Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.4.2314

Missing Update

This page lists 23101 vulnerabilities in this category.

Critical: 1474 High: 12458 Medium: 8395 Low: 770 Information: 4
Vulnerability Name
CVE
CWE
Severity
Tornado Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-52804)
CVE-2024-52804
CWE-770
High
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2026-28389)
CVE-2026-28389
CWE-476
High
Chamilo Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2026-29041)
CVE-2026-29041
CWE-434
High
Craft CMS Improper Neutralization of Special Elements Used in a Template Engine Vulnerability (CVE-2026-28784)
CVE-2026-28784
CWE-138
High
Piwigo Use of Insufficiently Random Values Vulnerability (CVE-2024-48928)
CVE-2024-48928
CWE-330
High
SharePoint CVE-2024-49068 Vulnerability (CVE-2024-49068)
CVE-2024-49068
-
High
SharePoint CVE-2024-49070 Vulnerability (CVE-2024-49070)
CVE-2024-49070
-
High
Werkzeug WSGI Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2024-49767)
CVE-2024-49767
CWE-770
High
Craft CMS Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2026-28696)
CVE-2026-28696
CWE-639
High
Craft CMS Improper Neutralization of Special Elements Used in a Template Engine Vulnerability (CVE-2026-28695)
CVE-2026-28695
CWE-138
High
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2024-50305)
CVE-2024-50305
CWE-20
High
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2026-28390)
CVE-2026-28390
CWE-476
High
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2026-28388)
CVE-2026-28388
CWE-476
High
Apache Tomcat Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2026-29146)
CVE-2026-29146
CWE-209
High
OpenSSL Use After Free Vulnerability (CVE-2026-28387)
CVE-2026-28387
CWE-416
High
Next.js Incorrect Authorization Vulnerability (CVE-2024-51479)
CVE-2024-51479
CWE-863
High
Ampache Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-51484)
CVE-2024-51484
CWE-352
High
Ampache Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-51485)
CVE-2024-51485
CWE-352
High
Ampache Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2024-51486)
CVE-2024-51486
CWE-707
High
Ampache Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-51487)
CVE-2024-51487
CWE-352
High
Craft CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-52291)
CVE-2024-52291
CWE-22
High
Craft CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-52293)
CVE-2024-52293
CWE-22
High
Next.js Uncontrolled Resource Consumption Vulnerability (CVE-2026-27980)
CVE-2026-27980
CWE-400
High
Next.js Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2026-27979)
CVE-2026-27979
CWE-770
High
Apache Tomcat Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2026-29129)
CVE-2026-29129
CWE-327
High
Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-48311)
CVE-2024-48311
CWE-352
High
Chamilo Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2026-31939)
CVE-2026-31939
CWE-22
High
Chamilo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-30881)
CVE-2026-30881
CWE-138
High
Craft CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2026-31858)
CVE-2026-31858
CWE-138
High
Moodle Incorrect Default Permissions Vulnerability (CVE-2024-45690)
CVE-2024-45690
CWE-276
High
Craft CMS Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-31857)
CVE-2026-31857
CWE-94
High
OpenSSL Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2026-31790)
CVE-2026-31790
CWE-754
High
Squid CVE-2024-45802 Vulnerability (CVE-2024-45802)
CVE-2024-45802
-
High
Envoy Proxy CVE-2024-45807 Vulnerability (CVE-2024-45807)
CVE-2024-45807
-
High
Envoy Proxy NULL Pointer Dereference Vulnerability (CVE-2024-45809)
CVE-2024-45809
CWE-476
High
Envoy Proxy CVE-2024-45810 Vulnerability (CVE-2024-45810)
CVE-2024-45810
-
High
Dolibarr Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2026-31019)
CVE-2026-31019
CWE-138
High
Dolibarr Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-31018)
