Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

High Severity Vulnerabilities

Found 13071 vulnerabilities at High severity.

Vulnerability Name
CVE
CWE
Severity
Tornado Uncontrolled Resource Consumption Vulnerability (CVE-2025-67726)
CVE-2025-67726
CWE-400
High
React Deserialization of Untrusted Data Vulnerability (CVE-2025-67779)
CVE-2025-67779
CWE-502
High
Next.js Deserialization of Untrusted Data Vulnerability (CVE-2025-67779)
CVE-2025-67779
CWE-502
High
Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2025-67847)
CVE-2025-67847
CWE-94
High
Moodle Improper Handling of Insufficient Permissions or Privileges Vulnerability (CVE-2025-67848)
CVE-2025-67848
CWE-280
High
Moodle Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2025-67851)
CVE-2025-67851
CWE-1236
High
Moodle Improper Restriction of Excessive Authentication Attempts Vulnerability (CVE-2025-67853)
CVE-2025-67853
CWE-307
High
Craft CMS Improper Neutralization of Special Elements Used in a Template Engine Vulnerability (CVE-2025-68454)
CVE-2025-68454
CWE-138
High
Craft CMS Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') Vulnerability (CVE-2025-68455)
CVE-2025-68455
CWE-470
High
Roundcube Improper Encoding or Escaping of Output Vulnerability (CVE-2025-68460)
CVE-2025-68460
CWE-116
High
phpMyFAQ Exposure of Sensitive Information Through Data Queries Vulnerability (CVE-2025-69200)
CVE-2025-69200
CWE-202
High
OpenSSL Out-of-bounds Write Vulnerability (CVE-2025-69419)
CVE-2025-69419
CWE-787
High
OpenSSL Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2025-69420)
CVE-2025-69420
CWE-754
High
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2025-69421)
CVE-2025-69421
CWE-476
High
MongoDb Use After Free Vulnerability (CVE-2025-6706)
CVE-2025-6706
CWE-416
High
MongoDb CVE-2025-6709 Vulnerability (CVE-2025-6709)
CVE-2025-6709
-
High
MongoDb Uncontrolled Recursion Vulnerability (CVE-2025-6710)
CVE-2025-6710
CWE-674
High
MongoDb Excessive Iteration Vulnerability (CVE-2025-6714)
CVE-2025-6714
CWE-834
High
phpBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2025-70810)
CVE-2025-70810
CWE-352
High
Sqlite Improper Clearing of Heap Memory Before Release ('Heap Inspection') Vulnerability (CVE-2025-70873)
CVE-2025-70873
CWE-244
High
Jboss EAP Improper Resource Shutdown or Release Vulnerability (CVE-2025-9784)
CVE-2025-9784
CWE-404
High
TYPO3 Deserialization of Untrusted Data Vulnerability (CVE-2026-0859)
CVE-2026-0859
CWE-502
High
Django Inefficient Algorithmic Complexity Vulnerability (CVE-2026-1285)
CVE-2026-1285
CWE-407
High
Jetty Missing Release of Memory after Effective Lifetime Vulnerability (CVE-2026-1605)
CVE-2026-1605
CWE-401
High
MongoDb Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-1847)
CVE-2026-1847
CWE-770
High
MongoDb Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-1848)
CVE-2026-1848
CWE-770
High
MongoDb Uncontrolled Recursion Vulnerability (CVE-2026-1849)
CVE-2026-1849
CWE-674
High
MongoDb Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-1850)
CVE-2026-1850
CWE-770
High
SharePoint Untrusted Search Path Vulnerability (CVE-2026-20943)
CVE-2026-20943
CWE-426
High
SharePoint Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-20947)
CVE-2026-20947
CWE-138
High
SharePoint Untrusted Pointer Dereference Vulnerability (CVE-2026-20948)
CVE-2026-20948
CWE-822
High
SharePoint Improper Input Validation Vulnerability (CVE-2026-20951)
CVE-2026-20951
CWE-20
High
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2026-20963)
CVE-2026-20963
CWE-502
High
SharePoint Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2026-21260)
CVE-2026-21260
CWE-200
High
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2026-21511)
CVE-2026-21511
CWE-502
High
