
-
CWE-352
High
TCExam Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-5745)
CVE-2020-5745
CWE-707
High
WordPress Plugin Custom Content Type Manager Remote Code Execution (0.9.8.5)
CVE-2015-3173
CWE-94
High
WordPress Plugin Fast Image Adder Arbitrary File Upload (1.1)
CVE-2015-1000001
CWE-434
High
WordPress Plugin WordPress Landing Pages Multiple Unspecified Vulnerabilities (1.7.8)
-
-
High
WordPress Plugin Attached images title editor Cross-Site Scripting (1.1.1)
-
CWE-79
High
WordPress Plugin Floating Social Bar Cross-Site Scripting (1.1.5)
CVE-2015-5528
CWE-79
High
WordPress Plugin GD bbPress Attachments Multiple Vulnerabilities (2.2)
CVE-2015-5481
CWE-79
High
WordPress Plugin IBS Mappro Arbitrary File Download (0.6)
CVE-2015-5472
CWE-22
High
WordPress Plugin Easy2Map Photos Cross-Site Scripting (2.0.6)
-
CWE-79
High
WordPress Plugin Visual Form Builder Multiple Vulnerabilities (2.8.2)
-
CWE-89
High
WordPress Plugin Image Export Arbitrary File Download (1.1.0)
CVE-2015-5609
CWE-22
High
WordPress Plugin InfiniteWP Client Unspecified Vulnerability (1.3.14)
-
-
High
WordPress Plugin Easy Forms for MailChimp Unspecified Vulnerability (6.3.2)
-
-
High
WordPress Plugin MDC YouTube Downloader Local File Inclusion (2.1.0)
CVE-2015-5469
CWE-22
High
WordPress Plugin Easy Google Fonts Cross-Site Scripting (1.3.6)
-
CWE-79
High
WordPress Plugin NewStatPress Cross-Site Scripting (1.0.3)
-
CWE-79
High
WordPress Plugin Ultimate Profile Builder By CMSHelpLive Multiple Vulnerabilities (2.3.3)
-
CWE-352
High
WordPress Plugin Codestyling Localization Multiple Vulnerabilities (1.99.30)
CVE-2015-4179
CWE-352
High
Java Unspesificed Vulnerability (CVE-2019-2602)
CVE-2019-2602
-
High
WordPress Plugin PICA Photo Gallery SQL Injection (1.0)
-
CWE-89
High
WordPress Plugin NewStatPress Multiple Vulnerabilities (1.0.4)
CVE-2015-9313
CWE-89
High
WordPress Plugin Download Zip Attachments Arbitrary File Download (1.0.0)
CVE-2015-4704
CWE-22
High
Dot CMS Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2020-18875)
CVE-2020-18875
CWE-138
High
WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Cross-Site Scripting (2.9.18)
-
CWE-79
High
WordPress Plugin Paid Memberships Pro-Restrict Member Access to Content, Courses, Communities-Free or Paid Subscriptions Multiple Cross-Site Scripting Vulnerabilities (1.8.4.2)
CVE-2015-5532
CWE-79
High