Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

High Severity Vulnerabilities

Found 13071 vulnerabilities at High severity.

Vulnerability Name
CVE
CWE
Severity
Next.js Uncontrolled Resource Consumption Vulnerability (CVE-2026-27980)
CVE-2026-27980
CWE-400
High
OpenSSL Use After Free Vulnerability (CVE-2026-28387)
CVE-2026-28387
CWE-416
High
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2026-28388)
CVE-2026-28388
CWE-476
High
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2026-28389)
CVE-2026-28389
CWE-476
High
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2026-28390)
CVE-2026-28390
CWE-476
High
Craft CMS Improper Neutralization of Special Elements Used in a Template Engine Vulnerability (CVE-2026-28695)
CVE-2026-28695
CWE-138
High
Craft CMS Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2026-28696)
CVE-2026-28696
CWE-639
High
Craft CMS Improper Neutralization of Special Elements Used in a Template Engine Vulnerability (CVE-2026-28784)
CVE-2026-28784
CWE-138
High
Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2026-29041)
CVE-2026-29041
CWE-434
High
Apache Tomcat Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2026-29129)
CVE-2026-29129
CWE-327
High
Apache Tomcat Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2026-29146)
CVE-2026-29146
CWE-209
High
PostgreSQL Improper Validation of Specified Type of Input Vulnerability (CVE-2026-2004)
CVE-2026-2004
CWE-1287
High
PostgreSQL Heap-based Buffer Overflow Vulnerability (CVE-2026-2005)
CVE-2026-2005
CWE-122
High
PostgreSQL Improper Validation of Array Index Vulnerability (CVE-2026-2006)
CVE-2026-2006
CWE-129
High
PostgreSQL Heap-based Buffer Overflow Vulnerability (CVE-2026-2007)
CVE-2026-2007
CWE-122
High
markdown-it Inefficient Regular Expression Complexity Vulnerability (CVE-2026-2327)
CVE-2026-2327
CWE-1333
High
Caddy Web Server Improper Authentication Vulnerability (CVE-2026-30851)
CVE-2026-30851
CWE-287
High
Caddy Web Server Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2026-30852)
CVE-2026-30852
CWE-138
High
Chamilo Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-30875)
CVE-2026-30875
CWE-94
High
Chamilo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-30881)
CVE-2026-30881
CWE-138
High
Dolibarr Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-31018)
CVE-2026-31018
CWE-94
High
Dolibarr Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2026-31019)
CVE-2026-31019
CWE-138
High
OpenSSL Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2026-31790)
CVE-2026-31790
CWE-754
High
Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-31857)
CVE-2026-31857
CWE-94
High
Craft CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-31858)
CVE-2026-31858
CWE-138
High
Chamilo Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2026-31939)
CVE-2026-31939
CWE-22
High
Chamilo Session Fixation Vulnerability (CVE-2026-31940)
CVE-2026-31940
CWE-384
High
Tornado Uncontrolled Resource Consumption Vulnerability (CVE-2026-31958)
CVE-2026-31958
CWE-400
High
Craft CMS Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') Vulnerability (CVE-2026-32263)
CVE-2026-32263
CWE-470
High
Craft CMS Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') Vulnerability (CVE-2026-32264)
CVE-2026-32264
CWE-470
High
Squid Improper Resource Locking Vulnerability (CVE-2026-32748)
CVE-2026-32748
CWE-413
High
Chamilo Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2026-32892)
CVE-2026-32892
CWE-138
High
Chamilo NULL Pointer Dereference Vulnerability (CVE-2026-32894)
CVE-2026-32894
CWE-476
High
Chamilo Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2026-32930)
CVE-2026-32930
CWE-639
High
Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2026-32931)
CVE-2026-32931
CWE-434
High
Jenkins Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2026-33001)
CVE-2026-33001
CWE-59
High
Jenkins Reliance on Reverse DNS Resolution for a Security-Critical Action Vulnerability (CVE-2026-33002)
