Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Critical Severity Vulnerabilities

Found 1593 vulnerabilities at Critical severity.

Vulnerability Name
CVE
CWE
Severity
Jenkins Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-21692)
CVE-2021-21692
CWE-22
Critical
Jenkins Improper Authorization Vulnerability (CVE-2021-21693)
CVE-2021-21693
CWE-285
Critical
Jenkins Missing Authorization Vulnerability (CVE-2021-21694)
CVE-2021-21694
CWE-862
Critical
Jenkins Protection Mechanism Failure Vulnerability (CVE-2021-21696 )
CVE-2021-21696
CWE-693
Critical
Jenkins Other Vulnerability (CVE-2021-21696)
CVE-2021-21696
-
Critical
Jenkins Other Vulnerability (CVE-2021-21697)
CVE-2021-21697
-
Critical
PHP Use After Free Vulnerability (CVE-2021-21708)
CVE-2021-21708
CWE-416
Critical
Moodle Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-21809)
CVE-2021-21809
CWE-732
Critical
concrete5 Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-22958)
CVE-2021-22958
CWE-918
Critical
Joomla CVE-2021-23127 Vulnerability (CVE-2021-23127)
CVE-2021-23127
-
Critical
Joomla CVE-2021-23128 Vulnerability (CVE-2021-23128)
CVE-2021-23128
-
Critical
Handlebars CVE-2021-23369 Vulnerability (CVE-2021-23369)
CVE-2021-23369
-
Critical
Handlebars Other Vulnerability (CVE-2021-23383)
CVE-2021-23383
-
Critical
Dojo Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2021-23450)
CVE-2021-23450
CWE-1321
Critical
WebLogic Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2021-23450)
CVE-2021-23450
CWE-1321
Critical
Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-25955)
CVE-2021-25955
CWE-707
Critical
Atlassian Confluence Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2021-26084)
CVE-2021-26084
CWE-138
Critical
Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2021-26691)
CVE-2021-26691
CWE-787
Critical
Pega Infinity Improper Authentication Vulnerability (CVE-2021-27651)
CVE-2021-27651
CWE-287
Critical
Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-27903)
CVE-2021-27903
CWE-94
Critical
Telerik Web UI Missing Authorization Vulnerability (CVE-2021-28141)
CVE-2021-28141
CWE-862
Critical
Envoy Proxy Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-29492)
CVE-2021-29492
CWE-22
Critical
Python Improper Input Validation Vulnerability (CVE-2021-29921)
CVE-2021-29921
CWE-20
Critical
WebLogic CVE-2021-2047 Vulnerability (CVE-2021-2047)
CVE-2021-2047
-
Critical
WebLogic CVE-2021-2064 Vulnerability (CVE-2021-2064)
CVE-2021-2064
-
Critical
WebLogic CVE-2021-2075 Vulnerability (CVE-2021-2075)
CVE-2021-2075
-
Critical
WebLogic CVE-2021-2108 Vulnerability (CVE-2021-2108)
CVE-2021-2108
-
Critical
WebLogic CVE-2021-2135 Vulnerability (CVE-2021-2135)
CVE-2021-2135
-
Critical
WebLogic CVE-2021-2136 Vulnerability (CVE-2021-2136)
CVE-2021-2136
-
Critical
WebLogic CVE-2021-2382 Vulnerability (CVE-2021-2382)
CVE-2021-2382
-
Critical
WebLogic CVE-2021-2394 Vulnerability (CVE-2021-2394)
CVE-2021-2394
-
Critical
WebLogic CVE-2021-2397 Vulnerability (CVE-2021-2397)
CVE-2021-2397
-
Critical
Beego Framework CVE-2021-30080 Vulnerability (CVE-2021-30080)
CVE-2021-30080
-
Critical
MediaWiki Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2021-31556)
CVE-2021-31556
CWE-327
Critical
Ruby Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2021-31799)
CVE-2021-31799
CWE-138
Critical
Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-32615)
CVE-2021-32615
CWE-138
Critical
Plone CMS Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-33509)
CVE-2021-33509
CWE-732
Critical
Dolibarr Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-33816)
CVE-2021-33816
CWE-94
Critical
