Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Known Vulnerabilities

This page lists 14673 vulnerabilities in this category.

Critical: 1573 High: 3882 Medium: 8446 Low: 770 Information: 2
Vulnerability Name
CVE
CWE
Severity
TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-59018)
CVE-2025-59018
CWE-200
Medium
TYPO3 Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2025-59016)
CVE-2025-59016
CWE-209
Medium
TYPO3 Insufficient Entropy Vulnerability (CVE-2025-59015)
CVE-2025-59015
CWE-331
Medium
TYPO3 URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2025-59013)
CVE-2025-59013
CWE-601
Medium
Jira Unauthorized User Enumeration (CVE-2020-14181)
CVE-2020-14181
CWE-200
Medium
Next.js Improper Input Validation Vulnerability (CVE-2025-55173)
CVE-2025-55173
CWE-20
Medium
Hiawatha CVE-2025-57783 Vulnerability (CVE-2025-57783)
CVE-2025-57783
-
Medium
Contao Improper Privilege Management Vulnerability (CVE-2025-57759)
CVE-2025-57759
CWE-269
Medium
Contao Improper Access Control Vulnerability (CVE-2025-57758)
CVE-2025-57758
CWE-284
Medium
Contao Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-57757)
CVE-2025-57757
CWE-200
Medium
Contao Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2025-57756)
CVE-2025-57756
CWE-200
Medium
Next.js Use of Cache Containing Sensitive Information Vulnerability (CVE-2025-57752)
CVE-2025-57752
CWE-524
Medium
Cisco Adaptive Security Appliance (ASA) XSS (CVE-2020-3580)
CVE-2020-3580
CWE-79
Medium
Cisco RV Series Authentication Bypass (CVE-2021-1472)
CVE-2021-1472
CWE-119
Medium
Apache Tomcat Session Fixation Vulnerability (CVE-2025-55668)
CVE-2025-55668
CWE-384
Medium
Oracle E-Business Suite Frame Injection (CVE-2017-3528)
CVE-2017-3528
CWE-601
Medium
Payara Micro File Read (CVE-2021-41381)
CVE-2021-41381
CWE-22
Medium
SAP BO BIP SSRF (CVE-2020-6308)
CVE-2020-6308
CWE-918
Medium
Next.js CVE-2025-55183 Vulnerability (CVE-2025-55183)
CVE-2025-55183
-
Medium
React CVE-2025-55183 Vulnerability (CVE-2025-55183)
CVE-2025-55183
-
Medium
MySQL CVE-2025-50102 Vulnerability (CVE-2025-50102)
CVE-2025-50102
-
Medium
MySQL CVE-2025-50099 Vulnerability (CVE-2025-50099)
CVE-2025-50099
-
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43826)
CVE-2025-43826
CWE-707
Medium
XWikiplatform Missing Authorization Vulnerability (CVE-2025-46554)
CVE-2025-46554
CWE-862
Medium
Citrix ADC NetScaler Local File Inclusion (CVE-2020-8193)
CVE-2020-8193
CWE-284
Medium
SharePoint Improper Authentication Vulnerability (CVE-2025-49706)
CVE-2025-49706
CWE-287
Medium
Phpfastcache phpinfo publicly accessible (CVE-2021-37704)
CVE-2021-37704
CWE-200
Medium
Sonicwall SMA 100 Unintended proxy (CVE-2021-20042)
CVE-2021-20042
CWE-441
Medium
ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-48987)
CVE-2025-48987
CWE-707
Medium
MyBB Exposure of Sensitive Information Through Metadata Vulnerability (CVE-2025-48941)
CVE-2025-48941
CWE-1230
Medium
Django Improper Output Neutralization for Logs Vulnerability (CVE-2025-48432)
CVE-2025-48432
CWE-117
Medium
Next.js Missing Origin Validation in WebSockets Vulnerability (CVE-2025-48068)
CVE-2025-48068
-
Medium
TYPO3 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2025-47939)
CVE-2025-47939
CWE-434
Medium
TYPO3 Incorrect Authorization Vulnerability (CVE-2025-47937)
CVE-2025-47937
CWE-863
Medium
TYPO3 Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-47936)
CVE-2025-47936
CWE-918
Medium
SAP NW KW XSS vulnerability (CVE-2021-42063)
CVE-2021-42063
CWE-79
Medium
ServiceNow logout XSS (CVE-2022-38463)
CVE-2022-38463
CWE-79
Medium