CVE-2026-33002
CWE-350
High
Django Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-33034)
CVE-2026-33034
CWE-770
High
Craft CMS Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') Vulnerability (CVE-2026-33157)
CVE-2026-33157
CWE-470
High
Ruby on Rails Memory Allocation with Excessive Size Value Vulnerability (CVE-2026-33174)
CVE-2026-33174
CWE-789
High
Ruby on Rails Uncontrolled Resource Consumption Vulnerability (CVE-2026-33176)
CVE-2026-33176
CWE-400
High
Squid Use After Free Vulnerability (CVE-2026-33526)
CVE-2026-33526
CWE-416
High
Chamilo Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2026-33702)
CVE-2026-33702
CWE-639
High
Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2026-33704)
CVE-2026-33704
CWE-434
High
Chamilo Improper Privilege Management Vulnerability (CVE-2026-33706)
CVE-2026-33706
CWE-269
High
Chamilo Use of Insufficiently Random Values Vulnerability (CVE-2026-33710)
CVE-2026-33710
CWE-330
High
Handlebars Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-33938)
CVE-2026-33938
CWE-94
High
Handlebars Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2026-33939)
CVE-2026-33939
CWE-754
High
Handlebars Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-33940)
CVE-2026-33940
CWE-94
High
Handlebars Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-33941)
CVE-2026-33941
CWE-707
High
Chamilo Missing Authentication for Critical Function Vulnerability (CVE-2026-34160)
CVE-2026-34160
CWE-306
High
Apache Tomcat Improper Encoding or Escaping of Output Vulnerability (CVE-2026-34483)
CVE-2026-34483
CWE-116
High
Apache Tomcat Missing Encryption of Sensitive Data Vulnerability (CVE-2026-34486)
CVE-2026-34486
CWE-311
High
Apache Tomcat Insertion of Sensitive Information into Log File Vulnerability (CVE-2026-34487)
CVE-2026-34487
CWE-532
High
Chamilo Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2026-34602)
CVE-2026-34602
CWE-639
High
phpMyFAQ Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2026-34728)
CVE-2026-34728
CWE-22
High
Chamilo Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2026-35196)
CVE-2026-35196
CWE-138
High
Roundcube Deserialization of Untrusted Data Vulnerability (CVE-2026-35537)
CVE-2026-35537
CWE-502
High
Roundcube Incorrect Resource Transfer Between Spheres Vulnerability (CVE-2026-35545)
CVE-2026-35545
CWE-669
High
Serendipity Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') Vulnerability (CVE-2026-39971)
CVE-2026-39971
CWE-707
High
Jboss EAP Incorrect Authorization Vulnerability (CVE-2026-3009)
CVE-2026-3009
CWE-863
High
Jboss EAP Incorrect Privilege Assignment Vulnerability (CVE-2026-3121)
CVE-2026-3121
CWE-266
High
Jboss EAP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-3260)
CVE-2026-3260
CWE-770
High
Django Authentication Bypass by Spoofing Vulnerability (CVE-2026-3902)
CVE-2026-3902
CWE-290
High
XWikiplatform Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-40104)
CVE-2026-40104
CWE-770
High
Chamilo Improper Privilege Management Vulnerability (CVE-2026-40291)
CVE-2026-40291
CWE-269
High
MongoDb Use After Free Vulnerability (CVE-2026-4148)
CVE-2026-4148
CWE-416
High
MongoDb Double Free Vulnerability (CVE-2026-4358)
CVE-2026-4358
CWE-415
High
Jetty Sensitive Information in Resource Not Removed Before Reuse Vulnerability (CVE-2026-5795)
CVE-2026-5795
CWE-226
High
WordPress 0.7 Posts SQL Injection Vulnerability (0.7)
CVE-2003-1598
CWE-89
High
WordPress 'blog.header.php' Multiple SQL Injection Vulnerabilities (0.6.2 - 0.71)
-
CWE-89
High
WordPress Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (1.2.1 - 1.2.2)
-
CWE-89
High
WordPress Multiple Cross-Site Scripting Vulnerabilities (1.2 - 1.2.1)
-
CWE-79
High
WordPress 'wp-login.php' HTTP Response Splitting Vulnerability (1.2)
CVE-2004-1584
CWE-113
High
WordPress 1.5.1.2 Multiple Vulnerabilities (1.0 - 1.5.1.2)
CVE-2005-2110
CWE-702
High