CVE-2026-31018
CWE-94
High
Chamilo Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-30875)
CVE-2026-30875
CWE-94
High
PostgreSQL Improper Validation of Specified Type of Input Vulnerability (CVE-2026-2004)
CVE-2026-2004
CWE-1287
High
Caddy Web Server Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2026-30852)
CVE-2026-30852
CWE-138
High
Next.js Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2024-46982)
CVE-2024-46982
CWE-639
High
Caddy Web Server Improper Authentication Vulnerability (CVE-2026-30851)
CVE-2026-30851
CWE-287
High
Apache HTTP Server Improper Neutralization of Escape, Meta, or Control Sequences Vulnerability (CVE-2024-47252)
CVE-2024-47252
CWE-150
High
markdown-it Inefficient Regular Expression Complexity Vulnerability (CVE-2026-2327)
CVE-2026-2327
CWE-1333
High
PostgreSQL Heap-based Buffer Overflow Vulnerability (CVE-2026-2007)
CVE-2026-2007
CWE-122
High
PostgreSQL Improper Validation of Array Index Vulnerability (CVE-2026-2006)
CVE-2026-2006
CWE-129
High
Next.js Uncontrolled Recursion Vulnerability (CVE-2024-47831)
CVE-2024-47831
CWE-674
High
PostgreSQL Heap-based Buffer Overflow Vulnerability (CVE-2026-2005)
CVE-2026-2005
CWE-122
High
Chamilo Deserialization of Untrusted Data Vulnerability (CVE-2024-47886)
CVE-2024-47886
CWE-502
High
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2026-20963)
CVE-2026-20963
CWE-502
High
Django Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2025-26699)
CVE-2025-26699
CWE-770
High
LimeSurvey Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-39063)
CVE-2024-39063
CWE-352
High
SharePoint Deserialization of Untrusted Data Vulnerability (CVE-2025-49712)
CVE-2025-49712
CWE-502
High
XWikiplatform Insufficient UI Warning of Dangerous Operations Vulnerability (CVE-2025-49582)
CVE-2025-49582
CWE-357
High
XWikiplatform Insertion of Sensitive Information Into Sent Data Vulnerability (CVE-2025-49584)
CVE-2025-49584
CWE-201
High
XWikiplatform Insufficient UI Warning of Dangerous Operations Vulnerability (CVE-2025-49585)
CVE-2025-49585
CWE-357
High
XWikiplatform Incorrect Authorization Vulnerability (CVE-2025-49586)
CVE-2025-49586
CWE-863
High
XWikiplatform Insufficient UI Warning of Dangerous Operations Vulnerability (CVE-2025-49587)
CVE-2025-49587
CWE-357
High
Apache HTTP Server Reachable Assertion Vulnerability (CVE-2025-49630)
CVE-2025-49630
CWE-617
High
SharePoint Improper Authorization Vulnerability (CVE-2025-49701)
CVE-2025-49701
CWE-285
High
SharePoint Use After Free Vulnerability (CVE-2025-49703)
CVE-2025-49703
CWE-416
High
SharePoint Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2025-49704)
CVE-2025-49704
CWE-94
High
Apache Traffic Server Uncontrolled Resource Consumption Vulnerability (CVE-2025-49763)
CVE-2025-49763
CWE-400
High
XWikiplatform Incorrect Privilege Assignment Vulnerability (CVE-2025-49580)
CVE-2025-49580
CWE-266
High
Apache HTTP Server Improper Authentication Vulnerability (CVE-2025-49812)
CVE-2025-49812
CWE-287
High
Next.js Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') Vulnerability (CVE-2025-49826)
CVE-2025-49826
-
High
Liferay DXP Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-4581)
CVE-2025-4581
CWE-918
High
Liferay Portal Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-4581)
CVE-2025-4581
CWE-918
High
Jetty Uncontrolled Resource Consumption Vulnerability (CVE-2025-5115)
CVE-2025-5115
CWE-400
High
Oracle JRE Improper Access Control Vulnerability (CVE-2025-50059)
CVE-2025-50059
CWE-284
High
Apache HTTP Server Server-Side Request Forgery (SSRF) Vulnerability (CVE-2025-59775)
CVE-2025-59775
CWE-918
High
Chamilo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2025-59541)
CVE-2025-59541
CWE-352
High
Next.js Uncontrolled Resource Consumption Vulnerability (CVE-2025-59472)
CVE-2025-59472
CWE-400
High
Next.js Uncontrolled Resource Consumption Vulnerability (CVE-2025-59471)
CVE-2025-59471
CWE-400
High