Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Missing Update

This page lists 23101 vulnerabilities in this category.

Critical: 1474 High: 12458 Medium: 8395 Low: 770 Information: 4
Vulnerability Name
CVE
CWE
Severity
Payara URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2024-7312)
CVE-2024-7312
CWE-601
Medium
ProjectSend Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2024-7658)
CVE-2024-7658
CWE-639
Medium
Jetty Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-8184)
CVE-2024-8184
CWE-770
Medium
MongoDb Externally Controlled Reference to a Resource in Another Sphere Vulnerability (CVE-2024-8207)
CVE-2024-8207
CWE-610
Medium
AngularJS Other Vulnerability (CVE-2024-8372)
CVE-2024-8372
-
Medium
MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-11261)
CVE-2025-11261
CWE-707
Medium
AngularJS Other Vulnerability (CVE-2024-8373)
CVE-2024-8373
-
Medium
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-8519)
CVE-2024-8519
CWE-707
Medium
WordPress Ultimate Member Plugin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-8520)
CVE-2024-8520
CWE-352
Medium
PHP Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2024-8925)
CVE-2024-8925
-
Medium
PHP Out-of-bounds Read Vulnerability (CVE-2024-8929)
CVE-2024-8929
CWE-125
Medium
Liferay DXP Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-8980)
CVE-2024-8980
CWE-352
Medium
Liferay Portal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-8980)
CVE-2024-8980
CWE-352
Medium
WP Plugin Advanced Custom Fields CVE-2024-9529 Vulnerability (CVE-2024-9529)
CVE-2024-9529
-
Medium
WordPress Ultimate Member Plugin CVE-2025-0318 Vulnerability (CVE-2025-0318)
CVE-2025-0318
-
Medium
MongoDb Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2025-10059)
CVE-2025-10059
CWE-732
Medium
MongoDb CVE-2025-10061 Vulnerability (CVE-2025-10061)
CVE-2025-10061
-
Medium
DataTables Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2025-11031)
CVE-2025-11031
CWE-22
Medium
Jetty Improper Input Validation Vulnerability (CVE-2025-11143)
CVE-2025-11143
CWE-20
Medium
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2025-11187)
CVE-2025-11187
CWE-476
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-43439)
CVE-2024-43439
CWE-707
Medium
Moodle Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2024-43435)
CVE-2024-43435
CWE-754
Medium
GeoServer Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2025-21621)
CVE-2025-21621
CWE-707
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-29374)
CVE-2024-29374
CWE-707
Medium
Contao Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-28190)
CVE-2024-28190
CWE-707
Medium
Contao Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2024-28191)
CVE-2024-28191
CWE-138
Medium
Contao CVE-2024-28234 Vulnerability (CVE-2024-28234)
CVE-2024-28234
-
Medium
Contao CVE-2024-28235 Vulnerability (CVE-2024-28235)
CVE-2024-28235
-
Medium
Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-28593)
CVE-2024-28593
CWE-94
Medium
Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-28662)
CVE-2024-28662
CWE-707
Medium
LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-28709)
CVE-2024-28709
CWE-707
Medium
LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-28710)
CVE-2024-28710
CWE-707
Medium
IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-28793)
CVE-2024-28793
CWE-707
Medium
Ampache Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-28852)
CVE-2024-28852
CWE-707
Medium
Ampache Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-28853)
CVE-2024-28853
CWE-707
Medium
phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-29179)
CVE-2024-29179
CWE-707
Medium
TinyMCE Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-29203)
CVE-2024-29203
CWE-707
Medium
TinyMCE Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-29881)
CVE-2024-29881
CWE-707
Medium
phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-28106)
CVE-2024-28106
CWE-707
Medium
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-2123)
CVE-2024-2123
CWE-707
Medium
WP Plugin Contact Form 7 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-2242)
CVE-2024-2242
CWE-707
Medium
Artifactory Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-2247)
CVE-2024-2247
CWE-707
Medium
PHP Observable Discrepancy Vulnerability (CVE-2024-2408)
CVE-2024-2408
CWE-203
Medium
WordPress Ultimate Member Plugin Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-2765)
CVE-2024-2765
CWE-707
Medium
Chamilo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-30617)
CVE-2024-30617
CWE-352
Medium
Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-30618)
CVE-2024-30618
CWE-707
Medium
XWikiplatform Use of Password Hash With Insufficient Computational Effort Vulnerability (CVE-2024-31464)
CVE-2024-31464
CWE-916
Medium
XWikiplatform Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-31985)
CVE-2024-31985
CWE-352
Medium
Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-32464)
CVE-2024-32464
CWE-707
Medium
Moodle CVE-2024-33996 Vulnerability (CVE-2024-33996)
CVE-2024-33996
-
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-33997)
CVE-2024-33997
CWE-707
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-33998)
CVE-2024-33998
CWE-707
Medium
Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-34000)
CVE-2024-34000
CWE-707
Medium
phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-28108)
CVE-2024-28108
CWE-707
Medium
Dotclear Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-27626)
CVE-2024-27626
CWE-707
Medium
Moodle CVE-2024-34003 Vulnerability (CVE-2024-34003)
CVE-2024-34003
-
Medium
Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-26266)
CVE-2024-26266
CWE-707
Medium
Liferay DXP URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2024-25609)
CVE-2024-25609
CWE-601
Medium
Liferay Portal URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2024-25609)
CVE-2024-25609
CWE-601
Medium
Liferay Portal Insecure Default Initialization of Resource Vulnerability (CVE-2024-25610)
CVE-2024-25610
CWE-1188
Medium
Liferay DXP Insecure Default Initialization of Resource Vulnerability (CVE-2024-25610)
CVE-2024-25610
CWE-1188
Medium
Moodle CVE-2024-25979 Vulnerability (CVE-2024-25979)
CVE-2024-25979
-
Medium
Moodle CVE-2024-25980 Vulnerability (CVE-2024-25980)
CVE-2024-25980
-
Medium
Moodle CVE-2024-25981 Vulnerability (CVE-2024-25981)
CVE-2024-25981
-
Medium
Moodle Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2024-25983)
CVE-2024-25983
CWE-639
Medium
PrestaShop Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-26129)
CVE-2024-26129
CWE-22
Medium
Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-26143)
CVE-2024-26143
CWE-707
Medium
Ruby on Rails CVE-2024-26144 Vulnerability (CVE-2024-26144)
CVE-2024-26144
-
Medium
Liferay DXP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-26265)
CVE-2024-26265
CWE-770
Medium
Liferay Portal Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-26265)
CVE-2024-26265
CWE-770
Medium
Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-26266)
CVE-2024-26266
CWE-707
Medium
Liferay DXP Insecure Default Initialization of Resource Vulnerability (CVE-2024-26267)
CVE-2024-26267
CWE-1188
Medium
Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-27525)
CVE-2024-27525
CWE-707
Medium
Liferay Portal Insecure Default Initialization of Resource Vulnerability (CVE-2024-26267)
CVE-2024-26267
CWE-1188
Medium
Liferay Portal Observable Discrepancy Vulnerability (CVE-2024-26268)
CVE-2024-26268
CWE-203
Medium