🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Invicti vs. Competitors
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
MSSP
Documentation
Vulnerability Database
Get a demo
Home
/
Web Application Vulnerabilities
/ High Severity
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
High Severity Vulnerabilities
Found
13196 vulnerabilities
at
High
severity.
Vulnerability Name
CVE
CWE
Severity
OpenSSL Improperly Controlled Sequential Memory Allocation Vulnerability (CVE-2026-34183)
CVE-2026-34183
CWE-1325
High
Oracle JRE Uncontrolled Resource Consumption Vulnerability (CVE-2026-34282)
CVE-2026-34282
CWE-400
High
Oracle HTTP Server Improper Access Control Vulnerability (CVE-2026-34291)
CVE-2026-34291
CWE-284
High
WebLogic Improper Access Control Vulnerability (CVE-2026-34292)
CVE-2026-34292
CWE-284
High
WebLogic Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2026-34305)
CVE-2026-34305
CWE-200
High
Apache HTTP Server Heap-based Buffer Overflow Vulnerability (CVE-2026-34355)
CVE-2026-34355
CWE-122
High
Apache HTTP Server Heap-based Buffer Overflow Vulnerability (CVE-2026-34356)
CVE-2026-34356
CWE-122
High
Apache Tomcat Improper Encoding or Escaping of Output Vulnerability (CVE-2026-34483)
CVE-2026-34483
CWE-116
High
Apache Tomcat Missing Encryption of Sensitive Data Vulnerability (CVE-2026-34486)
CVE-2026-34486
CWE-311
High
Apache Tomcat Insertion of Sensitive Information into Log File Vulnerability (CVE-2026-34487)
CVE-2026-34487
CWE-532
High
Chamilo Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2026-34602)
CVE-2026-34602
CWE-639
High
phpMyFAQ Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2026-34728)
CVE-2026-34728
CWE-22
High
Chamilo Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2026-35196)
CVE-2026-35196
CWE-138
High
WebLogic URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2026-35258)
CVE-2026-35258
CWE-601
High
WebLogic URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2026-35259)
CVE-2026-35259
CWE-601
High
WebLogic Missing Authentication for Critical Function Vulnerability (CVE-2026-35299)
CVE-2026-35299
CWE-306
High
WebLogic URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2026-35302)
CVE-2026-35302
CWE-601
High
WebLogic Missing Authentication for Critical Function Vulnerability (CVE-2026-35303)
CVE-2026-35303
CWE-306
High
WebLogic Improper Access Control Vulnerability (CVE-2026-35311)
CVE-2026-35311
CWE-284
High
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2026-35439)
CVE-2026-35439
CWE-502
High
Roundcube Deserialization of Untrusted Data Vulnerability (CVE-2026-35537)
CVE-2026-35537
CWE-502
High
Roundcube Incorrect Resource Transfer Between Spheres Vulnerability (CVE-2026-35545)
CVE-2026-35545
CWE-669
High
Serendipity Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') Vulnerability (CVE-2026-39971)
CVE-2026-39971
CWE-707
High
Jboss EAP Incorrect Authorization Vulnerability (CVE-2026-3009)
CVE-2026-3009
CWE-863
High
Python Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2026-3087)
CVE-2026-3087
CWE-22
High
Jboss EAP Incorrect Privilege Assignment Vulnerability (CVE-2026-3121)
CVE-2026-3121
CWE-266
High
Jboss EAP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-3260)
CVE-2026-3260
CWE-770
High
Python Improper Input Validation Vulnerability (CVE-2026-3644)
CVE-2026-3644
CWE-20
High
Django Authentication Bypass by Spoofing Vulnerability (CVE-2026-3902)
CVE-2026-3902
CWE-290
High
XWikiplatform Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-40104)
CVE-2026-40104
CWE-770
High
Chamilo Improper Privilege Management Vulnerability (CVE-2026-40291)
CVE-2026-40291
CWE-269
High
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2026-40357)
CVE-2026-40357
CWE-502
High
SharePoint Insufficient Granularity of Access Control Vulnerability (CVE-2026-40365)
CVE-2026-40365
CWE-1220
High
SharePoint Untrusted Pointer Dereference Vulnerability (CVE-2026-40367)
CVE-2026-40367
CWE-822
High
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2026-40368)
CVE-2026-40368
CWE-502
High
Joomla Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2026-40384)
