🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Invicti vs. Competitors
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
MSSP
Documentation
Vulnerability Database
Get a demo
Home
/
Web Application Vulnerabilities
/ Known Vulnerabilities
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
Known Vulnerabilities
This page lists
15072 vulnerabilities
in this category.
Critical: 1617
High: 4043
Medium: 8626
Low: 784
Information: 2
Vulnerability Name
CVE
CWE
Severity
Liferay Portal Incorrect Authorization Vulnerability (CVE-2025-43806)
CVE-2025-43806
CWE-863
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-32475)
CVE-2021-32475
CWE-707
Medium
Liferay DXP Incorrect Authorization Vulnerability (CVE-2025-43806)
CVE-2025-43806
CWE-863
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43807)
CVE-2025-43807
CWE-707
Medium
Moodle CVE-2021-32473 Vulnerability (CVE-2021-32473)
CVE-2021-32473
-
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43807)
CVE-2025-43807
CWE-707
Medium
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-32472)
CVE-2021-32472
CWE-200
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43822)
CVE-2025-43822
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43822)
CVE-2025-43822
CWE-707
Medium
CKEditor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-32808)
CVE-2021-32808
CWE-707
Medium
Django Improper Output Neutralization for Logs Vulnerability (CVE-2025-48432)
CVE-2025-48432
CWE-117
Medium
Opencart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-45893)
CVE-2025-45893
CWE-707
Medium
WebERP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-46053)
CVE-2025-46053
CWE-138
Medium
XWikiplatform Missing Authorization Vulnerability (CVE-2025-46554)
CVE-2025-46554
CWE-862
Medium
Apache Tomcat Improper Encoding or Escaping of Output Vulnerability (CVE-2021-30640)
CVE-2021-30640
CWE-116
Medium
Envoy Proxy Overly Restrictive Regular Expression Vulnerability (CVE-2025-46821)
CVE-2025-46821
CWE-186
Medium
Nexus Repository Manager Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-30635)
CVE-2021-30635
CWE-22
Medium
MediaWiki CVE-2021-30159 Vulnerability (CVE-2021-30159)
CVE-2021-30159
-
Medium
MediaWiki Improper Authentication Vulnerability (CVE-2021-30158)
CVE-2021-30158
CWE-287
Medium
MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-30157)
CVE-2021-30157
CWE-707
Medium
TYPO3 Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-47936)
CVE-2025-47936
CWE-918
Medium
TYPO3 Incorrect Authorization Vulnerability (CVE-2025-47937)
CVE-2025-47937
CWE-863
Medium
TYPO3 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2025-47939)
CVE-2025-47939
CWE-434
Medium
MediaWiki Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-30156)
CVE-2021-30156
CWE-732
Medium
Next.js Missing Origin Validation in WebSockets Vulnerability (CVE-2025-48068)
CVE-2025-48068
-
Medium
MediaWiki Missing Authorization Vulnerability (CVE-2021-30155)
CVE-2021-30155
CWE-862
Medium
Apache HTTP Server Other Vulnerability (CVE-2021-30641)
CVE-2021-30641
-
Medium
MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-30154)
CVE-2021-30154
CWE-707
Medium
MediaWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-30153)
CVE-2021-30153
CWE-668
Medium
MediaWiki Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-30152)
CVE-2021-30152
CWE-732
Medium
MySQL CVE-2021-2481 Vulnerability (CVE-2021-2481)
CVE-2021-2481
-
Medium
Oracle HTTP Server CVE-2021-2480 Vulnerability (CVE-2021-2480)
CVE-2021-2480
-
Medium
MySQL CVE-2021-2479 Vulnerability (CVE-2021-2479)
CVE-2021-2479
-
Medium
MySQL CVE-2021-2478 Vulnerability (CVE-2021-2478)
CVE-2021-2478
-
Medium
MySQL CVE-2021-2471 Vulnerability (CVE-2021-2471)
CVE-2021-2471
-
Medium
WebLogic CVE-2021-2403 Vulnerability (CVE-2021-2403)
CVE-2021-2403
-
Medium
MyBB Exposure of Sensitive Information Through Metadata Vulnerability (CVE-2025-48941)
CVE-2025-48941
CWE-1230
Medium
ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-48987)
CVE-2025-48987
CWE-707
Medium
Oracle JRE CVE-2021-2369 Vulnerability (CVE-2021-2369)
CVE-2021-2369
-
Medium
MySQL CVE-2021-2357 Vulnerability (CVE-2021-2357)
CVE-2021-2357
-
Medium
MySQL CVE-2021-2356 Vulnerability (CVE-2021-2356)
CVE-2021-2356
-
Medium
Opencart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-45892)
CVE-2025-45892
CWE-707
Medium
osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-45387)
CVE-2025-45387
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43823)
CVE-2025-43823
CWE-707
Medium
MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-31551)
CVE-2021-31551
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43823)
CVE-2025-43823
CWE-707
Medium
Squid Improper Input Validation Vulnerability (CVE-2021-31808)
CVE-2021-31808
CWE-20
Medium
Squid Integer Overflow or Wraparound Vulnerability (CVE-2021-31807)
CVE-2021-31807
CWE-190
Medium
Squid Improper Encoding or Escaping of Output Vulnerability (CVE-2021-31806)
CVE-2021-31806
CWE-116
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43824)
CVE-2025-43824
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43824)
CVE-2025-43824
CWE-707
Medium
Liferay DXP Insertion of Sensitive Information Into Sent Data Vulnerability (CVE-2025-43825)
CVE-2025-43825
CWE-201
Medium
Liferay Portal Insertion of Sensitive Information Into Sent Data Vulnerability (CVE-2025-43825)
CVE-2025-43825
CWE-201
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43826)
CVE-2025-43826
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43826)
CVE-2025-43826
CWE-707
Medium
MediaWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-31554)
CVE-2021-31554
CWE-668
Medium
Liferay DXP Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-43827)
CVE-2025-43827
CWE-639
Medium
MediaWiki Unquoted Search Path or Element Vulnerability (CVE-2021-31553)
CVE-2021-31553
CWE-428
Medium
MediaWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-31552)
CVE-2021-31552
CWE-668
Medium
MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-31550)
CVE-2021-31550
CWE-707
Medium
FluxBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-44110)
CVE-2025-44110
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43829)
CVE-2025-43829
CWE-707
Medium
Mailman Incorrect Authorization Vulnerability (CVE-2025-43921)
CVE-2025-43921
CWE-863
Medium
SharePoint CVE-2021-31171 Vulnerability (CVE-2021-31171)
CVE-2021-31171
-
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43830)
CVE-2025-43830
CWE-707
Medium
SharePoint CVE-2021-31172 Vulnerability (CVE-2021-31172)
CVE-2021-31172
-
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43830)
CVE-2025-43830
CWE-707
Medium
SharePoint CVE-2021-31173 Vulnerability (CVE-2021-31173)
CVE-2021-31173
-
Medium
SharePoint CVE-2021-31181 Vulnerability (CVE-2021-31181)
CVE-2021-31181
-
Medium
Liferay Portal Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-43827)
CVE-2025-43827
CWE-639
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43829)
CVE-2025-43829
CWE-707
Medium
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-31545)
CVE-2021-31545
CWE-200
Medium
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-31546)
CVE-2021-31546
CWE-200
Medium
MediaWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-31547)
CVE-2021-31547
CWE-668
Medium
MediaWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-31548)
CVE-2021-31548
CWE-668
Medium
«
1
...
107
108
109
...
201
»