Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

Critical Severity Vulnerabilities

Found 1499 vulnerabilities at Critical severity.

Vulnerability Name
CVE
CWE
Severity
Pega Infinity Improper Authentication Vulnerability (CVE-2021-27651)
CVE-2021-27651
CWE-287
Critical
Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-27903)
CVE-2021-27903
CWE-94
Critical
Telerik Web UI Missing Authorization Vulnerability (CVE-2021-28141)
CVE-2021-28141
CWE-862
Critical
Envoy Proxy Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-29492)
CVE-2021-29492
CWE-22
Critical
Python Improper Input Validation Vulnerability (CVE-2021-29921)
CVE-2021-29921
CWE-20
Critical
WebLogic CVE-2021-2047 Vulnerability (CVE-2021-2047)
CVE-2021-2047
-
Critical
WebLogic CVE-2021-2064 Vulnerability (CVE-2021-2064)
CVE-2021-2064
-
Critical
WebLogic CVE-2021-2075 Vulnerability (CVE-2021-2075)
CVE-2021-2075
-
Critical
WebLogic CVE-2021-2108 Vulnerability (CVE-2021-2108)
CVE-2021-2108
-
Critical
WebLogic CVE-2021-2135 Vulnerability (CVE-2021-2135)
CVE-2021-2135
-
Critical
WebLogic CVE-2021-2136 Vulnerability (CVE-2021-2136)
CVE-2021-2136
-
Critical
WebLogic CVE-2021-2382 Vulnerability (CVE-2021-2382)
CVE-2021-2382
-
Critical
WebLogic CVE-2021-2394 Vulnerability (CVE-2021-2394)
CVE-2021-2394
-
Critical
WebLogic CVE-2021-2397 Vulnerability (CVE-2021-2397)
CVE-2021-2397
-
Critical
Beego Framework CVE-2021-30080 Vulnerability (CVE-2021-30080)
CVE-2021-30080
-
Critical
MediaWiki Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2021-31556)
CVE-2021-31556
CWE-327
Critical
Ruby Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2021-31799)
CVE-2021-31799
CWE-138
Critical
Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-32615)
CVE-2021-32615
CWE-138
Critical
Plone CMS Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-33509)
CVE-2021-33509
CWE-732
Critical
Dolibarr Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-33816)
CVE-2021-33816
CWE-94
Critical
Chamilo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-34187)
CVE-2021-34187
CWE-138
Critical
Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-35042)
CVE-2021-35042
CWE-138
Critical
Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-35414)
CVE-2021-35414
CWE-707
Critical
Apache Traffic Server Out-of-bounds Write Vulnerability (CVE-2021-35474)
CVE-2021-35474
CWE-787
Critical
WebLogic CVE-2021-35617 Vulnerability (CVE-2021-35617)
CVE-2021-35617
-
Critical
ownCloud Improper Privilege Management Vulnerability (CVE-2021-35946)
CVE-2021-35946
CWE-269
Critical
MediaWiki Other Vulnerability (CVE-2021-36126)
CVE-2021-36126
-
Critical
MediaWiki Improper Authentication Vulnerability (CVE-2021-36128)
CVE-2021-36128
CWE-287
Critical
Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-36392)
CVE-2021-36392
CWE-138
Critical
Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-36393)
CVE-2021-36393
CWE-138
Critical
Moodle CVE-2021-36394 Vulnerability (CVE-2021-36394)
CVE-2021-36394
-
Critical
Oracle HTTP Server Out-of-bounds Write Vulnerability (CVE-2021-39275)
CVE-2021-39275
CWE-787
Critical
Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2021-39275)
CVE-2021-39275
CWE-787
Critical
PrestaShop Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-3110)
CVE-2021-3110
CWE-138
Critical
Python Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2021-3177)
CVE-2021-3177
CWE-120
Critical
phpList Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2021-3188)
CVE-2021-3188
CWE-1236
Critical
OpenSSL Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2021-3711)
CVE-2021-3711
CWE-120
Critical
Moodle Improper Input Validation Vulnerability (CVE-2021-3943)
CVE-2021-3943
CWE-20
Critical
Oracle HTTP Server Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-40438)
