Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Missing Update

This page lists 23101 vulnerabilities in this category.

Critical: 1474 High: 12458 Medium: 8395 Low: 770 Information: 4
Vulnerability Name
CVE
CWE
Severity
Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2026-27099)
CVE-2026-27099
CWE-707
High
PostgreSQL Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2024-7348)
CVE-2024-7348
CWE-367
High
MongoDb CVE-2024-7553 Vulnerability (CVE-2024-7553)
CVE-2024-7553
-
High
Python Inefficient Regular Expression Complexity Vulnerability (CVE-2024-7592)
CVE-2024-7592
CWE-1333
High
ProjectSend Use of Insufficiently Random Values Vulnerability (CVE-2024-7659)
CVE-2024-7659
CWE-330
High
Jboss EAP CVE-2024-7885 Vulnerability (CVE-2024-7885)
CVE-2024-7885
-
High
Envoy Proxy Use After Free Vulnerability (CVE-2026-26330)
CVE-2026-26330
CWE-416
High
Payara Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-8215)
CVE-2024-8215
CWE-707
High
Envoy Proxy Incorrect Authorization Vulnerability (CVE-2026-26308)
CVE-2026-26308
CWE-863
High
ZenCart Inclusion of Functionality from Untrusted Control Sphere Vulnerability (CVE-2024-5762)
CVE-2024-5762
CWE-829
High
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2026-26114)
CVE-2026-26114
CWE-502
High
SharePoint Other Vulnerability (CVE-2026-26113)
CVE-2026-26113
-
High
SharePoint CVE-2026-26106 Vulnerability (CVE-2026-26106)
CVE-2026-26106
-
High
PHP Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2024-8926)
CVE-2024-8926
CWE-138
High
PHP Other Vulnerability (CVE-2024-8927)
CVE-2024-8927
-
High
Moodle Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2026-26046)
CVE-2026-26046
CWE-138
High
Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-26045)
CVE-2026-26045
CWE-94
High
Grafana Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2024-9264)
CVE-2024-9264
CWE-138
High
Python Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2024-9287)
CVE-2024-9287
CWE-138
High
Jetty Uncontrolled Resource Consumption Vulnerability (CVE-2024-9823)
CVE-2024-9823
CWE-400
High
OpenSSL Access of Resource Using Incompatible Type ('Type Confusion') Vulnerability (CVE-2024-6119)
CVE-2024-6119
CWE-843
High
PHP Improper Encoding or Escaping of Output Vulnerability (CVE-2024-5585)
CVE-2024-5585
CWE-116
High
MongoDb Heap-based Buffer Overflow Vulnerability (CVE-2025-0755)
CVE-2025-0755
CWE-122
High
Grafana CVE-2026-27877 Vulnerability (CVE-2026-27877)
CVE-2026-27877
-
High
Apache Traffic Server Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2024-53868)
CVE-2024-53868
-
High
Django Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-53907)
CVE-2024-53907
CWE-770
High
Drupal Improper Handling of Case Sensitivity Vulnerability (CVE-2024-55634)
CVE-2024-55634
CWE-178
High
XWikiplatform Incorrect Authorization Vulnerability (CVE-2024-55662)
CVE-2024-55662
CWE-863
High
XWikiplatform Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-55877)
CVE-2024-55877
CWE-94
High
XWikiplatform Missing Authorization Vulnerability (CVE-2024-55879)
CVE-2024-55879
CWE-862
High
Beego Framework Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2024-55885)
CVE-2024-55885
CWE-327
High
phpMyFAQ User Interface (UI) Misrepresentation of Critical Information Vulnerability (CVE-2024-55889)
CVE-2024-55889
CWE-451
High
Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-27885)
CVE-2026-27885
CWE-138
High
Grafana Out-of-bounds Write Vulnerability (CVE-2026-27880)
CVE-2026-27880
CWE-787
High
TYPO3 Exposed Dangerous Method or Function Vulnerability (CVE-2024-55921)
CVE-2024-55921
CWE-749
High
Opencart Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-58341)
CVE-2024-58341
CWE-138
High
phpMyFAQ Missing Authorization Vulnerability (CVE-2026-27836)
