🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
Documentation
Get a demo
Home
/
Web Application Vulnerabilities
/ Medium Severity
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.3.2229
Medium Severity Vulnerabilities
Found
8644 vulnerabilities
at
Medium
severity.
Vulnerability Name
CVE
CWE
Severity
Moodle Improper Access Control Vulnerability (CVE-2025-62393)
CVE-2025-62393
CWE-284
Medium
Moodle Incorrect Authorization Vulnerability (CVE-2025-62394)
CVE-2025-62394
CWE-863
Medium
Moodle Improper Access Control Vulnerability (CVE-2025-62395)
CVE-2025-62395
CWE-284
Medium
Moodle Exposure of Information Through Directory Listing Vulnerability (CVE-2025-62396)
CVE-2025-62396
CWE-548
Medium
Moodle Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2025-62397)
CVE-2025-62397
CWE-209
Medium
Moodle CVE-2025-62398 Vulnerability (CVE-2025-62398)
CVE-2025-62398
-
Medium
Moodle CVE-2025-62400 Vulnerability (CVE-2025-62400)
CVE-2025-62400
-
Medium
Moodle Improper Authorization Vulnerability (CVE-2025-62401)
CVE-2025-62401
CWE-285
Medium
Piwigo Observable Response Discrepancy Vulnerability (CVE-2025-62512)
CVE-2025-62512
CWE-204
Medium
Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-63082)
CVE-2025-63082
CWE-707
Medium
Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-63083)
CVE-2025-63083
CWE-707
Medium
CrushFTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-63419)
CVE-2025-63419
CWE-707
Medium
CrushFTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-63420)
CVE-2025-63420
CWE-707
Medium
Envoy Proxy NULL Pointer Dereference Vulnerability (CVE-2025-64527)
CVE-2025-64527
CWE-476
Medium
Envoy Proxy Protection Mechanism Failure Vulnerability (CVE-2025-64763)
CVE-2025-64763
CWE-693
Medium
Apache HTTP Server Improper Neutralization of Escape, Meta, or Control Sequences Vulnerability (CVE-2025-65082)
CVE-2025-65082
CWE-150
Medium
Contao Insufficient Type Distinction Vulnerability (CVE-2025-65960)
CVE-2025-65960
CWE-351
Medium
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-65961)
CVE-2025-65961
CWE-707
Medium
OpenSSL Memory Allocation with Excessive Size Value Vulnerability (CVE-2025-66199)
CVE-2025-66199
CWE-789
Medium
Apache HTTP Server Authentication Bypass Using an Alternate Path or Channel Vulnerability (CVE-2025-66200)
CVE-2025-66200
CWE-288
Medium
Werkzeug WSGI Improper Handling of Windows Device Names Vulnerability (CVE-2025-66221)
CVE-2025-66221
CWE-67
Medium
Angular Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-66412)
CVE-2025-66412
CWE-707
Medium
XWikiplatform Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-66472)
CVE-2025-66472
CWE-707
Medium
Masa CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-66492)
CVE-2025-66492
CWE-707
Medium
Jenkins Missing Authorization Vulnerability (CVE-2025-67636)
CVE-2025-67636
CWE-862
Medium
Jenkins Cleartext Storage of Sensitive Information Vulnerability (CVE-2025-67637)
CVE-2025-67637
CWE-312
Medium
Jenkins Cleartext Storage of Sensitive Information Vulnerability (CVE-2025-67638)
CVE-2025-67638
CWE-312
Medium
Tornado Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-67724)
CVE-2025-67724
CWE-707
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-67849)
CVE-2025-67849
CWE-707
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-67850)
CVE-2025-67850
CWE-707
Medium
Moodle URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2025-67852)
CVE-2025-67852
CWE-601
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-67855)
CVE-2025-67855
CWE-707
Medium
Moodle Insertion of Sensitive Information Into Sent Data Vulnerability (CVE-2025-67857)
CVE-2025-67857
CWE-201
Medium
OpenSSL Out-of-bounds Write Vulnerability (CVE-2025-68160)
CVE-2025-68160
CWE-787
Medium
Craft CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-68436)
CVE-2025-68436
CWE-200
Medium
Craft CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-68437)
