Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Known Vulnerabilities

This page lists 14673 vulnerabilities in this category.

Critical: 1573 High: 3882 Medium: 8446 Low: 770 Information: 2
Vulnerability Name
CVE
CWE
Severity
cPanel XSS (CVE-2023-29489)
CVE-2023-29489
CWE-79
Medium
XWikiplatform CVE-2025-32972 Vulnerability (CVE-2025-32972)
CVE-2025-32972
-
Medium
XWikiplatform URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2025-32970)
CVE-2025-32970
CWE-601
Medium
ColdFusion XSS (CVE-2023-44352)
CVE-2023-44352
CWE-79
Medium
XWikiplatform Other Vulnerability (CVE-2025-32783)
CVE-2025-32783
-
Medium
XWikiplatform Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-32430)
CVE-2025-32430
CWE-707
Medium
imgproxy SSRF (CVE-2023-30019)
CVE-2023-30019
CWE-918
Medium
EspoCRM Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2025-32385)
CVE-2025-32385
CWE-1021
Medium
CrushFTP Server Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-32102)
CVE-2025-32102
CWE-918
Medium
Internet Information Services Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-1999-0007)
CVE-1999-0007
CWE-327
Medium
Moodle Missing Authorization Vulnerability (CVE-2025-32045)
CVE-2025-32045
CWE-862
Medium
Unrestricted access to AnythingLLM API
CVE-2024-6842
CWE-200
Medium
Jenkins Missing Authorization Vulnerability (CVE-2025-31721)
CVE-2025-31721
CWE-862
Medium
Jenkins Missing Authorization Vulnerability (CVE-2025-31720)
CVE-2025-31720
CWE-862
Medium
Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-31675)
CVE-2025-31675
CWE-707
Medium
Citrix NetScaler ADC/Gateway XSS (CVE-2025-12101)
CVE-2025-12101
CWE-79
Medium
Drupal Incorrect Authorization Vulnerability (CVE-2025-31673)
CVE-2025-31673
CWE-863
Medium
PAN-OS GlobalProtect XSS (CVE-2025-0133)
CVE-2025-0133
CWE-79
Medium
Oracle JRE Deserialization of Untrusted Data Vulnerability (CVE-2025-30761)
CVE-2025-30761
CWE-502
Medium
Oracle JRE Improper Access Control Vulnerability (CVE-2025-30754)
CVE-2025-30754
CWE-284
Medium
WebLogic Uncontrolled Resource Consumption Vulnerability (CVE-2025-30753)
CVE-2025-30753
CWE-400
Medium
Oracle JRE Improper Access Control Vulnerability (CVE-2025-30698)
CVE-2025-30698
CWE-284
Medium
Oracle JRE Improper Access Control Vulnerability (CVE-2025-30691)
CVE-2025-30691
CWE-284
Medium
Next.js Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-30218)
CVE-2025-30218
CWE-200
Medium
Internet Information Services Other Vulnerability (CVE-1999-0738)
CVE-1999-0738
-
Medium
Nginx Insufficient Session Expiration Vulnerability (CVE-2025-23419)
CVE-2025-23419
CWE-613
Medium
Liferay Portal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-8980)
CVE-2024-8980
CWE-352
Medium
Internet Information Services Other Vulnerability (CVE-2000-0071)
CVE-2000-0071
-
Medium
MongoDb Missing Authorization Vulnerability (CVE-2025-13643)
CVE-2025-13643
CWE-862
Medium
MongoDb Improper Validation of Specified Quantity in Input Vulnerability (CVE-2025-13507)
CVE-2025-13507
CWE-1284
Medium
Django Observable Timing Discrepancy Vulnerability (CVE-2025-13473)
CVE-2025-13473
CWE-208
Medium
Lodash Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2025-13465)
CVE-2025-13465
CWE-1321
Medium
Django Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-13372)
CVE-2025-13372
CWE-138
Medium
MOVEit Transfer Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-13147)
CVE-2025-13147
CWE-918
Medium
Drupal User Interface (UI) Misrepresentation of Critical Information Vulnerability (CVE-2025-13082)
CVE-2025-13082
CWE-451
Medium
Drupal Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability (CVE-2025-13081)
CVE-2025-13081
