Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Medium Severity Vulnerabilities

Found 8779 vulnerabilities at Medium severity.

Vulnerability Name
CVE
CWE
Severity
Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-1312)
CVE-2026-1312
CWE-138
Medium
Pega Infinity Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) Vulnerability (CVE-2026-1564)
CVE-2026-1564
CWE-707
Medium
Pega Infinity Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-1711)
CVE-2026-1711
CWE-707
Medium
SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-20945)
CVE-2026-20945
CWE-707
Medium
SharePoint Server-Side Request Forgery (SSRF) Vulnerability (CVE-2026-20958)
CVE-2026-20958
CWE-918
Medium
SharePoint Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-20959)
CVE-2026-20959
CWE-707
Medium
Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-21631)
CVE-2026-21631
CWE-707
Medium
Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-21632)
CVE-2026-21632
CWE-707
Medium
Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2026-21722)
CVE-2026-21722
CWE-200
Medium
Grafana Improper Authorization Vulnerability (CVE-2026-21724)
CVE-2026-21724
CWE-285
Medium
Werkzeug WSGI Improper Handling of Windows Device Names Vulnerability (CVE-2026-21860)
CVE-2026-21860
CWE-67
Medium
Oracle JRE CVE-2026-21925 Vulnerability (CVE-2026-21925)
CVE-2026-21925
-
Medium
Oracle JRE CVE-2026-21933 Vulnerability (CVE-2026-21933)
CVE-2026-21933
-
Medium
MySQL CVE-2026-21964 Vulnerability (CVE-2026-21964)
CVE-2026-21964
-
Medium
Oracle JRE Protection Mechanism Failure Vulnerability (CVE-2026-22013)
CVE-2026-22013
CWE-693
Medium
Oracle JRE Uncontrolled Resource Consumption Vulnerability (CVE-2026-22021)
CVE-2026-22021
CWE-400
Medium
Angular Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-22610)
CVE-2026-22610
CWE-707
Medium
OpenSSL Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2026-22795)
CVE-2026-22795
CWE-754
Medium
OpenSSL Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2026-22796)
CVE-2026-22796
CWE-754
Medium
CakePHP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-23643)
CVE-2026-23643
CWE-707
Medium
XWikiplatform Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-24128)
CVE-2026-24128
CWE-707
Medium
phpMyFAQ CVE-2026-24420 Vulnerability (CVE-2026-24420)
CVE-2026-24420
-
Medium
phpMyFAQ Missing Authorization Vulnerability (CVE-2026-24421)
CVE-2026-24421
CWE-862
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-25491)
CVE-2026-25491
CWE-707
Medium
Craft CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2026-25492)
CVE-2026-25492
CWE-918
Medium
Craft CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2026-25493)
CVE-2026-25493
CWE-918
Medium
Craft CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2026-25494)
CVE-2026-25494
CWE-918
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-25496)
CVE-2026-25496
CWE-707
Medium
PrestaShop Observable Timing Discrepancy Vulnerability (CVE-2026-25597)
CVE-2026-25597
CWE-208
Medium
MongoDb Missing Authorization Vulnerability (CVE-2026-25609)
CVE-2026-25609
CWE-862
Medium
MongoDb Reachable Assertion Vulnerability (CVE-2026-25610)
CVE-2026-25610
CWE-617
Medium
MongoDb Incorrect Type Conversion or Cast Vulnerability (CVE-2026-25613)
CVE-2026-25613
CWE-704
Medium
Apache Tomcat URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2026-25854)
CVE-2026-25854
CWE-601
Medium
XWikiplatform Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2026-26000)
CVE-2026-26000
CWE-1021
Medium
Moodle Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-26047)
CVE-2026-26047
CWE-770
Medium
Envoy Proxy Off-by-one Error Vulnerability (CVE-2026-26309)
CVE-2026-26309
CWE-193
Medium
Envoy Proxy Use After Free Vulnerability (CVE-2026-26311)
CVE-2026-26311
CWE-416
Medium
osTicket Observable Discrepancy Vulnerability (CVE-2026-26895)
