Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

High Severity Vulnerabilities

Found 13196 vulnerabilities at High severity.

Vulnerability Name
CVE
CWE
Severity
Piwigo Missing Authorization Vulnerability (CVE-2026-27833)
CVE-2026-27833
CWE-862
High
Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-27834)
CVE-2026-27834
CWE-138
High
phpMyFAQ Missing Authorization Vulnerability (CVE-2026-27836)
CVE-2026-27836
CWE-862
High
Grafana CVE-2026-27877 Vulnerability (CVE-2026-27877)
CVE-2026-27877
-
High
Grafana Out-of-bounds Write Vulnerability (CVE-2026-27880)
CVE-2026-27880
CWE-787
High
Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-27885)
CVE-2026-27885
CWE-138
High
Next.js Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-27979)
CVE-2026-27979
CWE-770
High
Next.js Uncontrolled Resource Consumption Vulnerability (CVE-2026-27980)
CVE-2026-27980
CWE-400
High
OpenSSL Use After Free Vulnerability (CVE-2026-28387)
CVE-2026-28387
CWE-416
High
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2026-28388)
CVE-2026-28388
CWE-476
High
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2026-28389)
CVE-2026-28389
CWE-476
High
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2026-28390)
CVE-2026-28390
CWE-476
High
Craft CMS Improper Neutralization of Special Elements Used in a Template Engine Vulnerability (CVE-2026-28695)
CVE-2026-28695
CWE-138
High
Craft CMS Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2026-28696)
CVE-2026-28696
CWE-639
High
Craft CMS Improper Neutralization of Special Elements Used in a Template Engine Vulnerability (CVE-2026-28784)
CVE-2026-28784
CWE-138
High
Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2026-29041)
CVE-2026-29041
CWE-434
High
Apache Tomcat Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2026-29129)
CVE-2026-29129
CWE-327
High
Apache Tomcat Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2026-29146)
CVE-2026-29146
CWE-209
High
Apache HTTP Server Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-29168)
CVE-2026-29168
CWE-770
High
Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2026-29169)
CVE-2026-29169
CWE-476
High
phpBB Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2026-29199)
CVE-2026-29199
CWE-640
High
PostgreSQL Improper Validation of Specified Type of Input Vulnerability (CVE-2026-2004)
CVE-2026-2004
CWE-1287
High
PostgreSQL Heap-based Buffer Overflow Vulnerability (CVE-2026-2005)
CVE-2026-2005
CWE-122
High
PostgreSQL Improper Validation of Array Index Vulnerability (CVE-2026-2006)
CVE-2026-2006
CWE-129
High
PostgreSQL Heap-based Buffer Overflow Vulnerability (CVE-2026-2007)
CVE-2026-2007
CWE-122
High
markdown-it Inefficient Regular Expression Complexity Vulnerability (CVE-2026-2327)
CVE-2026-2327
CWE-1333
High
Caddy Web Server Improper Authentication Vulnerability (CVE-2026-30851)
CVE-2026-30851
CWE-287
High
Caddy Web Server Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2026-30852)
CVE-2026-30852
CWE-138
High
Chamilo Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-30875)
CVE-2026-30875
CWE-94
High
Chamilo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-30881)
CVE-2026-30881
CWE-138
High
Dolibarr Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-31018)
CVE-2026-31018
CWE-94
High
Dolibarr Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2026-31019)
CVE-2026-31019
CWE-138
High
LiteSpeed Web Server Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2026-31386)
CVE-2026-31386
CWE-138
High
OpenSSL Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2026-31790)
CVE-2026-31790
CWE-754
High
Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-31857)
CVE-2026-31857
CWE-94
High
Craft CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-31858)
CVE-2026-31858
CWE-138
High
Chamilo Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2026-31939)
