High Severity Vulnerabilities

Found 12791 vulnerabilities at High severity.

Vulnerability Name

CVE

CWE

Severity

Apache REST RCE CVE-2018-11770

CVE-2018-11770

CWE-94

High

WordPress Super Socialat backdoor plugin

-

CWE-94

High

Apache Tapestry weak secret key

-

CWE-693

High

Oracle Weblogic T3 XXE (CVE-2019-2647)

CVE-2019-2647

CWE-611

High

Oracle Weblogic T3 XXE (CVE-2019-2888)

CVE-2019-2888

CWE-611

High

Oracle Weblogic Async Component Deserialization RCE CVE-2019-2725

CVE-2019-2725

CWE-94

High

Adminer 4.6.2 file disclosure vulnerability

-

CWE-22

High

Apache Solr Deserialization of untrusted data via jmx.serviceUrl

CVE-2019-0192

-

High

Atlassian Crowd Remote Code Execution

CVE-2019-11580

CWE-78

High

Malware Identified

-

-

High

Remote code execution in bootstrap-sass 3.2.0.3

CVE-2019-10842

CWE-95

High

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability

CVE-2018-15440

CWE-80

High

Client-Side Prototype Pollution

-

-

High

Custom Vulnerability Alert

-

CWE-0

High

Docker Engine API is accessible without authentication

-

CWE-287

High

Docker Registry API is accessible without authentication

-

CWE-287

High

Drupal REST Remote Code Execution

CVE-2019-6340

CWE-78

High

FastCGI Unauthorized Access Vulnerability

-

CWE-78

High

Horde Imp Unauthenticated Remote Command Execution

CVE-2018-19518

CWE-94

High

Magento (2.2.0 to 2.3.0) Unauthenticated SQL Injection Vulnerability

CVE-2019-7139

CWE-89

High

Nagios XI Magpie_debug.php Unauthenticated RCE

CVE-2018-15708

CWE-94

High

Nagios XI Unauthenticated SQLi CVE-2018-8734

CVE-2018-8734

CWE-89

High

Arbitrary File Read in Next.js

-

CWE-22

High

File Content Disclosure in Action View

CVE-2019-5418

CWE-200

High

ThinkPHP v5.0.22/5.1.29 Remote Code Execution Vulnerability

-

CWE-94

High

Typo3 Restler 1.7.0 Local File Disclosure

-

CWE-22

High

uWSGI Unauthorized Access Vulnerability

-

CWE-78

High

vBulletin routestring Local File Inclusion

-

CWE-98

High

vBulletin 5.x 0day pre-auth RCE

-

CWE-94

High

Webmin v1.920 Unauhenticated Remote Command Execution

CVE-2019-15107

CWE-94

High

BigIP iRule Tcl code injection

-

CWE-78

High

Cisco Adaptive Security Appliance (ASA) Path Traversal CVE-2020-3452

CVE-2020-3452

CWE-20

High

DNN (DotNetNuke) CMS Cookie Deserialization RCE CVE-2017-9822

CVE-2017-9822

CWE-502

High

Deserialization of Untrusted Data (.NET BinaryFormatter Object Deserialization)

-

CWE-502

High

.NET HTTP Remoting publicly exposed

-

CWE-502

High

Kentico CMS Deserialization RCE

CVE-2019-10068

CWE-502

High

Kentico CMS RCE CVE-2017-17736

CVE-2017-17736

CWE-425

High

Oracle Business Intelligence AMF Deserialization RCE CVE-2020-2950

CVE-2020-2950

CWE-502

High

Oracle E-Business Suite Deserialization RCE

-

CWE-502

High

Oracle E-Business Suite SQL injection (CVE-2017-3549)

CVE-2017-3549

CWE-89

High

Oracle E-Business Suite SSRF (CVE-2017-10246)

CVE-2017-10246

CWE-918

High

Apache OFBiz XMLRPC Deserialization RCE (CVE-2020-9496/CVE-2023-49070)

CVE-2023-49070

CWE-502

High

Odoo LFI (CVE-2019-14322)

CVE-2019-14322

CWE-22

High

Unrestricted access to Odoo DB manager

-

CWE-200

High

Ruby on Rails DoubleTap RCE (CVE-2019-5420)

CVE-2019-5420

CWE-502

High

SAP IGS XXE (CVE-2018-2392, CVE-2018-2393)

CVE-2018-2393

CWE-611

High

SAP NetWeaver RECON CVE-2020-6287

CVE-2020-6287

CWE-287

High

Telerik Web UI Unrestricted File Upload (CVE-2014-2217)

CVE-2014-2217

CWE-78

High

Telerik Web UI Unrestricted File Upload (CVE-2017-11317)

CVE-2017-11317

CWE-78

High

Telerik Web UI Insecure Direct Object Reference

CVE-2017-11357

CWE-78

High

Telerik Web UI RadAsyncUpload Deserialization

CVE-2019-18935

CWE-78

High

Total.js Directory Traversal (CVE-2019-8903)

CVE-2019-8903

CWE-22

High

Apache Unomi MVEL RCE (CVE-2020-13942)

CVE-2020-13942

CWE-20

High

Web Cache Poisoning via Fat GET Request

-

CWE-44

High

Web Cache Poisoning via Host Header

-

CWE-44

High

Web Cache Poisoning via JSONP and UTM_ parameter

-

CWE-44

High

Web Cache Poisoning via POST Request

-

CWE-44

High

Oracle WebLogic Remote Code Execution via IIOP

CVE-2020-2551

CWE-502

High

Citrix ADC/Gateway Unauthenticated Remote Code Execution

CVE-2019-19781

CWE-22

High

Citrix XenMobile Server Path Traversal

CVE-2020-8209

CWE-22

High

F5 BIG-IP Traffic Management User Interface (TMUI) RCE

CVE-2020-5902

CWE-78

High

Grafana avatar SSRF

CVE-2020-13379

CWE-78

High

Jolokia XML External Entity (XXE) vulnerability

-

CWE-611

High

Unauthenticated Remote Code Execution via JSONWS in Liferay 6.1 (LPS-88051)

-

CWE-78

High

Unauthenticated Remote Code Execution via JSONWS in Liferay 7.2.0 CE GA1

CVE-2020-7961

CWE-78

High

MobileIron Remote Code Execution via LogService

CVE-2020-15505

CWE-78

High

Nette framework PHP code injection via callback

CVE-2020-15227

CWE-94

High

Unrestricted access to NGINX+ API interface (read write)

-

CWE-200

High

Openfire Admin Console Full Read SSRF

CVE-2019-18394

CWE-918

High

Remote code execution of user-provided local names in Rails

CVE-2020-8163

CWE-94

High

RCE in SQL Server Reporting Services (SSRS)

CVE-2020-0618

CWE-78

High

SonarQube default credentials

-

CWE-798

High

Directory Traversal with spring-cloud-config-server

CVE-2020-5410

CWE-22

High

Symfony RCE via weak/predictable APP_SECRET

-

CWE-94

High

vBulletin Pre-Auth RCE Vulnerability

CVE-2020-17496

CWE-94

High