Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Known Vulnerabilities

This page lists 14673 vulnerabilities in this category.

Critical: 1573 High: 3882 Medium: 8446 Low: 770 Information: 2
Vulnerability Name
CVE
CWE
Severity
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43783)
CVE-2025-43783
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43783)
CVE-2025-43783
CWE-707
Medium
Liferay DXP Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-43782)
CVE-2025-43782
CWE-639
Medium
Liferay Portal Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-43782)
CVE-2025-43782
CWE-639
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43781)
CVE-2025-43781
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43781)
CVE-2025-43781
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43779)
CVE-2025-43779
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43779)
CVE-2025-43779
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43778)
CVE-2025-43778
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43778)
CVE-2025-43778
CWE-707
Medium
Liferay Portal Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2025-43777)
CVE-2025-43777
CWE-209
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43765)
CVE-2025-43765
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43769)
CVE-2025-43769
CWE-707
Medium
LISTSERV XSS (CVE-2022-39195)
CVE-2022-39195
CWE-79
Medium
KeyCloak Information Disclosure (CVE-2020-27838)
CVE-2020-27838
CWE-287
Medium
Liferay DXP URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2025-43767)
CVE-2025-43767
CWE-601
Medium
Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2025-43767)
CVE-2025-43767
CWE-601
Medium
XXE in Ivanti Connect Secure, Policy Secure and Neurons (CVE-2024-22024)
CVE-2024-22024
CWE-112
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43769)
CVE-2025-43769
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43770)
CVE-2025-43770
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43776)
CVE-2025-43776
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43770)
CVE-2025-43770
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43771)
CVE-2025-43771
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43771)
CVE-2025-43771
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43775)
CVE-2025-43775
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43775)
CVE-2025-43775
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43776)
CVE-2025-43776
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43824)
CVE-2025-43824
CWE-707
Medium
Liferay Portal Insertion of Sensitive Information Into Sent Data Vulnerability (CVE-2025-43825)
CVE-2025-43825
CWE-201
Medium
Jenkins Missing Authorization Vulnerability (CVE-2025-59475)
CVE-2025-59475
CWE-862
Medium
ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-52667)
CVE-2025-52667
CWE-707
Medium
Adminer Server Side Request Forgery (SSRF)
CVE-2021-21311
CWE-918
Medium
XWikiplatform Exposure of Private Personal Information to an Unauthorized Actor Vulnerability (CVE-2025-54125)
CVE-2025-54125
CWE-359
Medium
XWikiplatform Exposure of Private Personal Information to an Unauthorized Actor Vulnerability (CVE-2025-54124)
CVE-2025-54124
CWE-359
Medium
Apache HTTP Server Incorrect Check of Function Return Value Vulnerability (CVE-2025-54090)
CVE-2025-54090
CWE-253
Medium
SharePoint Improper Authentication Vulnerability (CVE-2025-53771)
CVE-2025-53771
CWE-287
Medium
SharePoint Buffer Over-read Vulnerability (CVE-2025-53736)
CVE-2025-53736
CWE-126
Medium
Oracle JRE Improper Access Control Vulnerability (CVE-2025-53057)
CVE-2025-53057
CWE-284
Medium
Oracle Database Server Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-53047)
CVE-2025-53047
CWE-200
Medium
Moodle Session Fixation Vulnerability (CVE-2025-53021)
CVE-2025-53021
CWE-384
Medium
EspoCRM Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2025-52892)
CVE-2025-52892
-
Medium
ReviveAdserver Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2025-52671)
CVE-2025-52671
CWE-209
Medium
ReviveAdserver Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-52670)
CVE-2025-52670
CWE-639
Medium
ReviveAdserver Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-52669)
CVE-2025-52669
CWE-200
Medium
ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-52668)
CVE-2025-52668
CWE-707
Medium
EspoCRM Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') Vulnerability (CVE-2025-52575)
CVE-2025-52575
CWE-138
Medium
ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-55123)
CVE-2025-55123
CWE-707
Medium
Chamilo Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) Vulnerability (CVE-2025-52564)
CVE-2025-52564
CWE-707
Medium
Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-52563)
CVE-2025-52563
CWE-707
Medium
Jetty ConcatServlet Information Disclosure (CVE-2021-28169)
CVE-2021-28169
CWE-200
Medium
Jetty Information Disclosure (CVE-2021-34429)
CVE-2021-28164
CWE-200
Medium
Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-52476)
CVE-2025-52476
CWE-707
Medium
Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-52475)
CVE-2025-52475
CWE-707
Medium
Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-52470)
CVE-2025-52470
CWE-707
Medium
Keycloak request_uri SSRF (CVE-2020-10770)
CVE-2020-10770
CWE-918
Medium
Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-52468)
CVE-2025-52468
CWE-707
Medium
XWikiplatform Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-51990)
CVE-2025-51990
CWE-707
Medium
Chamilo Deserialization of Untrusted Data Vulnerability (CVE-2025-50198)
CVE-2025-50198
CWE-502
Medium
Apache APISIX default token (CVE-2020-13945/CVE-2022-24112)
CVE-2022-24112
CWE-259
Medium
Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-50186)
CVE-2025-50186
CWE-707
Medium
MySQL CVE-2025-50103 Vulnerability (CVE-2025-50103)
CVE-2025-50103
-
Medium
Vulnerable package dependencies [medium]
-
CWE-1104
Medium
ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-55124)
CVE-2025-55124
CWE-707
Medium
MySQL CVE-2025-50101 Vulnerability (CVE-2025-50101)
CVE-2025-50101
-
Medium
Limited Remote File Read/Include in Jira Software Server
CVE-2021-26086
CWE-22
Medium
Jenkins Missing Authorization Vulnerability (CVE-2025-59474)
CVE-2025-59474
CWE-862
Medium
Adobe Experience Manager Information Disclosure via Apache Sling v2.3.6 vulnerability
CVE-2016-0956
CWE-668
Medium
EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-59428)
CVE-2025-59428
CWE-707
Medium
CubeCart Missing Authorization Vulnerability (CVE-2025-59413)
CVE-2025-59413
CWE-862
Medium
CubeCart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-59412)
CVE-2025-59412
CWE-707
Medium
CubeCart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-59411)
CVE-2025-59411
CWE-707
Medium
Squid Stack-based Buffer Overflow Vulnerability (CVE-2025-59362)
CVE-2025-59362
CWE-121
Medium
TYPO3 Missing Authorization Vulnerability (CVE-2025-59021)
CVE-2025-59021
CWE-862
Medium
TYPO3 Incorrect Authorization Vulnerability (CVE-2025-59020)
CVE-2025-59020
CWE-863
Medium
TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-59019)
CVE-2025-59019
CWE-200
Medium