🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Invicti vs. Competitors
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
MSSP
Documentation
Vulnerability Database
Get a demo
Home
/
Web Application Vulnerabilities
/ Known Vulnerabilities
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
Known Vulnerabilities
This page lists
15072 vulnerabilities
in this category.
Critical: 1617
High: 4043
Medium: 8626
Low: 784
Information: 2
Vulnerability Name
CVE
CWE
Severity
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-31549)
CVE-2021-31549
CWE-200
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43800)
CVE-2025-43800
CWE-707
Medium
CKEditor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-32809)
CVE-2021-32809
CWE-707
Medium
MySQL CVE-2021-2339 Vulnerability (CVE-2021-2339)
CVE-2021-2339
-
Medium
Liferay DXP Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-43763)
CVE-2025-43763
CWE-918
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43755)
CVE-2025-43755
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43755)
CVE-2025-43755
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43756)
CVE-2025-43756
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43756)
CVE-2025-43756
CWE-707
Medium
Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-35361)
CVE-2021-35361
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43757)
CVE-2025-43757
CWE-707
Medium
Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-35360)
CVE-2021-35360
CWE-707
Medium
Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-35358)
CVE-2021-35358
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43757)
CVE-2025-43757
CWE-707
Medium
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-35210)
CVE-2021-35210
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43761)
CVE-2025-43761
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43761)
CVE-2025-43761
CWE-707
Medium
Liferay DXP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2025-43762)
CVE-2025-43762
CWE-770
Medium
Liferay Portal Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2025-43762)
CVE-2025-43762
CWE-770
Medium
Nexus Repository Manager Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-34553)
CVE-2021-34553
CWE-22
Medium
Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-35415)
CVE-2021-35415
CWE-707
Medium
SharePoint CVE-2021-34517 Vulnerability (CVE-2021-34517)
CVE-2021-34517
-
Medium
Liferay Portal Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-43763)
CVE-2025-43763
CWE-918
Medium
Liferay DXP Inefficient Regular Expression Complexity Vulnerability (CVE-2025-43764)
CVE-2025-43764
CWE-1333
Medium
Liferay Portal Inefficient Regular Expression Complexity Vulnerability (CVE-2025-43764)
CVE-2025-43764
CWE-1333
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43765)
CVE-2025-43765
CWE-707
Medium
Jetty Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-34429)
CVE-2021-34429
CWE-200
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43765)
CVE-2025-43765
CWE-707
Medium
Liferay DXP URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2025-43767)
CVE-2025-43767
CWE-601
Medium
Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2025-43767)
CVE-2025-43767
CWE-601
Medium
Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-33829)
CVE-2021-33829
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43769)
CVE-2025-43769
CWE-707
Medium
Squid Improper Input Validation Vulnerability (CVE-2021-33620)
CVE-2021-33620
CWE-20
Medium
Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-33618)
CVE-2021-33618
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43769)
CVE-2025-43769
CWE-707
Medium
Liferay DXP Observable Timing Discrepancy Vulnerability (CVE-2025-43754)
CVE-2025-43754
CWE-208
Medium
Liferay Portal Observable Timing Discrepancy Vulnerability (CVE-2025-43754)
CVE-2025-43754
CWE-208
Medium
Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-33512)
CVE-2021-33512
CWE-707
Medium
Oracle JRE CVE-2021-35567 Vulnerability (CVE-2021-35567)
CVE-2021-35567
-
Medium
WP Plugin Contact Form 7 Improper Validation of Integrity Check Value Vulnerability (CVE-2025-3247)
CVE-2025-3247
CWE-354
Medium
MySQL CVE-2021-35608 Vulnerability (CVE-2021-35608)
CVE-2021-35608
-
Medium
Moodle Improper Authentication Vulnerability (CVE-2025-3627)
CVE-2025-3627
CWE-287
Medium
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-3628)
CVE-2025-3628
CWE-200
Medium
Moodle Improper Authentication Vulnerability (CVE-2025-3634)
CVE-2025-3634
CWE-287
Medium
MySQL CVE-2021-35607 Vulnerability (CVE-2021-35607)
CVE-2021-35607
-
Medium
MySQL CVE-2021-35602 Vulnerability (CVE-2021-35602)
CVE-2021-35602
-
Medium
MySQL CVE-2021-35597 Vulnerability (CVE-2021-35597)
CVE-2021-35597
-
Medium
MySQL CVE-2021-35596 Vulnerability (CVE-2021-35596)
CVE-2021-35596
-
Medium
Moodle Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-3636)
CVE-2025-3636
CWE-639
Medium
Moodle Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-3640)
CVE-2025-3640
CWE-639
Medium
MySQL CVE-2021-35591 Vulnerability (CVE-2021-35591)
CVE-2021-35591
-
Medium
MySQL CVE-2021-35577 Vulnerability (CVE-2021-35577)
CVE-2021-35577
-
Medium
MySQL CVE-2021-35575 Vulnerability (CVE-2021-35575)
CVE-2021-35575
-
Medium
WebLogic CVE-2021-35552 Vulnerability (CVE-2021-35552)
CVE-2021-35552
-
Medium
Liferay DXP Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-43747)
CVE-2025-43747
CWE-918
Medium
MySQL CVE-2021-35546 Vulnerability (CVE-2021-35546)
CVE-2021-35546
-
Medium
MySQL CVE-2021-35537 Vulnerability (CVE-2021-35537)
CVE-2021-35537
-
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-3643)
CVE-2025-3643
CWE-707
Medium
Moodle Incorrect Authorization Vulnerability (CVE-2025-3644)
CVE-2025-3644
CWE-863
Medium
Moodle Incorrect Authorization Vulnerability (CVE-2025-3645)
CVE-2025-3645
CWE-863
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-35463)
CVE-2021-35463
CWE-707
Medium
Moodle Incorrect Authorization Vulnerability (CVE-2025-3647)
CVE-2025-3647
CWE-863
Medium
AbanteCart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-40626)
CVE-2025-40626
CWE-707
Medium
AbanteCart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-40627)
CVE-2025-40627
CWE-707
Medium
LimeSurvey Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2025-41076)
CVE-2025-41076
CWE-209
Medium
Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-41117)
CVE-2025-41117
CWE-707
Medium
LimeSurvey Improper Neutralization of CRLF Sequences ('CRLF Injection') Vulnerability (CVE-2025-41376)
CVE-2025-41376
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43746)
CVE-2025-43746
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43746)
CVE-2025-43746
CWE-707
Medium
Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-33513)
CVE-2021-33513
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43770)
CVE-2025-43770
CWE-707
Medium
Liferay DXP Use of Default Password Vulnerability (CVE-2025-43799)
CVE-2025-43799
-
Medium
Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2021-33324)
CVE-2021-33324
CWE-276
Medium
Liferay Portal Observable Discrepancy Vulnerability (CVE-2025-43786)
CVE-2025-43786
CWE-203
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43787)
CVE-2025-43787
CWE-707
Medium
«
1
...
108
109
110
...
201
»