Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Critical Severity Vulnerabilities

Found 1593 vulnerabilities at Critical severity.

Vulnerability Name
CVE
CWE
Severity
OpenSSL Out-of-bounds Read Vulnerability (CVE-2026-28386)
CVE-2026-28386
CWE-125
Critical
Chamilo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-28430)
CVE-2026-28430
CWE-138
Critical
Craft CMS Improper Neutralization of Special Elements Used in a Template Engine Vulnerability (CVE-2026-28697)
CVE-2026-28697
CWE-138
Critical
Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-28783)
CVE-2026-28783
CWE-94
Critical
Apache Tomcat Improper Authentication Vulnerability (CVE-2026-29145)
CVE-2026-29145
CWE-287
Critical
OpenSSL Out-of-bounds Write Vulnerability (CVE-2026-31789)
CVE-2026-31789
CWE-787
Critical
Craft CMS Incorrect Authorization Vulnerability (CVE-2026-32267)
CVE-2026-32267
CWE-863
Critical
Ruby on Rails Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2026-33195)
CVE-2026-33195
CWE-22
Critical
Ruby on Rails Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2026-33202)
CVE-2026-33202
CWE-138
Critical
XWikiplatform Missing Authorization Vulnerability (CVE-2026-33229)
CVE-2026-33229
CWE-862
Critical
Chamilo Files or Directories Accessible to External Parties Vulnerability (CVE-2026-33698)
CVE-2026-33698
CWE-552
Critical
Chamilo Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2026-33707)
CVE-2026-33707
CWE-640
Critical
Handlebars Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-33937)
CVE-2026-33937
CWE-94
Critical
CubeCart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-34018)
CVE-2026-34018
CWE-138
Critical
Perl Other Vulnerability (CVE-2026-4176)
CVE-2026-4176
-
Critical
Django Missing Authorization Vulnerability (CVE-2026-4277)
CVE-2026-4277
CWE-862
Critical
Lodash Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-4800)
CVE-2026-4800
CWE-94
Critical
WordPress Plugin WordPress Plugin ACF Extended: Privilege Escalation (0.9.2.1)
CVE-2025-14533
CWE-269
Critical