Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Known Vulnerabilities

This page lists 14673 vulnerabilities in this category.

Critical: 1573 High: 3882 Medium: 8446 Low: 770 Information: 2
Vulnerability Name
CVE
CWE
Severity
TYPO3 Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-7900)
CVE-2025-7900
CWE-639
Medium
MongoDb Access of Resource Using Incompatible Type ('Type Confusion') Vulnerability (CVE-2025-7259)
CVE-2025-7259
CWE-843
Medium
phpBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2025-70811)
CVE-2025-70811
CWE-352
Medium
nginx range filter integer overflow
CVE-2017-7529
CWE-200
Medium
Podcast Generator Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-70336)
CVE-2025-70336
CWE-707
Medium
CakePHP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-23643)
CVE-2026-23643
CWE-707
Medium
phpMyFAQ CVE-2026-24420 Vulnerability (CVE-2026-24420)
CVE-2026-24420
-
Medium
Next.js Missing Origin Validation in WebSockets Vulnerability (CVE-2026-27977)
CVE-2026-27977
-
Medium
Cross-Site Request Forgery (CSRF) (CMS Made Simple)
CVE-2016-7904
CWE-352
Medium
Angular Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-27970)
CVE-2026-27970
CWE-707
Medium
Grafana Out-of-bounds Write Vulnerability (CVE-2026-27879)
CVE-2026-27879
CWE-787
Medium
FCKeditor arbitrary file upload
CVE-2009-2265
CWE-22
Medium
Caddy Web Server Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2026-27589)
CVE-2026-27589
CWE-352
Medium
Caddy Web Server Improper Input Validation Vulnerability (CVE-2026-27585)
CVE-2026-27585
CWE-20
Medium
Werkzeug WSGI Improper Handling of Windows Device Names Vulnerability (CVE-2026-27199)
CVE-2026-27199
CWE-67
Medium
Craft CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2026-27129)
CVE-2026-27129
CWE-918
Medium
Craft CMS Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2026-27128)
CVE-2026-27128
CWE-367
Medium
Craft CMS Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2026-27127)
CVE-2026-27127
CWE-367
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-27126)
CVE-2026-27126
CWE-707
Medium
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2026-27100)
CVE-2026-27100
CWE-200
Medium
osTicket Observable Discrepancy Vulnerability (CVE-2026-26895)
CVE-2026-26895
CWE-203
Medium
Envoy Proxy Use After Free Vulnerability (CVE-2026-26311)
CVE-2026-26311
CWE-416
Medium
Envoy Proxy Off-by-one Error Vulnerability (CVE-2026-26309)
CVE-2026-26309
CWE-193
Medium
Cross Site Scripting (Category Description) (CMS Made Simple)
CVE-2017-6555
CWE-79
Medium
phpMyFAQ Missing Authorization Vulnerability (CVE-2026-24421)
CVE-2026-24421
CWE-862
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-25496)
CVE-2026-25496
CWE-707
Medium
Atlassian Confluence Stored Cross Site Scripting
CVE-2016-6283
-
Medium
Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-25491)
CVE-2026-25491
CWE-707
Medium
Craft CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2026-25492)
CVE-2026-25492
CWE-918
Medium
Craft CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2026-25493)
CVE-2026-25493
CWE-918
Medium
Craft CMS Server-Side Request Forgery (SSRF) Vulnerability (CVE-2026-25494)
CVE-2026-25494
CWE-918
Medium
Atlassian Confluence Access Restriction Bypass
CVE-2017-9505
-
Medium
PrestaShop Observable Timing Discrepancy Vulnerability (CVE-2026-25597)
CVE-2026-25597
CWE-208
Medium
Moodle Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-26047)
CVE-2026-26047
CWE-770
Medium
MongoDb Missing Authorization Vulnerability (CVE-2026-25609)
CVE-2026-25609
CWE-862
Medium
MongoDb Reachable Assertion Vulnerability (CVE-2026-25610)
CVE-2026-25610
CWE-617
Medium
MongoDb Incorrect Type Conversion or Cast Vulnerability (CVE-2026-25613)
