Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

Critical Severity Vulnerabilities

Found 1499 vulnerabilities at Critical severity.

Vulnerability Name
CVE
CWE
Severity
PHP Improper Encoding or Escaping of Output Vulnerability (CVE-2024-1874)
CVE-2024-1874
CWE-116
Critical
WebLogic CVE-2024-21181 Vulnerability (CVE-2024-21181)
CVE-2024-21181
-
Critical
WebLogic CVE-2024-21216 Vulnerability (CVE-2024-21216)
CVE-2024-21216
-
Critical
XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-21650)
CVE-2024-21650
CWE-94
Critical
Jenkins Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-23897)
CVE-2024-23897
CWE-22
Critical
PostgreSQL Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-24213)
CVE-2024-24213
CWE-138
Critical
GibbonEdu Improper Neutralization of Special Elements Used in a Template Engine Vulnerability (CVE-2024-24724)
CVE-2024-24724
CWE-138
Critical
Joomla Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2024-27185)
CVE-2024-27185
-
Critical
Ruby on Rails CVE-2024-28103 Vulnerability (CVE-2024-28103)
CVE-2024-28103
-
Critical
XWikiplatform Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-31982)
CVE-2024-31982
CWE-94
Critical
XWikiplatform Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-31996)
CVE-2024-31996
CWE-94
Critical
Moodle CVE-2024-33999 Vulnerability (CVE-2024-33999)
CVE-2024-33999
-
Critical
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-34502)
CVE-2024-34502
CWE-352
Critical
CubeCart Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-34832)
CVE-2024-34832
CWE-22
Critical
WeBid Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-35409)
CVE-2024-35409
CWE-138
Critical
GeoServer Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-36401)
CVE-2024-36401
CWE-94
Critical
Craft CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-37843)
CVE-2024-37843
CWE-138
Critical
Apache HTTP Server Improper Encoding or Escaping of Output Vulnerability (CVE-2024-38474)
CVE-2024-38474
CWE-116
Critical
Apache HTTP Server Improper Encoding or Escaping of Output Vulnerability (CVE-2024-38475)
CVE-2024-38475
CWE-116
Critical
Apache HTTP Server CVE-2024-38476 Vulnerability (CVE-2024-38476)
CVE-2024-38476
-
Critical
Envoy Proxy Use After Free Vulnerability (CVE-2024-39305)
CVE-2024-39305
CWE-416
Critical
PHP Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2024-3566)
CVE-2024-3566
CWE-138
Critical
Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-42005)
CVE-2024-42005
CWE-138
Critical
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-42008)
CVE-2024-42008
CWE-707
Critical
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-42009)
CVE-2024-42009
CWE-707
Critical
Envoy Proxy Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2024-45806)
CVE-2024-45806
CWE-639
Critical
CrushFTP Server Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-4040)
CVE-2024-4040
CWE-94
Critical
PHP Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2024-4577)
CVE-2024-4577
CWE-138
Critical
Apache Traffic Server Unchecked Return Value Vulnerability (CVE-2024-50306)
CVE-2024-50306
CWE-252
Critical
Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2024-50379)
CVE-2024-50379
CWE-367
Critical
Ampache Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-51490)
CVE-2024-51490
CWE-707
Critical
Apache Tomcat Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2024-52316)
CVE-2024-52316
CWE-754
Critical
CrushFTP Server Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2024-53552)
CVE-2024-53552
CWE-640
Critical
Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-53908)
CVE-2024-53908
CWE-138
Critical
Drupal Deserialization of Untrusted Data Vulnerability (CVE-2024-55636)
CVE-2024-55636
CWE-502
Critical
Drupal Deserialization of Untrusted Data Vulnerability (CVE-2024-55637)
CVE-2024-55637
CWE-502
Critical