CVE-2021-40438
CWE-918
Critical
Apache HTTP Server Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-40438)
CVE-2021-40438
CWE-918
Critical
ProjectSend Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-40887)
CVE-2021-40887
CWE-22
Critical
Grafana Externally Controlled Reference to a Resource in Another Sphere Vulnerability (CVE-2021-41244)
CVE-2021-41244
CWE-610
Critical
Apache HTTP Server Other Vulnerability (CVE-2021-42013)
CVE-2021-42013
-
Critical
osTicket Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-42235)
CVE-2021-42235
CWE-138
Critical
Ramda Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2021-42581)
CVE-2021-42581
CWE-1321
Critical
Apache Traffic Server Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2021-43082)
CVE-2021-43082
CWE-120
Critical
PrestaShop Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-43789)
CVE-2021-43789
CWE-138
Critical
Roundcube Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-44026)
CVE-2021-44026
CWE-138
Critical
WordPress Other Vulnerability (CVE-2021-44223)
CVE-2021-44223
-
Critical
Oracle HTTP Server Out-of-bounds Write Vulnerability (CVE-2021-44790)
CVE-2021-44790
CWE-787
Critical
Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-0224)
CVE-2022-0224
CWE-138
Critical
Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-0332)
CVE-2022-0332
CWE-138
Critical
Atlassian Jira Improper Authentication Vulnerability (CVE-2022-0540)
CVE-2022-0540
CWE-287
Critical
Artifactory Improper Privilege Management Vulnerability (CVE-2022-0668)
CVE-2022-0668
CWE-269
Critical
OpenSSL Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2022-1292)
CVE-2022-1292
CWE-138
Critical
WebLogic CVE-2022-21306 Vulnerability (CVE-2022-21306)
CVE-2022-21306
-
Critical
Envoy Proxy Improper Certificate Validation Vulnerability (CVE-2022-21654)
CVE-2022-21654
CWE-295
Critical
PrestaShop Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2022-21686)
CVE-2022-21686
CWE-94
Critical
Oracle HTTP Server Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2022-22720)
CVE-2022-22720
CWE-444
Critical
Apache HTTP Server Integer Overflow or Wraparound Vulnerability (CVE-2022-22721)
CVE-2022-22721
CWE-190
Critical
Oracle HTTP Server Integer Overflow or Wraparound Vulnerability (CVE-2022-22721)
CVE-2022-22721
CWE-190
Critical
Spring Cloud Gateway Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression La Vulnerability (CVE-2022-22947)
CVE-2022-22947
CWE-138
Critical
WebLogic Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2022-22965)
CVE-2022-22965
CWE-94
Critical
WebLogic Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-23305)
CVE-2022-23305
CWE-138
Critical
WebLogic Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-23457)
CVE-2022-23457
CWE-22
Critical
Joomla Improper Authentication Vulnerability (CVE-2022-23795)
CVE-2022-23795
CWE-287
Critical
Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2022-23797)
CVE-2022-23797
CWE-138
Critical
Joomla CVE-2022-23799 Vulnerability (CVE-2022-23799)
CVE-2022-23799
-
Critical
Oracle HTTP Server Out-of-bounds Write Vulnerability (CVE-2022-23943)
CVE-2022-23943
CWE-787
Critical
Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2022-23943)
CVE-2022-23943
CWE-787
Critical
Pega Infinity Deserialization of Untrusted Data Vulnerability (CVE-2022-24082)
CVE-2022-24082
CWE-502
Critical
Pega Infinity Other Vulnerability (CVE-2022-24083)
CVE-2022-24083
-
Critical
Magento Improper Input Validation Vulnerability (CVE-2022-24086)
CVE-2022-24086
CWE-20
Critical
Oracle HTTP Server Improper Encoding or Escaping of Output Vulnerability (CVE-2022-25235)
CVE-2022-25235
CWE-116
Critical
Oracle HTTP Server Exposure of Resource to Wrong Sphere Vulnerability (CVE-2022-25236)
CVE-2022-25236
CWE-668
Critical