CVE-2026-26895
CWE-203
Medium
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2026-27100)
CVE-2026-27100
CWE-200
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-27126)
CVE-2026-27126
CWE-707
Medium
Craft CMS Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2026-27127)
CVE-2026-27127
CWE-367
Medium
Craft CMS Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2026-27128)
CVE-2026-27128
CWE-367
Medium
Craft CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2026-27129)
CVE-2026-27129
CWE-918
Medium
Werkzeug WSGI Improper Handling of Windows Device Names Vulnerability (CVE-2026-27199)
CVE-2026-27199
CWE-67
Medium
Caddy Web Server Improper Input Validation Vulnerability (CVE-2026-27585)
CVE-2026-27585
CWE-20
Medium
Caddy Web Server Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2026-27589)
CVE-2026-27589
CWE-352
Medium
Grafana Out-of-bounds Write Vulnerability (CVE-2026-27879)
CVE-2026-27879
CWE-787
Medium
Angular Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-27970)
CVE-2026-27970
CWE-707
Medium
Next.js Missing Origin Validation in WebSockets Vulnerability (CVE-2026-27977)
CVE-2026-27977
-
Medium
Next.js Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2026-27978)
CVE-2026-27978
CWE-352
Medium
CKEditor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-28343)
CVE-2026-28343
CWE-707
Medium
Grafana Uncontrolled Resource Consumption Vulnerability (CVE-2026-28375)
CVE-2026-28375
CWE-400
Medium
Grafana Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-28376)
CVE-2026-28376
CWE-770
Medium
Craft CMS Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2026-28781)
CVE-2026-28781
CWE-639
Medium
Craft CMS Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2026-28782)
CVE-2026-28782
CWE-639
Medium
Next.js Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2026-29057)
CVE-2026-29057
-
Medium
Craft CMS Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2026-29069)
CVE-2026-29069
CWE-639
Medium
Craft CMS Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2026-29113)
CVE-2026-29113
CWE-352
Medium
PostgreSQL Improper Validation of Specified Type of Input Vulnerability (CVE-2026-2003)
CVE-2026-2003
CWE-1287
Medium
Lodash Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2026-2950)
CVE-2026-2950
CWE-1321
Medium
Chamilo Observable Response Discrepancy Vulnerability (CVE-2026-30876)
CVE-2026-30876
CWE-204
Medium
Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-30882)
CVE-2026-30882
CWE-707
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-31859)
CVE-2026-31859
CWE-707
Medium
Chamilo Server-Side Request Forgery (SSRF) Vulnerability (CVE-2026-31941)
CVE-2026-31941
CWE-918
Medium
SharePoint Improper Input Validation Vulnerability (CVE-2026-32201)
CVE-2026-32201
CWE-20
Medium
Craft CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2026-32262)
CVE-2026-32262
CWE-22
Medium
phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-32629)
CVE-2026-32629
CWE-707
Medium
Chamilo URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2026-32932)
CVE-2026-32932
CWE-601
Medium
Apache Tomcat Improper Input Validation Vulnerability (CVE-2026-32990)
CVE-2026-32990
CWE-20
Medium
Apache HTTP Server Observable Timing Discrepancy Vulnerability (CVE-2026-33006)
CVE-2026-33006
CWE-208
Medium
Apache HTTP Server NULL Pointer Dereference Vulnerability (CVE-2026-33007)
CVE-2026-33007
CWE-476
Medium
Django Inefficient Algorithmic Complexity Vulnerability (CVE-2026-33033)
CVE-2026-33033
CWE-407
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-33051)
CVE-2026-33051
CWE-707
Medium
Chamilo Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2026-33141)
CVE-2026-33141
CWE-639
Medium
Craft CMS Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2026-33158)
CVE-2026-33158
CWE-639
Medium