Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Medium Severity Vulnerabilities

Found 8734 vulnerabilities at Medium severity.

Vulnerability Name
CVE
CWE
Severity
OpenSSL Improper Verification of Cryptographic Signature Vulnerability (CVE-2025-15469)
CVE-2025-15469
CWE-347
Medium
DOMPurify Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-15599)
CVE-2025-15599
CWE-707
Medium
PHP Inaccurate Comments Vulnerability (CVE-2025-1219)
CVE-2025-1219
CWE-1116
Medium
PHP Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-1220)
CVE-2025-1220
CWE-918
Medium
Payara Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-1534)
CVE-2025-1534
CWE-707
Medium
Nginx Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2025-1695)
CVE-2025-1695
CWE-835
Medium
PHP Improper Input Validation Vulnerability (CVE-2025-1734)
CVE-2025-1734
CWE-20
Medium
Opencart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-1746)
CVE-2025-1746
CWE-707
Medium
Opencart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-1747)
CVE-2025-1747
CWE-707
Medium
Opencart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-1748)
CVE-2025-1748
CWE-707
Medium
Opencart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-1749)
CVE-2025-1749
CWE-707
Medium
SharePoint CVE-2025-21393 Vulnerability (CVE-2025-21393)
CVE-2025-21393
-
Medium
Oracle HTTP Server Missing Authorization Vulnerability (CVE-2025-21498)
CVE-2025-21498
CWE-862
Medium
Oracle JRE Incorrect Authorization Vulnerability (CVE-2025-21502)
CVE-2025-21502
CWE-863
Medium
GeoServer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-21621)
CVE-2025-21621
CWE-707
Medium
Jboss EAP CVE-2025-23367 Vulnerability (CVE-2025-23367)
CVE-2025-23367
-
Medium
Nginx Insufficient Session Expiration Vulnerability (CVE-2025-23419)
CVE-2025-23419
CWE-613
Medium
PrestaShop Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2025-25691)
CVE-2025-25691
CWE-138
Medium
PrestaShop Deserialization of Untrusted Data Vulnerability (CVE-2025-25692)
CVE-2025-25692
CWE-502
Medium
osTicket Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-26241)
CVE-2025-26241
CWE-138
Medium
Moodle Incorrect Authorization Vulnerability (CVE-2025-26526)
CVE-2025-26526
CWE-863
Medium
Moodle Exposure of Sensitive Information Through Metadata Vulnerability (CVE-2025-26527)
CVE-2025-26527
CWE-1230
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-26528)
CVE-2025-26528
CWE-707
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-26529)
CVE-2025-26529
CWE-707
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-26530)
CVE-2025-26530
CWE-707
Medium
Moodle Incorrect Authorization Vulnerability (CVE-2025-26531)
CVE-2025-26531
CWE-863
Medium
Moodle Incorrect Authorization Vulnerability (CVE-2025-26532)
CVE-2025-26532
CWE-863
Medium
DOMPurify Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-26791)
CVE-2025-26791
CWE-707
Medium
ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-27208)
CVE-2025-27208
CWE-707
Medium
GeoServer Missing Authorization Vulnerability (CVE-2025-27505)
CVE-2025-27505
CWE-862
Medium
Jenkins Cleartext Storage of Sensitive Information Vulnerability (CVE-2025-27622)
CVE-2025-27622
CWE-312
Medium
Jenkins Cleartext Storage of Sensitive Information Vulnerability (CVE-2025-27623)
CVE-2025-27623
CWE-312
Medium
Jenkins Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2025-27624)
CVE-2025-27624
CWE-352
Medium
Jenkins URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2025-27625)
CVE-2025-27625
CWE-601
Medium
phpList Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-28073)
CVE-2025-28073
CWE-707
Medium
phpList Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-28074)
CVE-2025-28074
CWE-707
Medium