CVE-2026-25613
CWE-704
Medium
Apache Tomcat URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2026-25854)
CVE-2026-25854
CWE-601
Medium
XWikiplatform Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2026-26000)
CVE-2026-26000
CWE-1021
Medium
Cross Site Scripting (globalmetadata) (CMS Made Simple)
CVE-2017-6556
CWE-79
Medium
Chamilo Missing Authorization Vulnerability (CVE-2025-59544)
CVE-2025-59544
CWE-862
Medium
Jenkins Improper Output Neutralization for Logs Vulnerability (CVE-2025-59476)
CVE-2025-59476
CWE-117
Medium
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-3628)
CVE-2025-3628
CWE-200
Medium
Liferay DXP Missing Critical Step in Authentication Vulnerability (CVE-2025-43798)
CVE-2025-43798
CWE-304
Medium
Liferay Portal Missing Authorization Vulnerability (CVE-2025-43805)
CVE-2025-43805
CWE-862
Medium
Liferay DXP Missing Authorization Vulnerability (CVE-2025-43805)
CVE-2025-43805
CWE-862
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43804)
CVE-2025-43804
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43804)
CVE-2025-43804
CWE-707
Medium
Liferay Portal Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-43803)
CVE-2025-43803
CWE-639
Medium
Liferay DXP Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-43803)
CVE-2025-43803
CWE-639
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43802)
CVE-2025-43802
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43802)
CVE-2025-43802
CWE-707
Medium
Argo CD Information Disclosure (CVE-2024-37152)
CVE-2024-37152
CWE-287
Medium
Jira QueryComponent Information Disclosure (CVE-2020-14179)
CVE-2020-14179
CWE-288
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43800)
CVE-2025-43800
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43800)
CVE-2025-43800
CWE-707
Medium
Liferay DXP Use of Default Password Vulnerability (CVE-2025-43799)
CVE-2025-43799
-
Medium
Liferay Portal Use of Default Password Vulnerability (CVE-2025-43799)
CVE-2025-43799
-
Medium
Liferay Portal Insecure Default Initialization of Resource Vulnerability (CVE-2025-43797)
CVE-2025-43797
CWE-1188
Medium
Liferay DXP Incorrect Authorization Vulnerability (CVE-2025-43806)
CVE-2025-43806
CWE-863
Medium
Liferay DXP Insecure Default Initialization of Resource Vulnerability (CVE-2025-43797)
CVE-2025-43797
CWE-1188
Medium
BeyondTrust Secure Remote Access Base XSS (CVE-2021-31589)
CVE-2021-31589
CWE-79
Medium
Liferay DXP URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2025-43795)
CVE-2025-43795
CWE-601
Medium
Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2025-43795)
CVE-2025-43795
CWE-601
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43794)
CVE-2025-43794
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43794)
CVE-2025-43794
CWE-707
Medium
Liferay Portal External Control of System or Configuration Setting Vulnerability (CVE-2025-43792)
CVE-2025-43792
CWE-15
Medium
Liferay DXP External Control of System or Configuration Setting Vulnerability (CVE-2025-43792)
CVE-2025-43792
CWE-15
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43791)
CVE-2025-43791
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43791)
CVE-2025-43791
CWE-707
Medium
Liferay Portal Incorrect Authorization Vulnerability (CVE-2025-43789)
CVE-2025-43789
CWE-863
Medium
Liferay DXP Incorrect Authorization Vulnerability (CVE-2025-43789)
CVE-2025-43789
CWE-863
Medium
Liferay Portal Missing Authorization Vulnerability (CVE-2025-43788)
CVE-2025-43788
CWE-862
Medium
Liferay DXP Missing Authorization Vulnerability (CVE-2025-43788)
CVE-2025-43788
CWE-862
Medium
Liferay Portal Incorrect Authorization Vulnerability (CVE-2025-43806)
CVE-2025-43806
CWE-863
Medium