Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

Medium Severity Vulnerabilities

Found 8230 vulnerabilities at Medium severity.

Vulnerability Name
CVE
CWE
Severity
PHP Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2024-8925)
CVE-2024-8925
-
Medium
PHP Out-of-bounds Read Vulnerability (CVE-2024-8929)
CVE-2024-8929
CWE-125
Medium
Liferay DXP Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-8980)
CVE-2024-8980
CWE-352
Medium
Liferay Portal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-8980)
CVE-2024-8980
CWE-352
Medium
WordPress Ultimate Member Plugin CVE-2025-0318 Vulnerability (CVE-2025-0318)
CVE-2025-0318
-
Medium
PHP Inaccurate Comments Vulnerability (CVE-2025-1219)
CVE-2025-1219
CWE-1116
Medium
PHP Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-1220)
CVE-2025-1220
CWE-918
Medium
Nginx Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2025-1695)
CVE-2025-1695
CWE-835
Medium
PHP Improper Input Validation Vulnerability (CVE-2025-1734)
CVE-2025-1734
CWE-20
Medium
Opencart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-1746)
CVE-2025-1746
CWE-707
Medium
Opencart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-1747)
CVE-2025-1747
CWE-707
Medium
Opencart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-1748)
CVE-2025-1748
CWE-707
Medium
Opencart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-1749)
CVE-2025-1749
CWE-707
Medium
SharePoint CVE-2025-21393 Vulnerability (CVE-2025-21393)
CVE-2025-21393
-
Medium
Oracle HTTP Server Missing Authorization Vulnerability (CVE-2025-21498)
CVE-2025-21498
CWE-862
Medium
Oracle JRE Incorrect Authorization Vulnerability (CVE-2025-21502)
CVE-2025-21502
CWE-863
Medium
PrestaShop Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2025-25691)
CVE-2025-25691
CWE-138
Medium
PrestaShop Deserialization of Untrusted Data Vulnerability (CVE-2025-25692)
CVE-2025-25692
CWE-502
Medium
osTicket Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-26241)
CVE-2025-26241
CWE-138
Medium
Moodle Incorrect Authorization Vulnerability (CVE-2025-26526)
CVE-2025-26526
CWE-863
Medium
Moodle Exposure of Sensitive Information Through Metadata Vulnerability (CVE-2025-26527)
CVE-2025-26527
CWE-1230
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-26528)
CVE-2025-26528
CWE-707
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-26529)
CVE-2025-26529
CWE-707
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-26530)
CVE-2025-26530
CWE-707
Medium
Moodle Incorrect Authorization Vulnerability (CVE-2025-26531)
CVE-2025-26531
CWE-863
Medium
Moodle Incorrect Authorization Vulnerability (CVE-2025-26532)
CVE-2025-26532
CWE-863
Medium
GeoServer Missing Authorization Vulnerability (CVE-2025-27505)
CVE-2025-27505
CWE-862
Medium
Jenkins Cleartext Storage of Sensitive Information Vulnerability (CVE-2025-27622)
CVE-2025-27622
CWE-312
Medium
Jenkins Cleartext Storage of Sensitive Information Vulnerability (CVE-2025-27623)
CVE-2025-27623
CWE-312
Medium
Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2025-27624)
CVE-2025-27624
CWE-352
Medium
Jenkins URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2025-27625)
CVE-2025-27625
CWE-601
Medium
phpList Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-28073)
CVE-2025-28073
CWE-707
Medium
phpList Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-28074)
CVE-2025-28074
CWE-707
Medium
Sqlite Integer Overflow or Wraparound Vulnerability (CVE-2025-29088)
CVE-2025-29088
CWE-190
Medium
XWikiplatform Other Vulnerability (CVE-2025-29925)
CVE-2025-29925
-
Medium
Next.js Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-30218)
CVE-2025-30218
CWE-200
Medium
Oracle JRE Improper Access Control Vulnerability (CVE-2025-30691)
