🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Invicti vs. Competitors
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
MSSP
Documentation
Vulnerability Database
Get a demo
Home
/
Web Application Vulnerabilities
/ High Severity
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
High Severity Vulnerabilities
Found
13196 vulnerabilities
at
High
severity.
Vulnerability Name
CVE
CWE
Severity
Tornado Uncontrolled Resource Consumption Vulnerability (CVE-2025-67725)
CVE-2025-67725
CWE-400
High
Tornado Uncontrolled Resource Consumption Vulnerability (CVE-2025-67726)
CVE-2025-67726
CWE-400
High
React Deserialization of Untrusted Data Vulnerability (CVE-2025-67779)
CVE-2025-67779
CWE-502
High
Next.js Deserialization of Untrusted Data Vulnerability (CVE-2025-67779)
CVE-2025-67779
CWE-502
High
Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2025-67847)
CVE-2025-67847
CWE-94
High
Moodle Improper Handling of Insufficient Permissions or Privileges Vulnerability (CVE-2025-67848)
CVE-2025-67848
CWE-280
High
Moodle Improper Neutralization of Formula Elements in a CSV File Vulnerability (CVE-2025-67851)
CVE-2025-67851
CWE-1236
High
Moodle Improper Restriction of Excessive Authentication Attempts Vulnerability (CVE-2025-67853)
CVE-2025-67853
CWE-307
High
Craft CMS Improper Neutralization of Special Elements Used in a Template Engine Vulnerability (CVE-2025-68454)
CVE-2025-68454
CWE-138
High
Craft CMS Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') Vulnerability (CVE-2025-68455)
CVE-2025-68455
CWE-470
High
Roundcube Improper Encoding or Escaping of Output Vulnerability (CVE-2025-68460)
CVE-2025-68460
CWE-116
High
phpMyFAQ Exposure of Sensitive Information Through Data Queries Vulnerability (CVE-2025-69200)
CVE-2025-69200
CWE-202
High
OpenSSL Out-of-bounds Write Vulnerability (CVE-2025-69419)
CVE-2025-69419
CWE-787
High
OpenSSL Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2025-69420)
CVE-2025-69420
CWE-754
High
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2025-69421)
CVE-2025-69421
CWE-476
High
MongoDb Use After Free Vulnerability (CVE-2025-6706)
CVE-2025-6706
CWE-416
High
MongoDb CVE-2025-6709 Vulnerability (CVE-2025-6709)
CVE-2025-6709
-
High
MongoDb Uncontrolled Recursion Vulnerability (CVE-2025-6710)
CVE-2025-6710
CWE-674
High
MongoDb Excessive Iteration Vulnerability (CVE-2025-6714)
CVE-2025-6714
CWE-834
High
phpBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2025-70810)
CVE-2025-70810
CWE-352
High
Sqlite Improper Clearing of Heap Memory Before Release ('Heap Inspection') Vulnerability (CVE-2025-70873)
CVE-2025-70873
CWE-244
High
Jboss EAP Improper Resource Shutdown or Release Vulnerability (CVE-2025-9784)
CVE-2025-9784
CWE-404
High
TYPO3 Deserialization of Untrusted Data Vulnerability (CVE-2026-0859)
CVE-2026-0859
CWE-502
High
Sqlite Heap-based Buffer Overflow Vulnerability (CVE-2026-11822)
CVE-2026-11822
CWE-122
High
Sqlite Heap-based Buffer Overflow Vulnerability (CVE-2026-11824)
CVE-2026-11824
CWE-122
High
Django Inefficient Algorithmic Complexity Vulnerability (CVE-2026-1285)
CVE-2026-1285
CWE-407
High
Jetty Missing Release of Memory after Effective Lifetime Vulnerability (CVE-2026-1605)
CVE-2026-1605
CWE-401
High
MongoDb Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-1847)
CVE-2026-1847
CWE-770
High
MongoDb Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-1848)
CVE-2026-1848
CWE-770
High
MongoDb Uncontrolled Recursion Vulnerability (CVE-2026-1849)
CVE-2026-1849
CWE-674
High
MongoDb Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-1850)
CVE-2026-1850
CWE-770
High
SharePoint Untrusted Search Path Vulnerability (CVE-2026-20943)
CVE-2026-20943
CWE-426
High
SharePoint Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-20947)
CVE-2026-20947
CWE-138
High
SharePoint Untrusted Pointer Dereference Vulnerability (CVE-2026-20948)
CVE-2026-20948
CWE-822
High
SharePoint Improper Input Validation Vulnerability (CVE-2026-20951)