Envoy Proxy Overly Restrictive Regular Expression Vulnerability (CVE-2025-46821)
CVE-2025-46821
CWE-186
Medium
WebERP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-46053)
CVE-2025-46053
CWE-138
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-4388)
CVE-2025-4388
CWE-707
Medium
Joomla! Core improper access check in webservice endpoints
CVE-2023-23752
CWE-200
Medium
Opencart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-45893)
CVE-2025-45893
CWE-707
Medium
Opencart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-45892)
CVE-2025-45892
CWE-707
Medium
osTicket Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-45387)
CVE-2025-45387
CWE-707
Medium
FluxBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-44110)
CVE-2025-44110
CWE-707
Medium
Mailman Incorrect Authorization Vulnerability (CVE-2025-43921)
CVE-2025-43921
CWE-863
Medium
Keycloak clients-registrations XSS (CVE-2021-20323)
CVE-2021-20323
CWE-79
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43830)
CVE-2025-43830
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43830)
CVE-2025-43830
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43829)
CVE-2025-43829
CWE-707
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43829)
CVE-2025-43829
CWE-707
Medium
Liferay Portal Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-43827)
CVE-2025-43827
CWE-639
Medium
Liferay DXP Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-43827)
CVE-2025-43827
CWE-639
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-43826)
CVE-2025-43826
CWE-707
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-4388)
CVE-2025-4388
CWE-707
Medium
OpenSSL Improper Certificate Validation Vulnerability (CVE-2025-4575)
CVE-2025-4575
CWE-295
Medium
MySQL Uncontrolled Resource Consumption Vulnerability (CVE-2025-50097)
CVE-2025-50097
CWE-400
Medium
MySQL Uncontrolled Resource Consumption Vulnerability (CVE-2025-50080)
CVE-2025-50080
CWE-400
Medium
MySQL Uncontrolled Resource Consumption Vulnerability (CVE-2025-50096)
CVE-2025-50096
CWE-400
Medium
MySQL Uncontrolled Resource Consumption Vulnerability (CVE-2025-50095)
CVE-2025-50095
CWE-400
Medium
MySQL Uncontrolled Resource Consumption Vulnerability (CVE-2025-50094)
CVE-2025-50094
CWE-400
Medium
MySQL Uncontrolled Resource Consumption Vulnerability (CVE-2025-50093)
CVE-2025-50093
CWE-400
Medium
MySQL Uncontrolled Resource Consumption Vulnerability (CVE-2025-50092)
CVE-2025-50092
CWE-400
Medium
MySQL Uncontrolled Resource Consumption Vulnerability (CVE-2025-50091)
CVE-2025-50091
CWE-400
Medium
MySQL Uncontrolled Resource Consumption Vulnerability (CVE-2025-50089)
CVE-2025-50089
CWE-400
Medium
MySQL Uncontrolled Resource Consumption Vulnerability (CVE-2025-50088)
CVE-2025-50088
CWE-400
Medium
MySQL CVE-2025-50087 Vulnerability (CVE-2025-50087)
CVE-2025-50087
-
Medium
MySQL Incorrect Authorization Vulnerability (CVE-2025-50086)
CVE-2025-50086
CWE-863
Medium
MySQL Incorrect Authorization Vulnerability (CVE-2025-50085)
CVE-2025-50085
CWE-863
Medium
MySQL Incorrect Authorization Vulnerability (CVE-2025-50084)
CVE-2025-50084
CWE-863
Medium
MySQL CVE-2025-50083 Vulnerability (CVE-2025-50083)
CVE-2025-50083
-
Medium
MySQL Uncontrolled Resource Consumption Vulnerability (CVE-2025-50082)
CVE-2025-50082
CWE-400
Medium
MySQL Uncontrolled Resource Consumption Vulnerability (CVE-2025-50079)
CVE-2025-50079
CWE-400
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-4576)
CVE-2025-4576
CWE-707
Medium
Liferay Portal Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-4655)
CVE-2025-4655
CWE-918
Medium