Sqlite Integer Overflow or Wraparound Vulnerability (CVE-2025-29088)
CVE-2025-29088
CWE-190
Medium
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-29790)
CVE-2025-29790
CWE-707
Medium
XWikiplatform Other Vulnerability (CVE-2025-29925)
CVE-2025-29925
-
Medium
Next.js Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-30218)
CVE-2025-30218
CWE-200
Medium
Oracle JRE Improper Access Control Vulnerability (CVE-2025-30691)
CVE-2025-30691
CWE-284
Medium
Oracle JRE Improper Access Control Vulnerability (CVE-2025-30698)
CVE-2025-30698
CWE-284
Medium
WebLogic Uncontrolled Resource Consumption Vulnerability (CVE-2025-30753)
CVE-2025-30753
CWE-400
Medium
Oracle JRE Improper Access Control Vulnerability (CVE-2025-30754)
CVE-2025-30754
CWE-284
Medium
Oracle JRE Deserialization of Untrusted Data Vulnerability (CVE-2025-30761)
CVE-2025-30761
CWE-502
Medium
Drupal Incorrect Authorization Vulnerability (CVE-2025-31673)
CVE-2025-31673
CWE-863
Medium
Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-31675)
CVE-2025-31675
CWE-707
Medium
Jenkins Missing Authorization Vulnerability (CVE-2025-31720)
CVE-2025-31720
CWE-862
Medium
Jenkins Missing Authorization Vulnerability (CVE-2025-31721)
CVE-2025-31721
CWE-862
Medium
Moodle Missing Authorization Vulnerability (CVE-2025-32045)
CVE-2025-32045
CWE-862
Medium
CrushFTP Server Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-32102)
CVE-2025-32102
CWE-918
Medium
CrushFTP Server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2025-32103)
CVE-2025-32103
CWE-22
Medium
EspoCRM Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2025-32385)
CVE-2025-32385
CWE-1021
Medium
XWikiplatform Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-32430)
CVE-2025-32430
CWE-707
Medium
XWikiplatform Other Vulnerability (CVE-2025-32783)
CVE-2025-32783
-
Medium
XWikiplatform URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2025-32970)
CVE-2025-32970
CWE-601
Medium
XWikiplatform CVE-2025-32972 Vulnerability (CVE-2025-32972)
CVE-2025-32972
-
Medium
Craft CMS Other Vulnerability (CVE-2025-35939)
CVE-2025-35939
-
Medium
Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-3057)
CVE-2025-3057
CWE-707
Medium
MongoDb CVE-2025-3082 Vulnerability (CVE-2025-3082)
CVE-2025-3082
-
Medium
MongoDb Improper Check or Handling of Exceptional Conditions Vulnerability (CVE-2025-3084)
CVE-2025-3084
CWE-703
Medium
WP Plugin Contact Form 7 Improper Validation of Integrity Check Value Vulnerability (CVE-2025-3247)
CVE-2025-3247
CWE-354
Medium
Moodle Improper Authentication Vulnerability (CVE-2025-3627)
CVE-2025-3627
CWE-287
Medium
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-3628)
CVE-2025-3628
CWE-200
Medium
Moodle Improper Authentication Vulnerability (CVE-2025-3634)
CVE-2025-3634
CWE-287
Medium
Moodle Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-3636)
CVE-2025-3636
CWE-639
Medium
Moodle Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-3640)
CVE-2025-3640
CWE-639
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-3643)
CVE-2025-3643
CWE-707
Medium
Moodle Incorrect Authorization Vulnerability (CVE-2025-3644)
CVE-2025-3644
CWE-863
Medium
Moodle Incorrect Authorization Vulnerability (CVE-2025-3645)
CVE-2025-3645
CWE-863
Medium
Moodle Incorrect Authorization Vulnerability (CVE-2025-3647)
CVE-2025-3647
CWE-863
Medium
AbanteCart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-40626)
CVE-2025-40626
CWE-707
Medium
AbanteCart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-40627)
CVE-2025-40627
CWE-707
Medium
LimeSurvey Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2025-41076)
CVE-2025-41076
CWE-209
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-41117)
CVE-2025-41117
CWE-707
Medium