🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Invicti vs. Competitors
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
MSSP
Documentation
Vulnerability Database
Get a demo
Home
/
Web Application Vulnerabilities
/ Missing Update
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
Missing Update
This page lists
23409 vulnerabilities
in this category.
Critical: 1513
High: 12591
Medium: 8518
Low: 783
Information: 4
Vulnerability Name
CVE
CWE
Severity
Liferay DXP Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2025-43790)
CVE-2025-43790
CWE-639
High
Chamilo Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2026-31939)
CVE-2026-31939
CWE-22
High
Craft CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-31858)
CVE-2026-31858
CWE-138
High
Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-31857)
CVE-2026-31857
CWE-94
High
Liferay DXP Improper Validation of Specified Quantity in Input Vulnerability (CVE-2025-43793)
CVE-2025-43793
CWE-1284
High
Liferay Portal Improper Validation of Specified Quantity in Input Vulnerability (CVE-2025-43793)
CVE-2025-43793
CWE-1284
High
OpenSSL Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2026-31790)
CVE-2026-31790
CWE-754
High
LiteSpeed Web Server Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2026-31386)
CVE-2026-31386
CWE-138
High
Oracle JRE CVE-2025-30749 Vulnerability (CVE-2025-30749)
CVE-2025-30749
-
High
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2025-30384)
CVE-2025-30384
CWE-502
High
Craft CMS Improper Neutralization of Special Elements Used in a Template Engine Vulnerability (CVE-2026-28695)
CVE-2026-28695
CWE-138
High
Django Authentication Bypass by Spoofing Vulnerability (CVE-2026-3902)
CVE-2026-3902
CWE-290
High
Apache Tomcat Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-41284)
CVE-2026-41284
CWE-770
High
math.js Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability (CVE-2026-41139)
CVE-2026-41139
CWE-915
High
math.js Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability (CVE-2026-40897)
CVE-2026-40897
CWE-915
High
Joomla Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2026-40384)
CVE-2026-40384
CWE-22
High
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2026-40368)
CVE-2026-40368
CWE-502
High
SharePoint Untrusted Pointer Dereference Vulnerability (CVE-2026-40367)
CVE-2026-40367
CWE-822
High
SharePoint Insufficient Granularity of Access Control Vulnerability (CVE-2026-40365)
CVE-2026-40365
CWE-1220
High
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2026-40357)
CVE-2026-40357
CWE-502
High
Chamilo Improper Privilege Management Vulnerability (CVE-2026-40291)
CVE-2026-40291
CWE-269
High
XWikiplatform Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-40104)
CVE-2026-40104
CWE-770
High
MongoDb Reachable Assertion Vulnerability (CVE-2025-13644)
CVE-2025-13644
CWE-617
High
MOVEit Transfer Unverified Password Change Vulnerability (CVE-2025-11235)
CVE-2025-11235
CWE-620
High
Python Improper Input Validation Vulnerability (CVE-2026-3644)
CVE-2026-3644
CWE-20
High
PHP Out-of-bounds Read Vulnerability (CVE-2025-14177)
CVE-2025-14177
CWE-125
High
PHP Integer Overflow or Wraparound Vulnerability (CVE-2025-14178)
CVE-2025-14178
CWE-190
High
PHP NULL Pointer Dereference Vulnerability (CVE-2025-14180)
CVE-2025-14180
CWE-476
High
Jboss EAP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-3260)
CVE-2026-3260
CWE-770
High
Django Inefficient Algorithmic Complexity Vulnerability (CVE-2025-14550)
CVE-2025-14550
CWE-407
High
MongoDb Improper Handling of Length Parameter Inconsistency Vulnerability (CVE-2025-14847)
CVE-2025-14847
CWE-130
High
Jboss EAP Incorrect Privilege Assignment Vulnerability (CVE-2026-3121)
CVE-2026-3121
CWE-266
High
OpenSSL Out-of-bounds Write Vulnerability (CVE-2025-15467)
CVE-2025-15467
CWE-787
High
Python Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2026-3087)
CVE-2026-3087
CWE-22
High
e107 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2025-11941)
CVE-2025-11941
CWE-22
High