CVE-2025-68437
CWE-918
Medium
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-68461)
CVE-2025-68461
CWE-707
Medium
phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-68951)
CVE-2025-68951
CWE-707
Medium
OpenSSL Missing Cryptographic Step Vulnerability (CVE-2025-69418)
CVE-2025-69418
CWE-325
Medium
Chamilo Use of Cache Containing Sensitive Information Vulnerability (CVE-2025-69581)
CVE-2025-69581
CWE-524
Medium
Python Uncontrolled Resource Consumption Vulnerability (CVE-2025-6075)
CVE-2025-6075
CWE-400
Medium
PHP NULL Pointer Dereference Vulnerability (CVE-2025-6491)
CVE-2025-6491
CWE-476
Medium
MongoDb Incorrect Authorization Vulnerability (CVE-2025-6707)
CVE-2025-6707
CWE-863
Medium
MongoDb Insertion of Sensitive Information into Log File Vulnerability (CVE-2025-6711)
CVE-2025-6711
CWE-532
Medium
MongoDb Uncontrolled Resource Consumption Vulnerability (CVE-2025-6712)
CVE-2025-6712
CWE-400
Medium
MongoDb Improper Authorization Vulnerability (CVE-2025-6713)
CVE-2025-6713
CWE-285
Medium
Podcast Generator Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-70336)
CVE-2025-70336
CWE-707
Medium
MongoDb Access of Resource Using Incompatible Type ('Type Confusion') Vulnerability (CVE-2025-7259)
CVE-2025-7259
CWE-843
Medium
TYPO3 Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-7900)
CVE-2025-7900
CWE-639
Medium
markdown-it Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-7969)
CVE-2025-7969
CWE-707
Medium
Pega Infinity Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-9559)
CVE-2025-9559
CWE-639
Medium
DOMPurify Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-0540)
CVE-2026-0540
CWE-707
Medium
Chamilo Incorrect Privilege Assignment Vulnerability (CVE-2026-1106)
CVE-2026-1106
CWE-266
Medium
Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-1207)
CVE-2026-1207
CWE-138
Medium
Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-1287)
CVE-2026-1287
CWE-138
Medium
Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-1312)
CVE-2026-1312
CWE-138
Medium
SharePoint Server-Side Request Forgery (SSRF) Vulnerability (CVE-2026-20958)
CVE-2026-20958
CWE-918
Medium
SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-20959)
CVE-2026-20959
CWE-707
Medium
Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2026-21722)
CVE-2026-21722
CWE-200
Medium
Werkzeug WSGI Improper Handling of Windows Device Names Vulnerability (CVE-2026-21860)
CVE-2026-21860
CWE-67
Medium
Oracle JRE CVE-2026-21925 Vulnerability (CVE-2026-21925)
CVE-2026-21925
-
Medium
Oracle JRE CVE-2026-21933 Vulnerability (CVE-2026-21933)
CVE-2026-21933
-
Medium
MySQL CVE-2026-21964 Vulnerability (CVE-2026-21964)
CVE-2026-21964
-
Medium
Angular Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-22610)
CVE-2026-22610
CWE-707
Medium
OpenSSL Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2026-22795)
CVE-2026-22795
CWE-754
Medium
OpenSSL Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2026-22796)
CVE-2026-22796
CWE-754
Medium
CakePHP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-23643)
CVE-2026-23643
CWE-707
Medium
XWikiplatform Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-24128)
CVE-2026-24128
CWE-707
Medium
phpMyFAQ CVE-2026-24420 Vulnerability (CVE-2026-24420)
CVE-2026-24420
-
Medium
phpMyFAQ Missing Authorization Vulnerability (CVE-2026-24421)
CVE-2026-24421
CWE-862
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-25491)
CVE-2026-25491
CWE-707
Medium
Craft CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2026-25492)
CVE-2026-25492
CWE-918
Medium
Craft CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2026-25493)
CVE-2026-25493
CWE-918
Medium
Craft CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2026-25494)
CVE-2026-25494
CWE-918
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-25496)
CVE-2026-25496
CWE-707
Medium
« Previous
1
...
108
109
110
111
112
113
114
115
116
Next »