Joomla Improper Access Control Vulnerability (CVE-2026-21629)
CVE-2026-21629
CWE-284
High
Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-21630)
CVE-2026-21630
CWE-138
High
CubeCart Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2026-21719)
CVE-2026-21719
CWE-138
High
Grafana Uncontrolled Resource Consumption Vulnerability (CVE-2026-21720)
CVE-2026-21720
CWE-400
High
Grafana Incorrect Authorization Vulnerability (CVE-2026-21721)
CVE-2026-21721
CWE-863
High
Oracle JRE CVE-2026-21932 Vulnerability (CVE-2026-21932)
CVE-2026-21932
-
High
Oracle Database Server CVE-2026-21939 Vulnerability (CVE-2026-21939)
CVE-2026-21939
-
High
Oracle JRE Uncontrolled Resource Consumption Vulnerability (CVE-2026-21945)
CVE-2026-21945
CWE-400
High
osTicket Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2026-22200)
CVE-2026-22200
CWE-138
High
Dolibarr Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-22666)
CVE-2026-22666
CWE-94
High
Skipper Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-23742)
CVE-2026-23742
CWE-94
High
React Uncontrolled Resource Consumption Vulnerability (CVE-2026-23864)
CVE-2026-23864
CWE-400
High
Joomla External Control of File Name or Path Vulnerability (CVE-2026-23898)
CVE-2026-23898
CWE-73
High
Joomla Improper Access Control Vulnerability (CVE-2026-23899)
CVE-2026-23899
CWE-284
High
phpMyFAQ CVE-2026-24422 Vulnerability (CVE-2026-24422)
CVE-2026-24422
-
High
Skipper Unintended Proxy or Intermediary ('Confused Deputy') Vulnerability (CVE-2026-24470)
CVE-2026-24470
CWE-441
High
Apache Tomcat CVE-2026-24734 Vulnerability (CVE-2026-24734)
CVE-2026-24734
-
High
Apache Tomcat Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2026-24880)
CVE-2026-24880
-
High
Craft CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-25495)
CVE-2026-25495
CWE-138
High
Craft CMS Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2026-25497)
CVE-2026-25497
CWE-639
High
Craft CMS Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') Vulnerability (CVE-2026-25498)
CVE-2026-25498
CWE-470
High
axios Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2026-25639)
CVE-2026-25639
CWE-754
High
Django Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-25673)
CVE-2026-25673
CWE-770
High
Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-26045)
CVE-2026-26045
CWE-94
High
Moodle Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2026-26046)
CVE-2026-26046
CWE-138
High
SharePoint CVE-2026-26106 Vulnerability (CVE-2026-26106)
CVE-2026-26106
-
High
SharePoint Other Vulnerability (CVE-2026-26113)
CVE-2026-26113
-
High
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2026-26114)
CVE-2026-26114
CWE-502
High
Envoy Proxy Incorrect Authorization Vulnerability (CVE-2026-26308)
CVE-2026-26308
CWE-863
High
Envoy Proxy CVE-2026-26310 Vulnerability (CVE-2026-26310)
CVE-2026-26310
-
High
Envoy Proxy Use After Free Vulnerability (CVE-2026-26330)
CVE-2026-26330
CWE-416
High
Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-27099)
CVE-2026-27099
CWE-707
High
Underscore.js Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-27601)
CVE-2026-27601
CWE-770
High
Piwigo Missing Authorization Vulnerability (CVE-2026-27833)
CVE-2026-27833
CWE-862
High
Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-27834)
CVE-2026-27834
CWE-138
High
phpMyFAQ Missing Authorization Vulnerability (CVE-2026-27836)
CVE-2026-27836
CWE-862
High
Grafana CVE-2026-27877 Vulnerability (CVE-2026-27877)
CVE-2026-27877
-
High
Grafana Out-of-bounds Write Vulnerability (CVE-2026-27880)
CVE-2026-27880
CWE-787
High
Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-27885)
CVE-2026-27885
CWE-138
High
Next.js Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-27979)
CVE-2026-27979
CWE-770
High