🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
Documentation
Get a demo
Home
/
Web Application Vulnerabilities
/ Medium Severity
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.3.2229
Medium Severity Vulnerabilities
Found
8644 vulnerabilities
at
Medium
severity.
Vulnerability Name
CVE
CWE
Severity
Liferay DXP Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-43803)
CVE-2025-43803
CWE-639
Medium
Liferay Portal Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-43803)
CVE-2025-43803
CWE-639
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43804)
CVE-2025-43804
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43804)
CVE-2025-43804
CWE-707
Medium
Liferay DXP Missing Authorization Vulnerability (CVE-2025-43805)
CVE-2025-43805
CWE-862
Medium
Liferay Portal Missing Authorization Vulnerability (CVE-2025-43805)
CVE-2025-43805
CWE-862
Medium
Liferay Portal Incorrect Authorization Vulnerability (CVE-2025-43806)
CVE-2025-43806
CWE-863
Medium
Liferay DXP Incorrect Authorization Vulnerability (CVE-2025-43806)
CVE-2025-43806
CWE-863
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43807)
CVE-2025-43807
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43807)
CVE-2025-43807
CWE-707
Medium
Liferay Portal Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2025-43808)
CVE-2025-43808
CWE-732
Medium
Liferay DXP Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2025-43808)
CVE-2025-43808
CWE-732
Medium
Liferay Portal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2025-43809)
CVE-2025-43809
CWE-352
Medium
Liferay DXP Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2025-43809)
CVE-2025-43809
CWE-352
Medium
Liferay DXP Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-43810)
CVE-2025-43810
CWE-639
Medium
Liferay Portal Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-43810)
CVE-2025-43810
CWE-639
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43811)
CVE-2025-43811
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43811)
CVE-2025-43811
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43812)
CVE-2025-43812
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43812)
CVE-2025-43812
CWE-707
Medium
Liferay DXP Insertion of Sensitive Information Into Sent Data Vulnerability (CVE-2025-43814)
CVE-2025-43814
CWE-201
Medium
Liferay Portal Insertion of Sensitive Information Into Sent Data Vulnerability (CVE-2025-43814)
CVE-2025-43814
CWE-201
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43815)
CVE-2025-43815
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43815)
CVE-2025-43815
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43817)
CVE-2025-43817
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43817)
CVE-2025-43817
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43818)
CVE-2025-43818
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43818)
CVE-2025-43818
CWE-707
Medium
Liferay DXP Insufficient Session Expiration Vulnerability (CVE-2025-43819)
CVE-2025-43819
CWE-613
Medium
Liferay Portal Insufficient Session Expiration Vulnerability (CVE-2025-43819)
CVE-2025-43819
CWE-613
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43820)
CVE-2025-43820
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43820)
CVE-2025-43820
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43821)
CVE-2025-43821
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43821)
CVE-2025-43821
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43822)
CVE-2025-43822
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43822)
CVE-2025-43822
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43823)
CVE-2025-43823
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43823)
CVE-2025-43823
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43824)
CVE-2025-43824
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43824)
CVE-2025-43824
CWE-707
Medium
Liferay DXP Insertion of Sensitive Information Into Sent Data Vulnerability (CVE-2025-43825)
CVE-2025-43825
CWE-201
Medium
Liferay Portal Insertion of Sensitive Information Into Sent Data Vulnerability (CVE-2025-43825)
CVE-2025-43825
CWE-201
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43826)
CVE-2025-43826
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43826)
CVE-2025-43826
CWE-707
Medium
Liferay DXP Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-43827)
CVE-2025-43827
CWE-639
Medium
Liferay Portal Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-43827)
CVE-2025-43827
CWE-639
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43829)
CVE-2025-43829
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43829)
CVE-2025-43829
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43830)
CVE-2025-43830
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43830)
CVE-2025-43830
CWE-707
Medium
Mailman Incorrect Authorization Vulnerability (CVE-2025-43921)
CVE-2025-43921
CWE-863
Medium
FluxBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-44110)
CVE-2025-44110
CWE-707
Medium
osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-45387)
CVE-2025-45387
CWE-707
Medium
Opencart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-45892)
CVE-2025-45892
CWE-707
Medium
Opencart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-45893)
CVE-2025-45893
CWE-707
Medium
WebERP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-46053)
CVE-2025-46053
CWE-138
Medium
XWikiplatform Missing Authorization Vulnerability (CVE-2025-46554)
CVE-2025-46554
CWE-862
Medium
Envoy Proxy Overly Restrictive Regular Expression Vulnerability (CVE-2025-46821)
CVE-2025-46821
CWE-186
Medium
TYPO3 Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-47936)
CVE-2025-47936
CWE-918
Medium
TYPO3 Incorrect Authorization Vulnerability (CVE-2025-47937)
CVE-2025-47937
CWE-863
Medium
TYPO3 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2025-47939)
CVE-2025-47939
CWE-434
Medium
Next.js Missing Origin Validation in WebSockets Vulnerability (CVE-2025-48068)
CVE-2025-48068
-
Medium
Django Improper Output Neutralization for Logs Vulnerability (CVE-2025-48432)
CVE-2025-48432
CWE-117
Medium
MyBB Exposure of Sensitive Information Through Metadata Vulnerability (CVE-2025-48941)
CVE-2025-48941
CWE-1230
Medium
ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-48987)
CVE-2025-48987
CWE-707
Medium
SharePoint Improper Authentication Vulnerability (CVE-2025-49706)
CVE-2025-49706
CWE-287
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-4388)
CVE-2025-4388
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-4388)
CVE-2025-4388
CWE-707
Medium
OpenSSL Improper Certificate Validation Vulnerability (CVE-2025-4575)
CVE-2025-4575
CWE-295
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-4576)
CVE-2025-4576
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-4576)
CVE-2025-4576
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-4599)
CVE-2025-4599
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-4599)
CVE-2025-4599
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-4604)
CVE-2025-4604
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-4604)
CVE-2025-4604
CWE-707
Medium
« Previous
1
...
109
110
111
112
113
114
115
116
Next »