CVE-2026-31939
CWE-22
High
Chamilo Session Fixation Vulnerability (CVE-2026-31940)
CVE-2026-31940
CWE-384
High
Tornado Uncontrolled Resource Consumption Vulnerability (CVE-2026-31958)
CVE-2026-31958
CWE-400
High
Craft CMS Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') Vulnerability (CVE-2026-32263)
CVE-2026-32263
CWE-470
High
Craft CMS Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') Vulnerability (CVE-2026-32264)
CVE-2026-32264
CWE-470
High
Squid Improper Resource Locking Vulnerability (CVE-2026-32748)
CVE-2026-32748
CWE-413
High
Chamilo Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2026-32892)
CVE-2026-32892
CWE-138
High
Chamilo NULL Pointer Dereference Vulnerability (CVE-2026-32894)
CVE-2026-32894
CWE-476
High
Chamilo Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2026-32930)
CVE-2026-32930
CWE-639
High
Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2026-32931)
CVE-2026-32931
CWE-434
High
Jenkins Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2026-33001)
CVE-2026-33001
CWE-59
High
Jenkins Reliance on Reverse DNS Resolution for a Security-Critical Action Vulnerability (CVE-2026-33002)
CVE-2026-33002
CWE-350
High
Django Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-33034)
CVE-2026-33034
CWE-770
High
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2026-33110)
CVE-2026-33110
CWE-502
High
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2026-33112)
CVE-2026-33112
CWE-502
High
Craft CMS Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') Vulnerability (CVE-2026-33157)
CVE-2026-33157
CWE-470
High
Ruby on Rails Memory Allocation with Excessive Size Value Vulnerability (CVE-2026-33174)
CVE-2026-33174
CWE-789
High
Ruby on Rails Uncontrolled Resource Consumption Vulnerability (CVE-2026-33176)
CVE-2026-33176
CWE-400
High
Grafana Insecure Default Initialization of Resource Vulnerability (CVE-2026-33376)
CVE-2026-33376
CWE-1188
High
Grafana Improper Authentication Vulnerability (CVE-2026-33377)
CVE-2026-33377
CWE-287
High
Grafana Improper Access Control Vulnerability (CVE-2026-33381)
CVE-2026-33381
CWE-284
High
Squid Use After Free Vulnerability (CVE-2026-33526)
CVE-2026-33526
CWE-416
High
Chamilo Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2026-33702)
CVE-2026-33702
CWE-639
High
Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2026-33704)
CVE-2026-33704
CWE-434
High
Chamilo Improper Privilege Management Vulnerability (CVE-2026-33706)
CVE-2026-33706
CWE-269
High
Chamilo Use of Insufficiently Random Values Vulnerability (CVE-2026-33710)
CVE-2026-33710
CWE-330
High
EspoCRM Relative Path Traversal Vulnerability (CVE-2026-33733)
CVE-2026-33733
CWE-23
High
Handlebars Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-33938)
CVE-2026-33938
CWE-94
High
Handlebars Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2026-33939)
CVE-2026-33939
CWE-754
High
Handlebars Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-33940)
CVE-2026-33940
CWE-94
High
Handlebars Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-33941)
CVE-2026-33941
CWE-707
High
Apache HTTP Server Buffer Over-read Vulnerability (CVE-2026-34059)
CVE-2026-34059
CWE-126
High
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2026-34087)
CVE-2026-34087
CWE-200
High
MediaWiki CVE-2026-34088 Vulnerability (CVE-2026-34088)
CVE-2026-34088
-
High
MediaWiki CVE-2026-34091 Vulnerability (CVE-2026-34091)
CVE-2026-34091
-
High
MediaWiki CVE-2026-34092 Vulnerability (CVE-2026-34092)
CVE-2026-34092
-
High
Chamilo Missing Authentication for Critical Function Vulnerability (CVE-2026-34160)
CVE-2026-34160
CWE-306
High
OpenSSL Out-of-bounds Read Vulnerability (CVE-2026-34180)
CVE-2026-34180
CWE-125
High
OpenSSL Improper Validation of Integrity Check Value Vulnerability (CVE-2026-34181)
CVE-2026-34181
CWE-354
High