axios Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Vulnerability (CVE-2026-42033)
CVE-2026-42033
CWE-1321
High
Serendipity Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') Vulnerability (CVE-2026-39971)
CVE-2026-39971
CWE-707
High
Apache HTTP Server Heap-based Buffer Overflow Vulnerability (CVE-2026-42536)
CVE-2026-42536
CWE-122
High
Apache Tomcat Improper Handling of Case Sensitivity Vulnerability (CVE-2026-43513)
CVE-2026-43513
CWE-178
High
Nginx Heap-based Buffer Overflow Vulnerability (CVE-2026-42945)
CVE-2026-42945
CWE-122
High
PostgreSQL Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2024-7348)
CVE-2024-7348
CWE-367
High
MongoDb CVE-2024-7553 Vulnerability (CVE-2024-7553)
CVE-2024-7553
-
High
Python Inefficient Regular Expression Complexity Vulnerability (CVE-2024-7592)
CVE-2024-7592
CWE-1333
High
ProjectSend Use of Insufficiently Random Values Vulnerability (CVE-2024-7659)
CVE-2024-7659
CWE-330
High
Jboss EAP CVE-2024-7885 Vulnerability (CVE-2024-7885)
CVE-2024-7885
-
High
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2026-42765)
CVE-2026-42765
CWE-476
High
Payara Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-8215)
CVE-2024-8215
CWE-707
High
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2026-42764)
CVE-2026-42764
CWE-476
High
Apache Tomcat Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2026-42498)
CVE-2026-42498
CWE-200
High
axios Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') Vulnerability (CVE-2026-42035)
CVE-2026-42035
CWE-707
High
PHP Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2024-8926)
CVE-2024-8926
CWE-138
High
PHP Other Vulnerability (CVE-2024-8927)
CVE-2024-8927
-
High
axios Uncontrolled Recursion Vulnerability (CVE-2026-42039)
CVE-2026-42039
CWE-674
High
Grafana Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2024-9264)
CVE-2024-9264
CWE-138
High
Python Improper Neutralization of Special Elements used in a Command ('Command Injection') Vulnerability (CVE-2024-9287)
CVE-2024-9287
CWE-138
High
axios Server-Side Request Forgery (SSRF) Vulnerability (CVE-2026-42038)
CVE-2026-42038
CWE-918
High
Jetty Uncontrolled Resource Consumption Vulnerability (CVE-2024-9823)
CVE-2024-9823
CWE-400
High
WordPress Ultimate Member Plugin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2025-0308)
CVE-2025-0308
CWE-138
High
MongoDb Heap-based Buffer Overflow Vulnerability (CVE-2025-0755)
CVE-2025-0755
CWE-122
High
MongoDb Operation on a Resource after Expiration or Release Vulnerability (CVE-2025-10060)
CVE-2025-10060
CWE-672
High
Jboss EAP Incorrect Authorization Vulnerability (CVE-2026-3009)
CVE-2026-3009
CWE-863
High
Roundcube Incorrect Resource Transfer Between Spheres Vulnerability (CVE-2026-35545)
CVE-2026-35545
CWE-669
High
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2025-30382)
CVE-2025-30382
CWE-502
High
MyBB Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-29460)
CVE-2025-29460
CWE-918
High
Django Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2025-27556)
CVE-2025-27556
CWE-770
High
SharePoint Untrusted Pointer Dereference Vulnerability (CVE-2025-27747)
CVE-2025-27747
CWE-822
High
phpMyFAQ Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2026-34728)
CVE-2026-34728
CWE-22
High
Chamilo Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2026-34602)
CVE-2026-34602
CWE-639
High
Sqlite Integer Overflow or Wraparound Vulnerability (CVE-2025-29087)
CVE-2025-29087
CWE-190
High
Seo Panel Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-29451)
CVE-2025-29451
CWE-918
High
Seo Panel Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-29452)
CVE-2025-29452
CWE-918
High
MyBB Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-29457)
CVE-2025-29457
CWE-918
High
MyBB Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-29458)
CVE-2025-29458
CWE-918
High
MyBB Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-29459)
CVE-2025-29459
CWE-918
High
Apache Tomcat Insertion of Sensitive Information into Log File Vulnerability (CVE-2026-34487)
CVE-2026-34487
CWE-532
High
«
1
...
67
68
69
...
313
»