CVE-2026-27836
CWE-862
High
Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-27834)
CVE-2026-27834
CWE-138
High
TYPO3 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-55924)
CVE-2024-55924
CWE-352
High
Piwigo Missing Authorization Vulnerability (CVE-2026-27833)
CVE-2026-27833
CWE-862
High
Underscore.js Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-27601)
CVE-2026-27601
CWE-770
High
phpMyFAQ Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) Vulnerability (CVE-2024-56199)
CVE-2024-56199
CWE-707
High
Django Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-56374)
CVE-2024-56374
CWE-770
High
Perl Out-of-bounds Write Vulnerability (CVE-2024-56406)
CVE-2024-56406
CWE-787
High
Dotclear Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2024-58281)
CVE-2024-58281
CWE-434
High
Serendipity Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2024-58282)
CVE-2024-58282
CWE-434
High
WordPress Ultimate Member Plugin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-0308)
CVE-2025-0308
CWE-138
High
Django Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-25673)
CVE-2026-25673
CWE-770
High
Envoy Proxy NULL Pointer Dereference Vulnerability (CVE-2024-53270)
CVE-2024-53270
CWE-476
High
XWikiplatform Missing Authorization Vulnerability (CVE-2025-23025)
CVE-2025-23025
CWE-862
High
Oracle Database Server CVE-2026-21939 Vulnerability (CVE-2026-21939)
CVE-2026-21939
-
High
Oracle JRE CVE-2026-21932 Vulnerability (CVE-2026-21932)
CVE-2026-21932
-
High
Jetty Uncontrolled Resource Consumption Vulnerability (CVE-2025-1948)
CVE-2025-1948
CWE-400
High
SharePoint CVE-2025-21344 Vulnerability (CVE-2025-21344)
CVE-2025-21344
-
High
SharePoint CVE-2025-21348 Vulnerability (CVE-2025-21348)
CVE-2025-21348
-
High
SharePoint CVE-2025-21400 Vulnerability (CVE-2025-21400)
CVE-2025-21400
-
High
WebLogic Uncontrolled Resource Consumption Vulnerability (CVE-2025-21549)
CVE-2025-21549
CWE-400
High
Oracle JRE Improper Access Control Vulnerability (CVE-2025-21587)
CVE-2025-21587
CWE-284
High
Atlassian Confluence Asymmetric Resource Consumption (Amplification) Vulnerability (CVE-2025-22166)
CVE-2025-22166
CWE-405
High
Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2025-23209)
CVE-2025-23209
CWE-94
High
PHP Improper Input Validation Vulnerability (CVE-2025-1736)
CVE-2025-1736
CWE-20
High
Grafana Incorrect Authorization Vulnerability (CVE-2026-21721)
CVE-2026-21721
CWE-863
High
Grafana Uncontrolled Resource Consumption Vulnerability (CVE-2026-21720)
CVE-2026-21720
CWE-400
High
Joomla CVE-2025-25227 Vulnerability (CVE-2025-25227)
CVE-2025-25227
-
High
CubeCart Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2026-21719)
CVE-2026-21719
CWE-138
High
GibbonEdu Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2025-26211)
CVE-2025-26211
CWE-352
High
Moodle Files or Directories Accessible to External Parties Vulnerability (CVE-2025-26525)
CVE-2025-26525
CWE-552
High
Joomla Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-21630)
CVE-2026-21630
CWE-138
High
Joomla Improper Access Control Vulnerability (CVE-2026-21629)
CVE-2026-21629
CWE-284
High
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2026-21511)
CVE-2026-21511
CWE-502
High
SharePoint Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2026-21260)
CVE-2026-21260
CWE-200
High
Oracle JRE Uncontrolled Resource Consumption Vulnerability (CVE-2026-21945)
CVE-2026-21945
CWE-400
High
PHP Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-1735)
CVE-2025-1735
CWE-138
High
MongoDb Operation on a Resource after Expiration or Release Vulnerability (CVE-2025-10060)
CVE-2025-10060
CWE-672
High
Joomla Improper Access Control Vulnerability (CVE-2026-23899)
CVE-2026-23899
CWE-284
High