Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

High Severity Vulnerabilities

Found 13071 vulnerabilities at High severity.

Vulnerability Name
CVE
CWE
Severity
Oracle Database Server Incorrect Authorization Vulnerability (CVE-2025-30751)
CVE-2025-30751
CWE-863
High
WebLogic Missing Authentication for Critical Function Vulnerability (CVE-2025-30762)
CVE-2025-30762
CWE-306
High
Apache Tomcat Incomplete Cleanup Vulnerability (CVE-2025-31650)
CVE-2025-31650
CWE-459
High
Drupal Improper Control of Dynamically-Managed Code Resources Vulnerability (CVE-2025-31674)
CVE-2025-31674
CWE-913
High
Apache Traffic Server Improper Access Control Vulnerability (CVE-2025-31698)
CVE-2025-31698
CWE-284
High
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-32044)
CVE-2025-32044
CWE-200
High
EspoCRM Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2025-32390)
CVE-2025-32390
CWE-138
High
Django Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2025-32873)
CVE-2025-32873
CWE-770
High
XWikiplatform Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-32968)
CVE-2025-32968
CWE-138
High
MongoDb Uncaught Exception Vulnerability (CVE-2025-3083)
CVE-2025-3083
CWE-248
High
Liferay Portal Incorrect Authorization Vulnerability (CVE-2025-3586)
CVE-2025-3586
CWE-863
High
Liferay DXP Incorrect Authorization Vulnerability (CVE-2025-3586)
CVE-2025-3586
CWE-863
High
Moodle Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-3625)
CVE-2025-3625
CWE-639
High
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2025-3638)
CVE-2025-3638
CWE-352
High
Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2025-3641)
CVE-2025-3641
CWE-94
High
Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2025-3642)
CVE-2025-3642
CWE-94
High
LimeSurvey Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2025-41074)
CVE-2025-41074
CWE-835
High
LimeSurvey Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2025-41075)
CVE-2025-41075
CWE-835
High
Liferay Portal Insertion of Sensitive Information Into Sent Data Vulnerability (CVE-2025-43768)
CVE-2025-43768
CWE-201
High
Liferay DXP Insertion of Sensitive Information Into Sent Data Vulnerability (CVE-2025-43768)
CVE-2025-43768
CWE-201
High
Liferay Portal Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-43790)
CVE-2025-43790
CWE-639
High
Liferay DXP Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-43790)
CVE-2025-43790
CWE-639
High
Liferay DXP Improper Validation of Specified Quantity in Input Vulnerability (CVE-2025-43793)
CVE-2025-43793
CWE-1284
High
Liferay Portal Improper Validation of Specified Quantity in Input Vulnerability (CVE-2025-43793)
CVE-2025-43793
CWE-1284
High
Liferay Portal Uncontrolled Resource Consumption Vulnerability (CVE-2025-43796)
CVE-2025-43796
CWE-400
High
Liferay DXP Uncontrolled Resource Consumption Vulnerability (CVE-2025-43796)
CVE-2025-43796
CWE-400
High
Liferay Portal Unchecked Input for Loop Condition Vulnerability (CVE-2025-43801)
CVE-2025-43801
CWE-606
High
Liferay DXP Unchecked Input for Loop Condition Vulnerability (CVE-2025-43801)
CVE-2025-43801
CWE-606
High
Liferay Portal Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2025-43813)
CVE-2025-43813
CWE-22
High
Liferay DXP Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2025-43813)
CVE-2025-43813
CWE-22
High
Liferay DXP Missing Release of Memory after Effective Lifetime Vulnerability (CVE-2025-43816)
CVE-2025-43816
CWE-401
High
Liferay Portal Missing Release of Memory after Effective Lifetime Vulnerability (CVE-2025-43816)
CVE-2025-43816
CWE-401
High
Mailman Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2025-43919)
CVE-2025-43919
CWE-22
High
Mailman Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2025-43920)
CVE-2025-43920
CWE-138
High
Apache Tomcat Improper Handling of Case Sensitivity Vulnerability (CVE-2025-46701)
CVE-2025-46701
CWE-178
High
Craft CMS Improper Neutralization of Special Elements Used in a Template Engine Vulnerability (CVE-2025-46731)
CVE-2025-46731