CVE-2025-30691
CWE-284
Medium
Oracle JRE Improper Access Control Vulnerability (CVE-2025-30698)
CVE-2025-30698
CWE-284
Medium
WebLogic Uncontrolled Resource Consumption Vulnerability (CVE-2025-30753)
CVE-2025-30753
CWE-400
Medium
Oracle JRE Improper Access Control Vulnerability (CVE-2025-30754)
CVE-2025-30754
CWE-284
Medium
Oracle JRE Deserialization of Untrusted Data Vulnerability (CVE-2025-30761)
CVE-2025-30761
CWE-502
Medium
Drupal Incorrect Authorization Vulnerability (CVE-2025-31673)
CVE-2025-31673
CWE-863
Medium
Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-31675)
CVE-2025-31675
CWE-707
Medium
Jenkins Missing Authorization Vulnerability (CVE-2025-31720)
CVE-2025-31720
CWE-862
Medium
Jenkins Missing Authorization Vulnerability (CVE-2025-31721)
CVE-2025-31721
CWE-862
Medium
Moodle Missing Authorization Vulnerability (CVE-2025-32045)
CVE-2025-32045
CWE-862
Medium
CrushFTP Server Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-32102)
CVE-2025-32102
CWE-918
Medium
CrushFTP Server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2025-32103)
CVE-2025-32103
CWE-22
Medium
EspoCRM Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2025-32385)
CVE-2025-32385
CWE-1021
Medium
XWikiplatform Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-32430)
CVE-2025-32430
CWE-707
Medium
XWikiplatform Other Vulnerability (CVE-2025-32783)
CVE-2025-32783
-
Medium
XWikiplatform URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2025-32970)
CVE-2025-32970
CWE-601
Medium
XWikiplatform CVE-2025-32972 Vulnerability (CVE-2025-32972)
CVE-2025-32972
-
Medium
Craft CMS Other Vulnerability (CVE-2025-35939)
CVE-2025-35939
-
Medium
Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-3057)
CVE-2025-3057
CWE-707
Medium
WP Plugin Contact Form 7 Improper Validation of Integrity Check Value Vulnerability (CVE-2025-3247)
CVE-2025-3247
CWE-354
Medium
Moodle Improper Authentication Vulnerability (CVE-2025-3627)
CVE-2025-3627
CWE-287
Medium
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-3628)
CVE-2025-3628
CWE-200
Medium
Moodle Improper Authentication Vulnerability (CVE-2025-3634)
CVE-2025-3634
CWE-287
Medium
Moodle Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-3636)
CVE-2025-3636
CWE-639
Medium
Moodle Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-3640)
CVE-2025-3640
CWE-639
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-3643)
CVE-2025-3643
CWE-707
Medium
Moodle Incorrect Authorization Vulnerability (CVE-2025-3644)
CVE-2025-3644
CWE-863
Medium
Moodle Incorrect Authorization Vulnerability (CVE-2025-3645)
CVE-2025-3645
CWE-863
Medium
Moodle Incorrect Authorization Vulnerability (CVE-2025-3647)
CVE-2025-3647
CWE-863
Medium
Mailman Incorrect Authorization Vulnerability (CVE-2025-43921)
CVE-2025-43921
CWE-863
Medium
FluxBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-44110)
CVE-2025-44110
CWE-707
Medium
osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-45387)
CVE-2025-45387
CWE-707
Medium
Opencart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-45892)
CVE-2025-45892
CWE-707
Medium
Opencart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-45893)
CVE-2025-45893
CWE-707
Medium
WebERP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-46053)
CVE-2025-46053
CWE-138
Medium
XWikiplatform Missing Authorization Vulnerability (CVE-2025-46554)
CVE-2025-46554
CWE-862
Medium
Envoy Proxy Overly Restrictive Regular Expression Vulnerability (CVE-2025-46821)
CVE-2025-46821
CWE-186
Medium
TYPO3 Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-47936)
CVE-2025-47936
CWE-918
Medium
TYPO3 Incorrect Authorization Vulnerability (CVE-2025-47937)
CVE-2025-47937
CWE-863
Medium