v.26.4.2314

High Severity Vulnerabilities

Found 13053 vulnerabilities at High severity.

Vulnerability Name

CVE

CWE

Severity

Reverse proxy misrouting

-

CWE-918

High

Arbitrary EL Evaluation in RichFaces

CVE-2015-0279

CWE-917

High

Spring Boot Whitelabel Error Page SpEL

-

CWE-94

High

Remote Code Execution (RCE) in Spring Security OAuth

CVE-2016-4977

CWE-94

High

Spring Data REST RCE via PATCH requests

CVE-2017-8046

CWE-94

High

Spring Security Authentication Bypass

CVE-2016-5007

CWE-287

High

Data Binding Expression Vulnerability in Spring Web Flow

CVE-2017-4971

CWE-78

High

Apache Struts Remote Code Execution (S2-057)

CVE-2018-11776

CWE-917

High

Symfony databases.yml configuration file

-

CWE-538

High

Telerik.Web.UI.dll Cryptographic Weakness

CVE-2017-9248

CWE-338

High

Tomcat path traversal via reverse proxy mapping

-

CWE-22

High

IBM WebSphere RCE Java Deserialization Vulnerability

CVE-2015-7450

CWE-502

High

Web Cache Poisoning

-

CWE-44

High

Oracle Weblogic WLS-WSAT Component Deserialization RCE

CVE-2017-10271

CWE-94

High

Remote code execution vulnerability in WordPress Duplicator

-

CWE-98

High

WPEngine _wpeprivate/config.json information disclosure

-

CWE-200

High

Apache ActiveMQ default administrative credentials

-

-

High

Adobe Experience Manager Misconfiguration

CVE-2016-0957

CWE-693

High

Apache CouchDB JSON Remote Privilege Escalation Vulnerability

CVE-2017-12635

CWE-285

High

CouchDB REST API publicly accessible

-

CWE-285

High

Dotenv .env file

-

CWE-538

High

Ektron CMS authentication bypass

CVE-2018-12596

CWE-285

High

File creation via HTTP method PUT

-

CWE-669

High

GoAhead web server remote code execution

CVE-2017-17562

CWE-94

High

Hadoop YARN ResourceManager publicly accessible

-

CWE-200

High

jQuery File Upload unauthenticated arbitrary file upload

CVE-2018-9206

CWE-434

High

Jupyter Notebook publicly accessible

-

CWE-78

High

Laravel log viewer local file download (LFD)

CVE-2018-8947

CWE-22

High

ACME mini_httpd arbitrary file read

CVE-2018-18778

CWE-23

High

Node.js path validation vulnerability

CVE-2017-14849

CWE-22

High

OSGi Management Console Default Credentials

-

CWE-521

High

Xdebug remote code execution via xdebug.remote_connect_back

-

CWE-200

High

PHPUnit Remote Code Execution

CVE-2017-9841

CWE-94

High

SAP B2B/B2C CRM Local File Inclusion

-

CWE-22

High

RCE with Spring Data Commons

CVE-2018-1273

CWE-94

High

Apache Tomcat Remote Code Execution Vulnerability

CVE-2017-12615

CWE-94

High

uWSGI Path Traversal vulnerability

CVE-2018-7490

CWE-22

High

Oracle WebLogic Authentication Bypass

CVE-2018-2894

CWE-287

High

Oracle WebLogic Remote Code Execution via T3

CVE-2018-3245

CWE-502

High

WordPress Plugin WPML Unauthenticated Stored XSS

CVE-2018-18069

CWE-80

High

Argument Injection

-

CWE-88

High

Jira Unauthorized SSRF via REST API

CVE-2019-8451

CWE-918

High

BottlePy weak secret key

-

CWE-693

High

ColdFusion FlashGateway Deserialization RCE CVE-2019-7091

CVE-2019-7091

CWE-502

High

Confluence Widget Connector SSTI

CVE-2019-3396

CWE-22

High

Fortigate SSL VPN Arbitrary File reading (CVE-2018-13379)

CVE-2018-13379

CWE-22

High

JWT Signature Bypass via None Algorithm

-

CWE-345

High

Weak Secret is Used to Sign JWT

-

CWE-347

High

Jira SSTI CVE-2019-11581

CVE-2019-11581

CWE-22

High

Oracle Business Intelligence Adfresource Path traversal CVE-2019-2588

CVE-2019-2588

CWE-200

High

Oracle Business Intelligence AuthBypass CVE-2019-2768

CVE-2019-2768

CWE-200

High

Oracle Business Intelligence Convert XXE CVE-2019-2767

CVE-2019-2767

CWE-611

High

Oracle Business Intelligence default administrative credentials

-

-

High

Oracle Business Intelligence ReportTemplateService XXE CVE-2019-2616

CVE-2019-2616

CWE-611

High

Oracle Business Intelligence ReportTemplateService XXE (CVE-2021-2400)

CVE-2021-2400

CWE-611

High

OpenCms Solr XML External Entity (XXE) vulnerability

-

CWE-611

High

Oracle PeopleSoft SSO weak secret key

-

CWE-693

High

Prototype pollution

-

-

High

Pulse Secure SSL VPN Arbitrary File reading (CVE-2019-11510)

CVE-2019-11510

CWE-22

High

Ruby framework weak secret key

-

CWE-693

High

SAP Hybris Deserialization RCE

CVE-2019-0344

CWE-502

High

SAP NetWeaver ConfigServlet remote command execution

-

CWE-94

High

SAP Portal directory traversal vulnerability

-

CWE-22

High

SAP NetWeaver ipcpricing server side request forgery

-

CWE-918

High

SAP Management Console list logfiles

-

CWE-200

High

SAP Management Console get user list

-

CWE-200

High

SAP Knowledge Management and Collaboration (KMC) incorrect permissions

-

CWE-285

High

Apache Spark Master Unauthorized Access Vulnerability

-

CWE-200

High

Apache REST RCE CVE-2018-11770

CVE-2018-11770

CWE-94

High

WordPress Super Socialat backdoor plugin

-

CWE-94

High

Apache Tapestry weak secret key

-

CWE-693

High

Oracle Weblogic T3 XXE (CVE-2019-2647)

CVE-2019-2647

CWE-611

High

Oracle Weblogic T3 XXE (CVE-2019-2888)

CVE-2019-2888

CWE-611

High

Oracle Weblogic Async Component Deserialization RCE CVE-2019-2725

CVE-2019-2725

CWE-94

High

Adminer 4.6.2 file disclosure vulnerability

-

CWE-22

High