CWE-138
High
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2025-47163)
CVE-2025-47163
CWE-502
High
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2025-47166)
CVE-2025-47166
CWE-502
High
SharePoint Use After Free Vulnerability (CVE-2025-47168)
CVE-2025-47168
CWE-416
High
SharePoint Heap-based Buffer Overflow Vulnerability (CVE-2025-47169)
CVE-2025-47169
CWE-122
High
SharePoint Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-47172)
CVE-2025-47172
CWE-138
High
Tornado Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2025-47287)
CVE-2025-47287
CWE-770
High
TYPO3 Unverified Ownership Vulnerability (CVE-2025-47940)
CVE-2025-47940
CWE-283
High
TYPO3 Authentication Bypass Using an Alternate Path or Channel Vulnerability (CVE-2025-47941)
CVE-2025-47941
CWE-288
High
XWikiplatform CVE-2025-48063 Vulnerability (CVE-2025-48063)
CVE-2025-48063
-
High
MyBB Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2025-48940)
CVE-2025-48940
CWE-22
High
ReviveAdserver Improper Access Control Vulnerability (CVE-2025-48986)
CVE-2025-48986
CWE-284
High
Apache Tomcat Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2025-48988)
CVE-2025-48988
CWE-770
High
Apache Tomcat Improper Resource Shutdown or Release Vulnerability (CVE-2025-48989)
CVE-2025-48989
CWE-404
High
Roundcube Deserialization of Untrusted Data Vulnerability (CVE-2025-49113)
CVE-2025-49113
CWE-502
High
Apache Tomcat Untrusted Search Path Vulnerability (CVE-2025-49124)
CVE-2025-49124
CWE-426
High
Apache Tomcat Authentication Bypass Using an Alternate Path or Channel Vulnerability (CVE-2025-49125)
CVE-2025-49125
CWE-288
High
XWikiplatform Incorrect Privilege Assignment Vulnerability (CVE-2025-49580)
CVE-2025-49580
CWE-266
High
XWikiplatform Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2025-49581)
CVE-2025-49581
CWE-94
High
XWikiplatform Insufficient UI Warning of Dangerous Operations Vulnerability (CVE-2025-49582)
CVE-2025-49582
CWE-357
High
XWikiplatform Insertion of Sensitive Information Into Sent Data Vulnerability (CVE-2025-49584)
CVE-2025-49584
CWE-201
High
XWikiplatform Insufficient UI Warning of Dangerous Operations Vulnerability (CVE-2025-49585)
CVE-2025-49585
CWE-357
High
XWikiplatform Incorrect Authorization Vulnerability (CVE-2025-49586)
CVE-2025-49586
CWE-863
High
XWikiplatform Insufficient UI Warning of Dangerous Operations Vulnerability (CVE-2025-49587)
CVE-2025-49587
CWE-357
High
Apache HTTP Server Reachable Assertion Vulnerability (CVE-2025-49630)
CVE-2025-49630
CWE-617
High
SharePoint Improper Authorization Vulnerability (CVE-2025-49701)
CVE-2025-49701
CWE-285
High
SharePoint Use After Free Vulnerability (CVE-2025-49703)
CVE-2025-49703
CWE-416
High
SharePoint Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2025-49704)
CVE-2025-49704
CWE-94
High
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2025-49712)
CVE-2025-49712
CWE-502
High
Apache Traffic Server Uncontrolled Resource Consumption Vulnerability (CVE-2025-49763)
CVE-2025-49763
CWE-400
High
Apache HTTP Server Improper Authentication Vulnerability (CVE-2025-49812)
CVE-2025-49812
CWE-287
High
Next.js Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2025-49826)
CVE-2025-49826
-
High
Liferay DXP Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-4581)
CVE-2025-4581
CWE-918
High
Liferay Portal Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-4581)
CVE-2025-4581
CWE-918
High
Oracle JRE Improper Access Control Vulnerability (CVE-2025-50059)
CVE-2025-50059
CWE-284
High
Oracle JRE CVE-2025-50106 Vulnerability (CVE-2025-50106)
CVE-2025-50106
-
High
Chamilo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-50188)
CVE-2025-50188
CWE-138
High
Chamilo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-50189)
CVE-2025-50189
CWE-138
High
Chamilo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-50191)
CVE-2025-50191
CWE-138
High
Chamilo Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2025-50193)
CVE-2025-50193
CWE-138
High