CWE-915
Medium
Drupal Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2025-13080)
CVE-2025-13080
CWE-754
Medium
MongoDb Improper Certificate Validation Vulnerability (CVE-2025-12893)
CVE-2025-12893
CWE-295
Medium
Python Incorrect Type Conversion or Cast Vulnerability (CVE-2025-12781)
CVE-2025-12781
CWE-704
Medium
MongoDb Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2025-12657)
CVE-2025-12657
CWE-754
Medium
Internet Information Services Other Vulnerability (CVE-2000-0025)
CVE-2000-0025
-
Medium
MySQL Other Vulnerability (CVE-2000-0045)
CVE-2000-0045
-
Medium
Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-12141)
CVE-2025-12141
CWE-200
Medium
Python Uncontrolled Resource Consumption Vulnerability (CVE-2025-13837)
CVE-2025-13837
CWE-400
Medium
Python Inefficient Algorithmic Complexity Vulnerability (CVE-2025-12084)
CVE-2025-12084
CWE-407
Medium
MongoDb Use After Free Vulnerability (CVE-2025-11979)
CVE-2025-11979
CWE-416
Medium
Internet Information Services Other Vulnerability (CVE-2000-0114)
CVE-2000-0114
-
Medium
MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-11261)
CVE-2025-11261
CWE-707
Medium
Internet Information Services Other Vulnerability (CVE-2000-0126)
CVE-2000-0126
-
Medium
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2025-11187)
CVE-2025-11187
CWE-476
Medium
Jetty Improper Input Validation Vulnerability (CVE-2025-11143)
CVE-2025-11143
CWE-20
Medium
DataTables Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2025-11031)
CVE-2025-11031
CWE-22
Medium
MongoDb CVE-2025-10061 Vulnerability (CVE-2025-10061)
CVE-2025-10061
-
Medium
MongoDb Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2025-10059)
CVE-2025-10059
CWE-732
Medium
WordPress Ultimate Member Plugin CVE-2025-0318 Vulnerability (CVE-2025-0318)
CVE-2025-0318
-
Medium
WP Plugin Advanced Custom Fields CVE-2024-9529 Vulnerability (CVE-2024-9529)
CVE-2024-9529
-
Medium
Internet Information Services Other Vulnerability (CVE-2000-0226)
CVE-2000-0226
-
Medium
Internet Information Services Other Vulnerability (CVE-2000-0246)
CVE-2000-0246
-
Medium
Internet Information Services Other Vulnerability (CVE-2000-0024)
CVE-2000-0024
-
Medium
Internet Information Services Other Vulnerability (CVE-1999-1544)
CVE-1999-1544
-
Medium
Jboss EAP CVE-2025-23367 Vulnerability (CVE-2025-23367)
CVE-2025-23367
-
Medium
Opencart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-1748)
CVE-2025-1748
CWE-707
Medium
Oracle Database Server Other Vulnerability (CVE-1999-0784)
CVE-1999-0784
-
Medium
Internet Information Services Improper Input Validation Vulnerability (CVE-1999-0867)
CVE-1999-0867
CWE-20
Medium
GeoServer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-21621)
CVE-2025-21621
CWE-707
Medium
Oracle Database Server Other Vulnerability (CVE-1999-0888)
CVE-1999-0888
-
Medium
Microsoft SQL Server Improper Input Validation Vulnerability (CVE-1999-0999)
CVE-1999-0999
CWE-20
Medium
Internet Information Services Other Vulnerability (CVE-1999-1035)
CVE-1999-1035
-
Medium
Oracle JRE Incorrect Authorization Vulnerability (CVE-2025-21502)
CVE-2025-21502
CWE-863
Medium
Oracle HTTP Server Missing Authorization Vulnerability (CVE-2025-21498)
CVE-2025-21498
CWE-862
Medium
SharePoint CVE-2025-21393 Vulnerability (CVE-2025-21393)
CVE-2025-21393
-
Medium
Oracle HTTP Server Other Vulnerability (CVE-1999-1068)
CVE-1999-1068
-
Medium
Internet Information Services Other Vulnerability (CVE-1999-1148)
CVE-1999-1148
-
Medium
MySQL Other Vulnerability (CVE-1999-1188)
CVE-1999-1188
-
Medium
Internet Information Services Other Vulnerability (CVE-1999-1223)
CVE-1999-1223
-
Medium