Drupal Deserialization of Untrusted Data Vulnerability (CVE-2024-55638)
CVE-2024-55638
CWE-502
Critical
XWikiplatform Improper Encoding or Escaping of Output Vulnerability (CVE-2024-55663)
CVE-2024-55663
CWE-116
Critical
Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-56145)
CVE-2024-56145
CWE-94
Critical
XWikiplatform Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-56158)
CVE-2024-56158
CWE-138
Critical
Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-5314)
CVE-2024-5314
CWE-138
Critical
Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-5315)
CVE-2024-5315
CWE-138
Critical
MOVEit Transfer Improper Authentication Vulnerability (CVE-2024-6576)
CVE-2024-6576
CWE-287
Critical
Envoy Proxy CVE-2024-7207 Vulnerability (CVE-2024-7207)
CVE-2024-7207
-
Critical
PHP Out-of-bounds Write Vulnerability (CVE-2024-8932)
CVE-2024-8932
CWE-787
Critical
PHP Incorrect Calculation of Buffer Size Vulnerability (CVE-2025-1861)
CVE-2025-1861
CWE-131
Critical
WebLogic Missing Authentication for Critical Function Vulnerability (CVE-2025-21535)
CVE-2025-21535
CWE-306
Critical
Apache HTTP Server Improper Access Control Vulnerability (CVE-2025-23048)
CVE-2025-23048
CWE-284
Critical
Apache Tomcat Use of Incorrectly-Resolved Name or Reference Vulnerability (CVE-2025-24813)
CVE-2025-24813
CWE-706
Critical
XWikiplatform Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2025-24893)
CVE-2025-24893
CWE-94
Critical
Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-25226)
CVE-2025-25226
CWE-138
Critical
Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-26533)
CVE-2025-26533
CWE-138
Critical
XWikiplatform Missing Authorization Vulnerability (CVE-2025-29926)
CVE-2025-29926
CWE-862
Critical
Beego Framework Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-30223)
CVE-2025-30223
CWE-707
Critical
CrushFTP Server Other Vulnerability (CVE-2025-31161)
CVE-2025-31161
-
Critical
Apache Tomcat Improper Encoding or Escaping of Output Vulnerability (CVE-2025-31651)
CVE-2025-31651
CWE-116
Critical
XWikiplatform Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-32429)
CVE-2025-32429
CWE-138
Critical
Craft CMS CVE-2025-32432 Vulnerability (CVE-2025-32432)
CVE-2025-32432
-
Critical
XWikiplatform Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-32969)
CVE-2025-32969
CWE-138
Critical
XWikiplatform Missing Authorization Vulnerability (CVE-2025-32973)
CVE-2025-32973
CWE-862
Critical
XWikiplatform Improper Encoding or Escaping of Output Vulnerability (CVE-2025-32974)
CVE-2025-32974
CWE-116
Critical
Sqlite Integer Overflow or Wraparound Vulnerability (CVE-2025-3277)
CVE-2025-3277
CWE-190
Critical
WebERP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-46052)
CVE-2025-46052
CWE-138
Critical
XWikiplatform Missing Authorization Vulnerability (CVE-2025-46557)
CVE-2025-46557
CWE-862
Critical
XWikiplatform Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-46558)
CVE-2025-46558
CWE-707
Critical
AbanteCart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-50972)
CVE-2025-50972
CWE-138
Critical
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2025-53770)
CVE-2025-53770
CWE-502
Critical
XWikiplatform Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-53835)
CVE-2025-53835
CWE-707
Critical
CrushFTP Server Unprotected Alternate Channel Vulnerability (CVE-2025-54309)
CVE-2025-54309
CWE-420
Critical
XWikiplatform Improper Input Validation Vulnerability (CVE-2025-54385)
CVE-2025-54385
CWE-20
Critical
Squid Out-of-bounds Write Vulnerability (CVE-2025-54574)
CVE-2025-54574
CWE-787
Critical
XWikiplatform Relative Path Traversal Vulnerability (CVE-2025-55747)
CVE-2025-55747
CWE-23
Critical
Sqlite Numeric Truncation Error Vulnerability (CVE-2025-6965)
CVE-2025-6965
CWE-197
Critical
Sqlite Integer Overflow or Wraparound Vulnerability (CVE-2025-7458)
CVE-2025-7458
CWE-190
Critical