Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.3.2229

Critical Severity Vulnerabilities

Found 1560 vulnerabilities at Critical severity.

Vulnerability Name
CVE
CWE
Severity
Apache HTTP Server Improper Access Control Vulnerability (CVE-2025-23048)
CVE-2025-23048
CWE-284
Critical
Jboss EAP Improper Restriction of Excessive Authentication Attempts Vulnerability (CVE-2025-23368)
CVE-2025-23368
CWE-307
Critical
Apache Tomcat Use of Incorrectly-Resolved Name or Reference Vulnerability (CVE-2025-24813)
CVE-2025-24813
CWE-706
Critical
XWikiplatform Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2025-24893)
CVE-2025-24893
CWE-94
Critical
Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-25226)
CVE-2025-25226
CWE-138
Critical
Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-26533)
CVE-2025-26533
CWE-138
Critical
XWikiplatform Missing Authorization Vulnerability (CVE-2025-29926)
CVE-2025-29926
CWE-862
Critical
Beego Framework Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-30223)
CVE-2025-30223
CWE-707
Critical
CrushFTP Server Other Vulnerability (CVE-2025-31161)
CVE-2025-31161
-
Critical
Apache Tomcat Improper Encoding or Escaping of Output Vulnerability (CVE-2025-31651)
CVE-2025-31651
CWE-116
Critical
XWikiplatform Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-32429)
CVE-2025-32429
CWE-138
Critical
Craft CMS CVE-2025-32432 Vulnerability (CVE-2025-32432)
CVE-2025-32432
-
Critical
XWikiplatform Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-32969)
CVE-2025-32969
CWE-138
Critical
XWikiplatform Missing Authorization Vulnerability (CVE-2025-32973)
CVE-2025-32973
CWE-862
Critical
XWikiplatform Improper Encoding or Escaping of Output Vulnerability (CVE-2025-32974)
CVE-2025-32974
CWE-116
Critical
MongoDb Improper Check for Certificate Revocation Vulnerability (CVE-2025-3085)
CVE-2025-3085
CWE-299
Critical
Sqlite Integer Overflow or Wraparound Vulnerability (CVE-2025-3277)
CVE-2025-3277
CWE-190
Critical
Liferay DXP Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2025-3594)
CVE-2025-3594
CWE-22
Critical
Liferay Portal Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2025-3594)
CVE-2025-3594
CWE-22
Critical
Grafana Incorrect Privilege Assignment Vulnerability (CVE-2025-41115)
CVE-2025-41115
CWE-266
Critical
LimeSurvey Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-41375)
CVE-2025-41375
CWE-138
Critical
Liferay Portal Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2025-43766)
CVE-2025-43766
CWE-434
Critical
Liferay DXP Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2025-43766)
CVE-2025-43766
CWE-434
Critical
Liferay Portal Missing Authorization Vulnerability (CVE-2025-43773)
CVE-2025-43773
CWE-862
Critical
Liferay DXP Missing Authorization Vulnerability (CVE-2025-43773)
CVE-2025-43773
CWE-862
Critical
WebERP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-46052)
CVE-2025-46052
CWE-138
Critical
XWikiplatform Missing Authorization Vulnerability (CVE-2025-46557)
CVE-2025-46557
CWE-862
Critical
XWikiplatform Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-46558)
CVE-2025-46558
CWE-707
Critical
Chamilo Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') Vulnerability (CVE-2025-50187)
CVE-2025-50187
CWE-707
Critical
Chamilo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-50190)
CVE-2025-50190
CWE-138
Critical
Chamilo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-50192)
CVE-2025-50192
CWE-138
Critical
Chamilo Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-50199)
CVE-2025-50199
CWE-918
Critical
AbanteCart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-50972)
CVE-2025-50972
CWE-138
Critical
Chamilo Deserialization of Untrusted Data Vulnerability (CVE-2025-52998)
CVE-2025-52998
CWE-502
Critical
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2025-53770)
CVE-2025-53770
CWE-502
Critical
XWikiplatform Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-53835)
CVE-2025-53835
CWE-707
Critical
CrushFTP Server Unprotected Alternate Channel Vulnerability (CVE-2025-54309)
CVE-2025-54309
CWE-420
Critical
XWikiplatform Improper Input Validation Vulnerability (CVE-2025-54385)
CVE-2025-54385
CWE-20
Critical
Squid Out-of-bounds Write Vulnerability (CVE-2025-54574)
CVE-2025-54574
CWE-787
Critical
React Deserialization of Untrusted Data Vulnerability (CVE-2025-55182)
CVE-2025-55182
CWE-502
Critical
Next.js Deserialization of Untrusted Data Vulnerability (CVE-2025-55182)
CVE-2025-55182
CWE-502
Critical
XWikiplatform Relative Path Traversal Vulnerability (CVE-2025-55747)
CVE-2025-55747
CWE-23
Critical
Apache Tomcat Improper Neutralization of Escape, Meta, or Control Sequences Vulnerability (CVE-2025-55754)
CVE-2025-55754
CWE-150
Critical
GeoServer Improper Restriction of XML External Entity Reference Vulnerability (CVE-2025-58360)
CVE-2025-58360
CWE-611
Critical
Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-59681)
CVE-2025-59681
CWE-138
Critical
phpMyFAQ CVE-2025-59943 Vulnerability (CVE-2025-59943)
CVE-2025-59943
-
Critical
Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-64459)
CVE-2025-64459
CWE-138
Critical
SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-64672)
CVE-2025-64672
CWE-707
Critical
Moodle CVE-2025-67856 Vulnerability (CVE-2025-67856)
CVE-2025-67856
-
Critical
Craft CMS Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2025-68456)
CVE-2025-68456
CWE-770
Critical
Sqlite Numeric Truncation Error Vulnerability (CVE-2025-6965)
CVE-2025-6965
CWE-197
Critical
Sqlite Integer Overflow or Wraparound Vulnerability (CVE-2025-7458)
CVE-2025-7458
CWE-190
Critical
Oracle HTTP Server Improper Access Control Vulnerability (CVE-2026-21962)
CVE-2026-21962
CWE-284
Critical
Caddy Web Server Improper Handling of Exceptional Conditions Vulnerability (CVE-2026-27586)
CVE-2026-27586
CWE-755
Critical
Caddy Web Server Improper Handling of Case Sensitivity Vulnerability (CVE-2026-27587)
CVE-2026-27587
CWE-178
Critical
Caddy Web Server Improper Handling of Case Sensitivity Vulnerability (CVE-2026-27588)
CVE-2026-27588
CWE-178
Critical
Caddy Web Server Improper Input Validation Vulnerability (CVE-2026-27590)
CVE-2026-27590
CWE-20
Critical
Craft CMS Improper Neutralization of Special Elements Used in a Template Engine Vulnerability (CVE-2026-28697)
CVE-2026-28697
CWE-138
Critical
Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-28783)
CVE-2026-28783
CWE-94
Critical
WordPress Plugin WordPress Plugin ACF Extended: Privilege Escalation (0.9.2.1)
CVE-2025-14533
CWE-269
Critical