Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Known Vulnerabilities

This page lists 14673 vulnerabilities in this category.

Critical: 1573 High: 3882 Medium: 8446 Low: 770 Information: 2
Vulnerability Name
CVE
CWE
Severity
Envoy Proxy NULL Pointer Dereference Vulnerability (CVE-2025-64527)
CVE-2025-64527
CWE-476
Medium
CrushFTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-63420)
CVE-2025-63420
CWE-707
Medium
CrushFTP Server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-63419)
CVE-2025-63419
CWE-707
Medium
LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-63238)
CVE-2025-63238
CWE-707
Medium
Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-63083)
CVE-2025-63083
CWE-707
Medium
Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-63082)
CVE-2025-63082
CWE-707
Medium
Piwigo Observable Response Discrepancy Vulnerability (CVE-2025-62512)
CVE-2025-62512
CWE-204
Medium
Moodle Improper Authorization Vulnerability (CVE-2025-62401)
CVE-2025-62401
CWE-285
Medium
Moodle CVE-2025-62400 Vulnerability (CVE-2025-62400)
CVE-2025-62400
-
Medium
Moodle CVE-2025-62398 Vulnerability (CVE-2025-62398)
CVE-2025-62398
-
Medium
Moodle Exposure of Information Through Directory Listing Vulnerability (CVE-2025-62396)
CVE-2025-62396
CWE-548
Medium
Apache HTTP Server Authentication Bypass Using an Alternate Path or Channel Vulnerability (CVE-2025-66200)
CVE-2025-66200
CWE-288
Medium
Moodle Improper Access Control Vulnerability (CVE-2025-62395)
CVE-2025-62395
CWE-284
Medium
Moodle Incorrect Authorization Vulnerability (CVE-2025-62394)
CVE-2025-62394
CWE-863
Medium
Moodle Improper Access Control Vulnerability (CVE-2025-62393)
CVE-2025-62393
CWE-284
Medium
Liferay DXP Use of Web Browser Cache Containing Sensitive Information Vulnerability (CVE-2025-62276)
CVE-2025-62276
CWE-525
Medium
Liferay Portal Use of Web Browser Cache Containing Sensitive Information Vulnerability (CVE-2025-62276)
CVE-2025-62276
CWE-525
Medium
Liferay DXP Incorrect Authorization Vulnerability (CVE-2025-62275)
CVE-2025-62275
CWE-863
Medium
Liferay Portal Incorrect Authorization Vulnerability (CVE-2025-62275)
CVE-2025-62275
CWE-863
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-62267)
CVE-2025-62267
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-62267)
CVE-2025-62267
CWE-707
Medium
Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2025-62266)
CVE-2025-62266
CWE-601
Medium
Liferay DXP URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2025-62266)
CVE-2025-62266
CWE-601
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-62265)
CVE-2025-62265
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-62265)
CVE-2025-62265
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-62264)
CVE-2025-62264
CWE-707
Medium
OpenSSL Memory Allocation with Excessive Size Value Vulnerability (CVE-2025-66199)
CVE-2025-66199
CWE-789
Medium
Werkzeug WSGI Improper Handling of Windows Device Names Vulnerability (CVE-2025-66221)
CVE-2025-66221
CWE-67
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-62263)
CVE-2025-62263
CWE-707
Medium
SharePoint Reflected Cross-Site Scripting (CVE-2017-8514)
CVE-2017-8514
CWE-80
Medium
PHP NULL Pointer Dereference Vulnerability (CVE-2025-6491)
CVE-2025-6491
CWE-476
Medium
Python Uncontrolled Resource Consumption Vulnerability (CVE-2025-6075)
CVE-2025-6075
CWE-400
Medium
Chamilo Use of Cache Containing Sensitive Information Vulnerability (CVE-2025-69581)
CVE-2025-69581
CWE-524
Medium
OpenSSL Missing Cryptographic Step Vulnerability (CVE-2025-69418)
CVE-2025-69418
CWE-325
Medium
phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-68951)
CVE-2025-68951
CWE-707
Medium
Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-68461)
CVE-2025-68461
CWE-707
Medium
Craft CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-68437)
CVE-2025-68437
CWE-918
Medium
Craft CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-68436)
CVE-2025-68436
CWE-200
Medium
OpenSSL Out-of-bounds Write Vulnerability (CVE-2025-68160)
CVE-2025-68160
CWE-787
Medium
Moodle Insertion of Sensitive Information Into Sent Data Vulnerability (CVE-2025-67857)
CVE-2025-67857
CWE-201
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-67855)
CVE-2025-67855
CWE-707
Medium
Moodle URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2025-67852)
CVE-2025-67852
CWE-601
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-67850)
CVE-2025-67850
CWE-707
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-67849)
CVE-2025-67849
CWE-707
Medium
Tornado Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-67724)
CVE-2025-67724
CWE-707
Medium
Angular Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-66412)
CVE-2025-66412
CWE-707
Medium
Jenkins Cleartext Storage of Sensitive Information Vulnerability (CVE-2025-67638)
CVE-2025-67638
CWE-312
Medium
Jenkins Cleartext Storage of Sensitive Information Vulnerability (CVE-2025-67637)
CVE-2025-67637
CWE-312
Medium
Jenkins Missing Authorization Vulnerability (CVE-2025-67636)
CVE-2025-67636
CWE-862
Medium
Apache mod_rewrite open redirect
CVE-2019-10098
CWE-601
Medium
MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-67483)
CVE-2025-67483
CWE-707
Medium
MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-67481)
CVE-2025-67481
CWE-707
Medium
MediaWiki Improper Input Validation Vulnerability (CVE-2025-67480)
CVE-2025-67480
CWE-20
Medium
MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-67477)
CVE-2025-67477
CWE-707
Medium
MediaWiki CVE-2025-67476 Vulnerability (CVE-2025-67476)
CVE-2025-67476
-
Medium
MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-67475)
CVE-2025-67475
CWE-707
Medium
Apache Solr SSRF CVE-2017-3164
CVE-2017-3164
CWE-918
Medium
Masa CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-66492)
CVE-2025-66492
CWE-707
Medium
XWikiplatform Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-66472)
CVE-2025-66472
CWE-707
Medium
Chamilo URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2025-66447)
CVE-2025-66447
CWE-601
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-62264)
CVE-2025-62264
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-62263)
CVE-2025-62263
CWE-707
Medium
MongoDb Insertion of Sensitive Information into Log File Vulnerability (CVE-2025-6711)
CVE-2025-6711
CWE-532
Medium
WebLogic Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-61764)
CVE-2025-61764
CWE-200
Medium
Liferay Portal Incorrect Authorization Vulnerability (CVE-2025-62243)
CVE-2025-62243
CWE-863
Medium
Liferay DXP Incorrect Authorization Vulnerability (CVE-2025-62243)
CVE-2025-62243
CWE-863
Medium
Liferay Portal Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-62242)
CVE-2025-62242
CWE-639
Medium
Liferay DXP Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-62242)
CVE-2025-62242
CWE-639
Medium
Liferay DXP Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-62241)
CVE-2025-62241
CWE-639
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-62240)
CVE-2025-62240
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-62240)
CVE-2025-62240
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-62239)
CVE-2025-62239
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-62239)
CVE-2025-62239
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-62238)
CVE-2025-62238
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-62238)
CVE-2025-62238
CWE-707
Medium