Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

High Severity Vulnerabilities

Found 12791 vulnerabilities at High severity.

Vulnerability Name
CVE
CWE
Severity
Moodle Insufficient Verification of Data Authenticity Vulnerability (CVE-2024-43428)
CVE-2024-43428
CWE-345
High
Moodle Missing Authorization Vulnerability (CVE-2024-43431)
CVE-2024-43431
CWE-862
High
Moodle Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-43434)
CVE-2024-43434
CWE-22
High
Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-43436)
CVE-2024-43436
CWE-138
High
Moodle Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2024-43438)
CVE-2024-43438
CWE-639
High
Moodle Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-43440)
CVE-2024-43440
CWE-22
High
SharePoint CVE-2024-43464 Vulnerability (CVE-2024-43464)
CVE-2024-43464
-
High
SharePoint CVE-2024-43466 Vulnerability (CVE-2024-43466)
CVE-2024-43466
-
High
SharePoint CVE-2024-43503 Vulnerability (CVE-2024-43503)
CVE-2024-43503
-
High
Django CVE-2024-45230 Vulnerability (CVE-2024-45230)
CVE-2024-45230
-
High
Contao Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2024-45398)
CVE-2024-45398
CWE-434
High
Moodle Incorrect Default Permissions Vulnerability (CVE-2024-45690)
CVE-2024-45690
CWE-276
High
Squid CVE-2024-45802 Vulnerability (CVE-2024-45802)
CVE-2024-45802
-
High
Envoy Proxy CVE-2024-45807 Vulnerability (CVE-2024-45807)
CVE-2024-45807
-
High
Envoy Proxy NULL Pointer Dereference Vulnerability (CVE-2024-45809)
CVE-2024-45809
CWE-476
High
Envoy Proxy CVE-2024-45810 Vulnerability (CVE-2024-45810)
CVE-2024-45810
-
High
Next.js Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2024-46982)
CVE-2024-46982
CWE-639
High
Apache HTTP Server Improper Neutralization of Escape, Meta, or Control Sequences Vulnerability (CVE-2024-47252)
CVE-2024-47252
CWE-150
High
Next.js Uncontrolled Recursion Vulnerability (CVE-2024-47831)
CVE-2024-47831
CWE-674
High
Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-48311)
CVE-2024-48311
CWE-352
High
SharePoint CVE-2024-49068 Vulnerability (CVE-2024-49068)
CVE-2024-49068
-
High
SharePoint CVE-2024-49070 Vulnerability (CVE-2024-49070)
CVE-2024-49070
-
High
Werkzeug WSGI Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-49767)
CVE-2024-49767
CWE-770
High
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2024-50305)
CVE-2024-50305
CWE-20
High
Next.js Incorrect Authorization Vulnerability (CVE-2024-51479)
CVE-2024-51479
CWE-863
High
Ampache Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-51484)
CVE-2024-51484
CWE-352
High
Ampache Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-51485)
CVE-2024-51485
CWE-352
High
Ampache Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-51486)
CVE-2024-51486
CWE-707
High
Ampache Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-51487)
CVE-2024-51487
CWE-352
High
Craft CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-52291)
CVE-2024-52291
CWE-22
High
Craft CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-52293)
CVE-2024-52293
CWE-22
High
Tornado Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-52804)
CVE-2024-52804
CWE-770
High
Envoy Proxy Always-Incorrect Control Flow Implementation Vulnerability (CVE-2024-53269)
CVE-2024-53269
CWE-670
High
Envoy Proxy NULL Pointer Dereference Vulnerability (CVE-2024-53270)
CVE-2024-53270
CWE-476
High
Envoy Proxy Always-Incorrect Control Flow Implementation Vulnerability (CVE-2024-53271)
CVE-2024-53271
CWE-670
High
Apache Traffic Server Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2024-53868)
CVE-2024-53868
-
High
Django Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-53907)
CVE-2024-53907
CWE-770
High