CVE-2026-40384
CWE-22
High
math.js Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability (CVE-2026-40897)
CVE-2026-40897
CWE-915
High
math.js Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability (CVE-2026-41139)
CVE-2026-41139
CWE-915
High
Apache Tomcat Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-41284)
CVE-2026-41284
CWE-770
High
axios Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2026-42033)
CVE-2026-42033
CWE-1321
High
axios Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') Vulnerability (CVE-2026-42035)
CVE-2026-42035
CWE-707
High
axios Server-Side Request Forgery (SSRF) Vulnerability (CVE-2026-42038)
CVE-2026-42038
CWE-918
High
axios Uncontrolled Recursion Vulnerability (CVE-2026-42039)
CVE-2026-42039
CWE-674
High
Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2026-42498)
CVE-2026-42498
CWE-200
High
Apache HTTP Server Heap-based Buffer Overflow Vulnerability (CVE-2026-42536)
CVE-2026-42536
CWE-122
High
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2026-42764)
CVE-2026-42764
CWE-476
High
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2026-42765)
CVE-2026-42765
CWE-476
High
Nginx Heap-based Buffer Overflow Vulnerability (CVE-2026-42945)
CVE-2026-42945
CWE-122
High
Apache Tomcat Improper Handling of Case Sensitivity Vulnerability (CVE-2026-43513)
CVE-2026-43513
CWE-178
High
Apache HTTP Server Buffer Over-read Vulnerability (CVE-2026-44185)
CVE-2026-44185
CWE-126
High
Apache HTTP Server Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2026-44186)
CVE-2026-44186
CWE-835
High
axios Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2026-44486)
CVE-2026-44486
CWE-200
High
axios Insertion of Sensitive Information Into Sent Data Vulnerability (CVE-2026-44487)
CVE-2026-44487
CWE-201
High
axios Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-44488)
CVE-2026-44488
CWE-770
High
axios Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2026-44490)
CVE-2026-44490
CWE-1321
High
axios Server-Side Request Forgery (SSRF) Vulnerability (CVE-2026-44492)
CVE-2026-44492
CWE-918
High
axios Unintended Proxy or Intermediary ('Confused Deputy') Vulnerability (CVE-2026-44494)
CVE-2026-44494
CWE-441
High
axios Uncontrolled Resource Consumption Vulnerability (CVE-2026-44496)
CVE-2026-44496
CWE-400
High
Next.js Incorrect Authorization Vulnerability (CVE-2026-44573)
CVE-2026-44573
CWE-863
High
Next.js Authentication Bypass Using an Alternate Path or Channel Vulnerability (CVE-2026-44574)
CVE-2026-44574
CWE-288
High
Next.js Authentication Bypass Using an Alternate Path or Channel Vulnerability (CVE-2026-44575)
CVE-2026-44575
CWE-288
High
Next.js Server-Side Request Forgery (SSRF) Vulnerability (CVE-2026-44578)
CVE-2026-44578
CWE-918
High
Next.js Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-44579)
CVE-2026-44579
CWE-770
High
SharePoint Heap-based Buffer Overflow Vulnerability (CVE-2026-44819)
CVE-2026-44819
CWE-122
High
SharePoint Heap-based Buffer Overflow Vulnerability (CVE-2026-44824)
CVE-2026-44824
CWE-122
High
Next.js Authentication Bypass Using an Alternate Path or Channel Vulnerability (CVE-2026-45109)
CVE-2026-45109
CWE-288
High
OpenSSL Missing Cryptographic Step Vulnerability (CVE-2026-45445)
CVE-2026-45445
CWE-325
High
OpenSSL Use After Free Vulnerability (CVE-2026-45447)
CVE-2026-45447
CWE-416
High
SharePoint Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2026-45454)
CVE-2026-45454
CWE-22
High
SharePoint Access of Resource Using Incompatible Type ('Type Confusion') Vulnerability (CVE-2026-45456)
CVE-2026-45456
CWE-843
High
SharePoint Use After Free Vulnerability (CVE-2026-45458)
CVE-2026-45458
CWE-416
High
SharePoint Untrusted Pointer Dereference Vulnerability (CVE-2026-45471)
CVE-2026-45471
CWE-822
High
SharePoint Heap-based Buffer Overflow Vulnerability (CVE-2026-45475)
CVE-2026-45475
CWE-122
High
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2026-45484)
CVE-2026-45484
CWE-502
High
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2026-45659)
CVE-2026-45659
CWE-502
High
« Previous
1
...
61
62
63
64
65
66
67
68
...
176
Next »
