Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Missing Update

This page lists 23101 vulnerabilities in this category.

Critical: 1474 High: 12458 Medium: 8395 Low: 770 Information: 4
Vulnerability Name
CVE
CWE
Severity
axios Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2026-25639)
CVE-2026-25639
CWE-754
High
MOVEit Transfer Unverified Password Change Vulnerability (CVE-2025-11235)
CVE-2025-11235
CWE-620
High
e107 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2025-11941)
CVE-2025-11941
CWE-22
High
Craft CMS Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') Vulnerability (CVE-2026-25498)
CVE-2026-25498
CWE-470
High
Craft CMS Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2026-25497)
CVE-2026-25497
CWE-639
High
Craft CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-25495)
CVE-2026-25495
CWE-138
High
Apache Tomcat Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2026-24880)
CVE-2026-24880
-
High
Apache Tomcat CVE-2026-24734 Vulnerability (CVE-2026-24734)
CVE-2026-24734
-
High
Skipper Unintended Proxy or Intermediary ('Confused Deputy') Vulnerability (CVE-2026-24470)
CVE-2026-24470
CWE-441
High
phpMyFAQ CVE-2026-24422 Vulnerability (CVE-2026-24422)
CVE-2026-24422
-
High
MongoDb Reachable Assertion Vulnerability (CVE-2025-13644)
CVE-2025-13644
CWE-617
High
osTicket Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2026-22200)
CVE-2026-22200
CWE-138
High
Joomla External Control of File Name or Path Vulnerability (CVE-2026-23898)
CVE-2026-23898
CWE-73
High
PHP Out-of-bounds Read Vulnerability (CVE-2025-14177)
CVE-2025-14177
CWE-125
High
PHP Integer Overflow or Wraparound Vulnerability (CVE-2025-14178)
CVE-2025-14178
CWE-190
High
PHP NULL Pointer Dereference Vulnerability (CVE-2025-14180)
CVE-2025-14180
CWE-476
High
React Uncontrolled Resource Consumption Vulnerability (CVE-2026-23864)
CVE-2026-23864
CWE-400
High
Django Inefficient Algorithmic Complexity Vulnerability (CVE-2025-14550)
CVE-2025-14550
CWE-407
High
MongoDb Improper Handling of Length Parameter Inconsistency Vulnerability (CVE-2025-14847)
CVE-2025-14847
CWE-130
High
Skipper Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-23742)
CVE-2026-23742
CWE-94
High
OpenSSL Out-of-bounds Write Vulnerability (CVE-2025-15467)
CVE-2025-15467
CWE-787
High
Dolibarr Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-22666)
CVE-2026-22666
CWE-94
High
Envoy Proxy Always-Incorrect Control Flow Implementation Vulnerability (CVE-2024-53271)
CVE-2024-53271
CWE-670
High
Envoy Proxy Always-Incorrect Control Flow Implementation Vulnerability (CVE-2024-53269)
CVE-2024-53269
CWE-670
High
SharePoint Integer Overflow or Wraparound Vulnerability (CVE-2025-26642)
CVE-2025-26642
CWE-190
High
Squid Improper Resource Locking Vulnerability (CVE-2026-32748)
CVE-2026-32748
CWE-413
High
Apache HTTP Server Server-Side Request Forgery (SSRF) Vulnerability (CVE-2024-43394)
CVE-2024-43394
CWE-918
High
Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2026-32931)
CVE-2026-32931
CWE-434
High
XWiki Missing Authorization Vulnerability (CVE-2024-43401)
CVE-2024-43401
CWE-862
High
Chamilo Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2026-32930)
CVE-2026-32930
CWE-639
High
Moodle Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-43425)
CVE-2024-43425
CWE-94
High
Moodle Improper Validation of Specified Type of Input Vulnerability (CVE-2024-43426)
CVE-2024-43426
CWE-1287
High
Chamilo NULL Pointer Dereference Vulnerability (CVE-2026-32894)
CVE-2026-32894
CWE-476
High
Moodle Insufficient Verification of Data Authenticity Vulnerability (CVE-2024-43428)
CVE-2024-43428
CWE-345
High
Chamilo Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2026-32892)
CVE-2026-32892
CWE-138
High
Moodle Missing Authorization Vulnerability (CVE-2024-43431)
CVE-2024-43431
CWE-862
High