CVE-2026-20951
CWE-20
High
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2026-20963)
CVE-2026-20963
CWE-502
High
SharePoint Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2026-21260)
CVE-2026-21260
CWE-200
High
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2026-21511)
CVE-2026-21511
CWE-502
High
Joomla Improper Access Control Vulnerability (CVE-2026-21629)
CVE-2026-21629
CWE-284
High
Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-21630)
CVE-2026-21630
CWE-138
High
CubeCart Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2026-21719)
CVE-2026-21719
CWE-138
High
Grafana Uncontrolled Resource Consumption Vulnerability (CVE-2026-21720)
CVE-2026-21720
CWE-400
High
Grafana Incorrect Authorization Vulnerability (CVE-2026-21721)
CVE-2026-21721
CWE-863
High
Oracle JRE CVE-2026-21932 Vulnerability (CVE-2026-21932)
CVE-2026-21932
-
High
Oracle Database Server CVE-2026-21939 Vulnerability (CVE-2026-21939)
CVE-2026-21939
-
High
Oracle JRE Uncontrolled Resource Consumption Vulnerability (CVE-2026-21945)
CVE-2026-21945
CWE-400
High
Oracle JRE Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2026-22016)
CVE-2026-22016
CWE-200
High
osTicket Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2026-22200)
CVE-2026-22200
CWE-138
High
Dolibarr Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-22666)
CVE-2026-22666
CWE-94
High
Spring Cloud Gateway External Control of System or Configuration Setting Vulnerability (CVE-2026-22750)
CVE-2026-22750
CWE-15
High
Skipper Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-23742)
CVE-2026-23742
CWE-94
High
React Uncontrolled Resource Consumption Vulnerability (CVE-2026-23864)
CVE-2026-23864
CWE-400
High
Joomla External Control of File Name or Path Vulnerability (CVE-2026-23898)
CVE-2026-23898
CWE-73
High
Joomla Improper Access Control Vulnerability (CVE-2026-23899)
CVE-2026-23899
CWE-284
High
Apache HTTP Server Double Free Vulnerability (CVE-2026-23918)
CVE-2026-23918
CWE-415
High
Apache HTTP Server Improper Privilege Management Vulnerability (CVE-2026-24072)
CVE-2026-24072
CWE-269
High
phpMyFAQ CVE-2026-24422 Vulnerability (CVE-2026-24422)
CVE-2026-24422
-
High
Skipper Unintended Proxy or Intermediary ('Confused Deputy') Vulnerability (CVE-2026-24470)
CVE-2026-24470
CWE-441
High
Apache Tomcat CVE-2026-24734 Vulnerability (CVE-2026-24734)
CVE-2026-24734
-
High
Apache Tomcat Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2026-24880)
CVE-2026-24880
-
High
Craft CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-25495)
CVE-2026-25495
CWE-138
High
Craft CMS Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2026-25497)
CVE-2026-25497
CWE-639
High
Craft CMS Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') Vulnerability (CVE-2026-25498)
CVE-2026-25498
CWE-470
High
axios Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2026-25639)
CVE-2026-25639
CWE-754
High
Django Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-25673)
CVE-2026-25673
CWE-770
High
Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-26045)
CVE-2026-26045
CWE-94
High
Moodle Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2026-26046)
CVE-2026-26046
CWE-138
High
SharePoint CVE-2026-26106 Vulnerability (CVE-2026-26106)
CVE-2026-26106
-
High
SharePoint Other Vulnerability (CVE-2026-26113)
CVE-2026-26113
-
High
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2026-26114)
CVE-2026-26114
CWE-502
High
Envoy Proxy Incorrect Authorization Vulnerability (CVE-2026-26308)
CVE-2026-26308
CWE-863
High
Envoy Proxy CVE-2026-26310 Vulnerability (CVE-2026-26310)
CVE-2026-26310
-
High
Envoy Proxy Use After Free Vulnerability (CVE-2026-26330)
CVE-2026-26330
CWE-416
High
Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-27099)
CVE-2026-27099
CWE-707
High
Underscore.js Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-27601)
CVE-2026-27601
CWE-770
High
« Previous
1
...
59
60
61
62
63
64
65
66
...
176
Next »
