Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.130426185443

High Severity Vulnerabilities

Found 5664 vulnerabilities at High severity.

Reference
Title
Technology
CVE-2025-59017
TYPO3 Missing Authorization Vulnerability
TYPO3
CVE-2024-22188
TYPO3 Improper Control of Generation of Code (Code Injection) Vulnerability
TYPO3
CVE-2026-0859
TYPO3 Deserialization of Untrusted Data Vulnerability
TYPO3
CVE-2025-59022
TYPO3 Missing Authorization Vulnerability
TYPO3
CVE-2026-6553
TYPO3 Cleartext Storage of Sensitive Information Vulnerability
TYPO3
CVE-2021-23358
Underscore.js Improper Control of Generation of Code (Code Injection) Vulnerability
Underscore.js
CVE-2026-27601
Underscore.js Allocation of Resources Without Limits or Throttling Vulnerability
Underscore.js
CVE-2020-28458
DataTables Prototype Pollution Vulnerability
DataTables
CVE-2021-23337
Lodash Improper Neutralization of Special Elements used in a Command (Command Injection) Vulnerability
Lodash
CVE-2020-8203
Lodash Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) Vulnerability
Lodash
CVE-2019-10742
axios Improper Input Validation Vulnerability
axios
CVE-2021-3749
axios Uncontrolled Resource Consumption Vulnerability
axios
CVE-2024-39338
axios Server-Side Request Forgery (SSRF) Vulnerability
axios
CVE-2025-58754
axios Allocation of Resources Without Limits or Throttling Vulnerability
axios
CVE-2025-27152
axios Server-Side Request Forgery (SSRF) Vulnerability
axios
CVE-2026-25639
axios Improper Check for Unusual or Exceptional Conditions Vulnerability
axios
CVE-2026-42039
axios Uncontrolled Recursion Vulnerability
axios
CVE-2026-42038
axios Server-Side Request Forgery (SSRF) Vulnerability
axios
CVE-2026-42035
axios Improper Neutralization of CRLF Sequences in HTTP Headers (HTTP Request/Response Splitting) Vulnerability
axios
CVE-2026-42033
axios Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) Vulnerability
axios
CVE-2012-1094
JBoss Application Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Jboss Application Server
CVE-2012-2312
JBoss Application Server Improper Privilege Management Vulnerability
Jboss Application Server
CVE-2006-5750
JBoss Application Server Directory Traversal Vulnerability
Jboss Application Server
CVE-2019-8358
Hiawatha Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Hiawatha
CVE-2020-12845
Cherokee NULL Pointer Dereference Vulnerability
Cherokee
CVE-2019-20799
Cherokee Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability
Cherokee
CVE-2019-20798
Cherokee Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Cherokee
CVE-2020-7743
math.js Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability
math.js
CVE-2026-40897
math.js Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability
math.js
CVE-2026-41139
math.js Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability
math.js