Chamilo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-34187)
CVE-2021-34187
CWE-138
Critical
Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-35042)
CVE-2021-35042
CWE-138
Critical
Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-35414)
CVE-2021-35414
CWE-707
Critical
Apache Traffic Server Out-of-bounds Write Vulnerability (CVE-2021-35474)
CVE-2021-35474
CWE-787
Critical
WebLogic CVE-2021-35617 Vulnerability (CVE-2021-35617)
CVE-2021-35617
-
Critical
ownCloud Improper Privilege Management Vulnerability (CVE-2021-35946)
CVE-2021-35946
CWE-269
Critical
MediaWiki Other Vulnerability (CVE-2021-36126)
CVE-2021-36126
-
Critical
MediaWiki Improper Authentication Vulnerability (CVE-2021-36128)
CVE-2021-36128
CWE-287
Critical
Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-36392)
CVE-2021-36392
CWE-138
Critical
Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-36393)
CVE-2021-36393
CWE-138
Critical
Moodle CVE-2021-36394 Vulnerability (CVE-2021-36394)
CVE-2021-36394
-
Critical
Oracle HTTP Server Out-of-bounds Write Vulnerability (CVE-2021-39275)
CVE-2021-39275
CWE-787
Critical
Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2021-39275)
CVE-2021-39275
CWE-787
Critical
PrestaShop Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-3110)
CVE-2021-3110
CWE-138
Critical
Python Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2021-3177)
CVE-2021-3177
CWE-120
Critical
phpList Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2021-3188)
CVE-2021-3188
CWE-1236
Critical
OpenSSL Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2021-3711)
CVE-2021-3711
CWE-120
Critical
Moodle Improper Input Validation Vulnerability (CVE-2021-3943)
CVE-2021-3943
CWE-20
Critical
Oracle HTTP Server Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-40438)
CVE-2021-40438
CWE-918
Critical
Apache HTTP Server Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-40438)
CVE-2021-40438
CWE-918
Critical
ProjectSend Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-40887)
CVE-2021-40887
CWE-22
Critical
Grafana Externally Controlled Reference to a Resource in Another Sphere Vulnerability (CVE-2021-41244)
CVE-2021-41244
CWE-610
Critical
Apache HTTP Server Other Vulnerability (CVE-2021-42013)
CVE-2021-42013
-
Critical
osTicket Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-42235)
CVE-2021-42235
CWE-138
Critical
Ramda Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2021-42581)
CVE-2021-42581
CWE-1321
Critical
Apache Traffic Server Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2021-43082)
CVE-2021-43082
CWE-120
Critical
PrestaShop Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-43789)
CVE-2021-43789
CWE-138
Critical
Roundcube Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-44026)
CVE-2021-44026
CWE-138
Critical
WordPress Other Vulnerability (CVE-2021-44223)
CVE-2021-44223
-
Critical
Oracle HTTP Server Out-of-bounds Write Vulnerability (CVE-2021-44790)
CVE-2021-44790
CWE-787
Critical
Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-0224)
CVE-2022-0224
CWE-138
Critical
Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-0332)
CVE-2022-0332
CWE-138
Critical
Atlassian Jira Improper Authentication Vulnerability (CVE-2022-0540)
CVE-2022-0540
CWE-287
Critical
Artifactory Improper Privilege Management Vulnerability (CVE-2022-0668)
CVE-2022-0668
CWE-269
Critical
OpenSSL Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2022-1292)
CVE-2022-1292
CWE-138
Critical
WebLogic CVE-2022-21306 Vulnerability (CVE-2022-21306)
CVE-2022-21306
-
Critical
Envoy Proxy Improper Certificate Validation Vulnerability (CVE-2022-21654)
CVE-2022-21654
CWE-295
Critical