Jenkins Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2024-43044)
CVE-2024-43044
CWE-754
High
Moodle Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-43434)
CVE-2024-43434
CWE-22
High
Craft CMS Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') Vulnerability (CVE-2026-32264)
CVE-2026-32264
CWE-470
High
Moodle Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2024-43436)
CVE-2024-43436
CWE-138
High
Craft CMS Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') Vulnerability (CVE-2026-32263)
CVE-2026-32263
CWE-470
High
Moodle Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2024-43438)
CVE-2024-43438
CWE-639
High
Moodle Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-43440)
CVE-2024-43440
CWE-22
High
SharePoint CVE-2024-43464 Vulnerability (CVE-2024-43464)
CVE-2024-43464
-
High
SharePoint CVE-2024-43466 Vulnerability (CVE-2024-43466)
CVE-2024-43466
-
High
SharePoint CVE-2024-43503 Vulnerability (CVE-2024-43503)
CVE-2024-43503
-
High
Django CVE-2024-45230 Vulnerability (CVE-2024-45230)
CVE-2024-45230
-
High
Apache HTTP Server Server-Side Request Forgery (SSRF) Vulnerability (CVE-2024-43204)
CVE-2024-43204
CWE-918
High
Jenkins Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2026-33001)
CVE-2026-33001
CWE-59
High
Tornado Uncontrolled Resource Consumption Vulnerability (CVE-2026-31958)
CVE-2026-31958
CWE-400
High
Craft CMS Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') Vulnerability (CVE-2026-33157)
CVE-2026-33157
CWE-470
High
Apache HTTP Server Improper Input Validation Vulnerability (CVE-2024-39573)
CVE-2024-39573
CWE-20
High
Django Improper Handling of Length Parameter Inconsistency Vulnerability (CVE-2024-39614)
CVE-2024-39614
CWE-130
High
Next.js Uncontrolled Resource Consumption Vulnerability (CVE-2024-39693)
CVE-2024-39693
CWE-400
High
Squid Use After Free Vulnerability (CVE-2026-33526)
CVE-2026-33526
CWE-416
High
MongoDb Improper Input Validation Vulnerability (CVE-2024-3372)
CVE-2024-3372
CWE-20
High
Beego Framework Improper Certificate Validation Vulnerability (CVE-2024-40464)
CVE-2024-40464
CWE-295
High
Beego Framework Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2024-40465)
CVE-2024-40465
CWE-327
High
Ruby on Rails Uncontrolled Resource Consumption Vulnerability (CVE-2026-33176)
CVE-2026-33176
CWE-400
High
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2024-40597)
CVE-2024-40597
CWE-200
High
Ruby on Rails Memory Allocation with Excessive Size Value Vulnerability (CVE-2026-33174)
CVE-2026-33174
CWE-789
High
Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-40748)
CVE-2024-40748
CWE-707
High
LimeSurvey Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2024-42902)
CVE-2024-42902
CWE-94
High
Joomla Other Vulnerability (CVE-2024-40749)
CVE-2024-40749
-
High
Apache HTTP Server Server-Side Request Forgery (SSRF) Vulnerability (CVE-2024-40898)
CVE-2024-40898
CWE-918
High
PrestaShop Server-Side Request Forgery (SSRF) Vulnerability (CVE-2024-41651)
CVE-2024-41651
CWE-918
High
Django Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-33034)
CVE-2026-33034
CWE-770
High
Craft CMS Improper Authentication Vulnerability (CVE-2024-41800)
CVE-2024-41800
CWE-287
High
Django CVE-2024-41989 Vulnerability (CVE-2024-41989)
CVE-2024-41989
-
High
Django CVE-2024-41990 Vulnerability (CVE-2024-41990)
CVE-2024-41990
-
High
Django Improper Validation of Specified Quantity in Input Vulnerability (CVE-2024-41991)
CVE-2024-41991
CWE-1284
High
Apache HTTP Server Improper Input Validation Vulnerability (CVE-2024-42516)
CVE-2024-42516
CWE-20
High
Jenkins Reliance on Reverse DNS Resolution for a Security-Critical Action Vulnerability (CVE-2026-33002)
CVE-2026-33002
CWE-350
High
Contao Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2024-45398)
CVE-2024-45398
CWE-434
High
Chamilo Session Fixation Vulnerability (CVE-2026-31940)
CVE-2026-31940
CWE-384
High