Drupal Improper Handling of Case Sensitivity Vulnerability (CVE-2024-55634)
CVE-2024-55634
CWE-178
High
XWikiplatform Incorrect Authorization Vulnerability (CVE-2024-55662)
CVE-2024-55662
CWE-863
High
XWikiplatform Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-55877)
CVE-2024-55877
CWE-94
High
XWikiplatform Missing Authorization Vulnerability (CVE-2024-55879)
CVE-2024-55879
CWE-862
High
Beego Framework Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2024-55885)
CVE-2024-55885
CWE-327
High
phpMyFAQ User Interface (UI) Misrepresentation of Critical Information Vulnerability (CVE-2024-55889)
CVE-2024-55889
CWE-451
High
TYPO3 Exposed Dangerous Method or Function Vulnerability (CVE-2024-55921)
CVE-2024-55921
CWE-749
High
TYPO3 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-55924)
CVE-2024-55924
CWE-352
High
Perl Out-of-bounds Write Vulnerability (CVE-2024-56406)
CVE-2024-56406
CWE-787
High
PHP Improper Encoding or Escaping of Output Vulnerability (CVE-2024-5585)
CVE-2024-5585
CWE-116
High
ZenCart Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2024-5762)
CVE-2024-5762
CWE-829
High
OpenSSL Access of Resource Using Incompatible Type ('Type Confusion') Vulnerability (CVE-2024-6119)
CVE-2024-6119
CWE-843
High
Python Inefficient Regular Expression Complexity Vulnerability (CVE-2024-6232)
CVE-2024-6232
CWE-1333
High
PostgreSQL Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2024-7348)
CVE-2024-7348
CWE-367
High
MongoDb CVE-2024-7553 Vulnerability (CVE-2024-7553)
CVE-2024-7553
-
High
Python Inefficient Regular Expression Complexity Vulnerability (CVE-2024-7592)
CVE-2024-7592
CWE-1333
High
ProjectSend Use of Insufficiently Random Values Vulnerability (CVE-2024-7659)
CVE-2024-7659
CWE-330
High
Jboss EAP CVE-2024-7885 Vulnerability (CVE-2024-7885)
CVE-2024-7885
-
High
Payara Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-8215)
CVE-2024-8215
CWE-707
High
PHP Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2024-8926)
CVE-2024-8926
CWE-138
High
PHP Other Vulnerability (CVE-2024-8927)
CVE-2024-8927
-
High
Grafana Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2024-9264)
CVE-2024-9264
CWE-138
High
Python Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2024-9287)
CVE-2024-9287
CWE-138
High
Jetty Uncontrolled Resource Consumption Vulnerability (CVE-2024-9823)
CVE-2024-9823
CWE-400
High
WordPress Ultimate Member Plugin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-0308)
CVE-2025-0308
CWE-138
High
PHP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-1735)
CVE-2025-1735
CWE-138
High
PHP Improper Input Validation Vulnerability (CVE-2025-1736)
CVE-2025-1736
CWE-20
High
Jetty Uncontrolled Resource Consumption Vulnerability (CVE-2025-1948)
CVE-2025-1948
CWE-400
High
SharePoint CVE-2025-21344 Vulnerability (CVE-2025-21344)
CVE-2025-21344
-
High
SharePoint CVE-2025-21348 Vulnerability (CVE-2025-21348)
CVE-2025-21348
-
High
SharePoint CVE-2025-21400 Vulnerability (CVE-2025-21400)
CVE-2025-21400
-
High
WebLogic Uncontrolled Resource Consumption Vulnerability (CVE-2025-21549)
CVE-2025-21549
CWE-400
High
Oracle JRE Improper Access Control Vulnerability (CVE-2025-21587)
CVE-2025-21587
CWE-284
High
XWikiplatform Missing Authorization Vulnerability (CVE-2025-23025)
CVE-2025-23025
CWE-862
High
Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2025-23209)
CVE-2025-23209
CWE-94
High
Joomla CVE-2025-25227 Vulnerability (CVE-2025-25227)
CVE-2025-25227
-
High
GibbonEdu Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2025-26211)
CVE-2025-26211
CWE-352
High
Moodle Files or Directories Accessible to External Parties Vulnerability (CVE-2025-26525)
CVE-2025-26525
CWE-552
High