Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Medium Severity Vulnerabilities

Found 8734 vulnerabilities at Medium severity.

Vulnerability Name
CVE
CWE
Severity
Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-33170)
CVE-2026-33170
CWE-707
Medium
Ruby on Rails Improper Verification of Intent by Broadcast Receiver Vulnerability (CVE-2026-33173)
CVE-2026-33173
CWE-925
Medium
Grafana Uncontrolled Resource Consumption Vulnerability (CVE-2026-33375)
CVE-2026-33375
CWE-400
Medium
Squid Out-of-bounds Read Vulnerability (CVE-2026-33515)
CVE-2026-33515
CWE-125
Medium
EspoCRM Server-Side Request Forgery (SSRF) Vulnerability (CVE-2026-33534)
CVE-2026-33534
CWE-918
Medium
EspoCRM Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) Vulnerability (CVE-2026-33657)
CVE-2026-33657
CWE-707
Medium
PrestaShop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-33673)
CVE-2026-33673
CWE-707
Medium
PrestaShop Improper Use of Validation Framework Vulnerability (CVE-2026-33674)
CVE-2026-33674
CWE-1173
Medium
Chamilo Insertion of Sensitive Information into Externally-Accessible File or Directory Vulnerability (CVE-2026-33705)
CVE-2026-33705
CWE-538
Medium
Chamilo Missing Authorization Vulnerability (CVE-2026-33708)
CVE-2026-33708
CWE-862
Medium
Chamilo Improper Restriction of XML External Entity Reference Vulnerability (CVE-2026-33737)
CVE-2026-33737
CWE-611
Medium
EspoCRM Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2026-33740)
CVE-2026-33740
CWE-639
Medium
Handlebars Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-33916)
CVE-2026-33916
CWE-707
Medium
Dolibarr Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio Vulnerability (CVE-2026-34036)
CVE-2026-34036
-
Medium
Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-34161)
CVE-2026-34161
CWE-707
Medium
Chamilo Improper Authorization Vulnerability (CVE-2026-34370)
CVE-2026-34370
CWE-285
Medium
Apache Tomcat Improper Authentication Vulnerability (CVE-2026-34500)
CVE-2026-34500
CWE-287
Medium
phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-34729)
CVE-2026-34729
CWE-707
Medium
phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-34974)
CVE-2026-34974
CWE-707
Medium
Tornado Improper Handling of Invalid Use of Special Elements Vulnerability (CVE-2026-35536)
CVE-2026-35536
CWE-159
Medium
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-35539)
CVE-2026-35539
CWE-707
Medium
Roundcube Incorrect Resource Transfer Between Spheres Vulnerability (CVE-2026-35540)
CVE-2026-35540
CWE-669
Medium
Roundcube Access of Resource Using Incompatible Type ('Type Confusion') Vulnerability (CVE-2026-35541)
CVE-2026-35541
CWE-843
Medium
Roundcube Incorrect Resource Transfer Between Spheres Vulnerability (CVE-2026-35542)
CVE-2026-35542
CWE-669
Medium
Roundcube Incorrect Resource Transfer Between Spheres Vulnerability (CVE-2026-35543)
CVE-2026-35543
CWE-669
Medium
Roundcube Incorrect Resource Transfer Between Spheres Vulnerability (CVE-2026-35544)
CVE-2026-35544
CWE-669
Medium
axios Uncontrolled Resource Consumption Vulnerability (CVE-2026-39865)
CVE-2026-39865
CWE-400
Medium
Serendipity Reliance on Cookies without Validation and Integrity Checking Vulnerability (CVE-2026-39963)
CVE-2026-39963
CWE-565
Medium
Opencart Incomplete Filtering of Special Elements Vulnerability (CVE-2026-3714)
CVE-2026-3714
CWE-791
Medium
XWikiplatform Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) Vulnerability (CVE-2026-40105)
CVE-2026-40105
CWE-707
Medium
axios Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') Vulnerability (CVE-2026-40175)
CVE-2026-40175
CWE-707
Medium
MongoDb Use of Uninitialized Resource Vulnerability (CVE-2026-4147)
CVE-2026-4147
CWE-908
Medium
Jboss EAP Server-Side Request Forgery (SSRF) Vulnerability (CVE-2026-4366)
CVE-2026-4366
CWE-918
Medium
MongoDb Reachable Assertion Vulnerability (CVE-2026-5170)
CVE-2026-5170
CWE-617
Medium