Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
v.26.3.2229

Code Execution

This page lists 408 vulnerabilities in this category.

Critical: 69 High: 328 Medium: 10 Low: 1
Vulnerability Name
CVE
CWE
Severity
Craft CMS RCE (CVE-2023-41892)
CVE-2023-41892
CWE-94
Critical
SharePoint "ToolShell" RCE (CVE-2025-49704/CVE-2025-49706/CVE-2025-53770/CVE-2025-53771)
CVE-2025-53771
CWE-287
Critical
Lucee CF_CLIENT_ RCE
-
CWE-200
Critical
Lucee Unset Admin Password
-
CWE-200
Critical
Apache Struts Path traversal (S2-067/CVE-2024-53677, S2-066/CVE-2023-50164)
CVE-2023-50164
CWE-434
Critical
Adobe Commerce/Magento "SessionReaper" RCE (CVE-2025-54236)
CVE-2025-54236
CWE-20
Critical
Craft CMS register_argc_argv RCE (CVE-2024-56145)
CVE-2024-56145
CWE-94
Critical
Craft CMS RCE (CVE-2025-32432)
CVE-2025-32432
CWE-470
Critical
FortiWeb Authentication Bypass (CVE-2025-64446)
CVE-2025-58034
CWE-23
Critical
Ingress-Nginx "IngressNightmare" RCE (CVE-2025-1974)
CVE-2025-1974
CWE-653
Critical
LLM Command Injection
-
CWE-78
Critical
Next.js/React Server Components RCE (CVE-2025-55182 & CVE-2025-66478)
CVE-2025-66478
CWE-502
Critical
Oracle E-Business Suite SSRF (CVE-2025-61882)
CVE-2025-61882
CWE-918
Critical
PAN-OS Management Interface Authentication Bypass (CVE-2025-0108)
CVE-2025-0108
CWE-287
Critical
Sitecore XM/XP Insecure Deserialization (CVE-2025-27218)
CVE-2025-27218
CWE-502
Critical
Kramer VIAware RCE (CVE-2021-36356/CVE-2021-35064)
CVE-2021-35064
CWE-434
Critical
Wing FTP Server RCE (CVE-2025-47812)
CVE-2025-47812
CWE-158
Critical
CWP (Control Web Panel) < 0.9.8.1205 - Remote Code Execution (CVE-2025-48703)
CVE-2025-48703
CWE-78
Critical
Laravel Livewire RCE (CVE-2025-54068)
CVE-2025-54068
-
Critical
Vulnerable Laravel Livewire version (CVE-2025-54068)
CVE-2025-54068
-
Critical
Apache Log4j2 JNDI Remote Code Execution (delayed)
CVE-2021-44228
CWE-78
Critical
Apache Log4j2 JNDI Remote Code Execution (per folder)
CVE-2021-44228
CWE-78
Critical
Apache Log4j2 JNDI Remote Code Execution (404 page handler)
CVE-2021-44228
CWE-78
Critical
Apache Log4j2 JNDI Remote Code Execution
CVE-2021-44228
CWE-78
Critical
Oracle WebLogic Remote Code Execution (CVE-2020-14882)
CVE-2020-14883
CWE-78
Critical
Code Evaluation (Python)
-
CWE-95
Critical
D-Link NAS Backdoor Account RCE (CVE-2024-3273, CVE-2024-3272)
CVE-2024-3272
CWE-77
Critical
GhostScript RCE (Remote Code Execution)
CVE-2016-3714
CWE-78
Critical
VMware Aria Operations for Networks RCE (CVE-2023-20887)
CVE-2023-20887
CWE-77
Critical
Remote Code Execution (Spring4Shell)
CVE-2022-22965
CWE-94
Critical
Code Evaluation (Apache Struts) S2-045
CVE-2017-5638
CWE-94
Critical
Command Injection
-
CWE-94
Critical
CrushFTP SSTI (CVE-2024-4040)
CVE-2024-4040
CWE-94
Critical
Unauthenticated OGNL injection in Confluence Server and Data Center (CVE-2023-22527)
CVE-2023-22527
CWE-917
Critical
Cacti Unauthenticated Command Injection (CVE-2022-46169)
CVE-2022-46169
CWE-77
Critical
Adobe Commerce/Magento "CosmicSting" XXE (CVE-2024-34102)
CVE-2024-34102
CWE-611
Critical
Fortinet Out-Of-Bound Memory Write RCE (CVE-2024-21762)
CVE-2024-21762
CWE-787
Critical
GeoServer RCE (CVE-2024-36401)
CVE-2024-36401
CWE-94
Critical
GlobalProtect PAN-OS RCE (CVE-2024-3400)
CVE-2024-3400
CWE-77
Critical
IBM ODM JNDI injection (CVE-2024-22319)
CVE-2024-22319
CWE-74
Critical
Sitecore XP TemplateParser RCE (CVE-2023-35813)
CVE-2023-35813
CWE-94
Critical
Ivanti CSA Path Traversal (CVE-2024-8963/CVE-2024-8190)
CVE-2024-8190
CWE-22
Critical
Juniper Junos OS J-Web RCE (CVE-2023-36845/CVE-2023-36846)
CVE-2023-36846
CWE-473
Critical
F5 BIG-IP Request Smuggling (CVE-2023-46747)
CVE-2023-46747
CWE-288
Critical
Cisco IOS XE Web UI Implant (CVE-2023-20198)
CVE-2023-20198
CWE-912
Critical
Text4shell: Apache Commons Text RCE via insecure interpolation
CVE-2022-42889
CWE-94
Critical
RCE in Ivanti Connect Secure and Policy Secure (CVE-2024-21887)
CVE-2024-21887
CWE-77
Critical
Ivanti Sentry Authentication Bypass (CVE-2023-38035)
CVE-2023-38035
CWE-863
Critical
Mura/Masa CMS JSON API RCE
-
CWE-200
Critical
Apache OFBiz RCE (CVE-2024-32113/CVE-2024-36104/CVE-2024-38856)
CVE-2024-38856
CWE-22
Critical
Apache OFBiz RCE (CVE-2024-45195)
CVE-2024-45195
CWE-425
Critical
PHP CGI Argument Injection (CVE-2024-4577)
CVE-2024-4577
CWE-78
Critical
PaloAlto Networks Expedition RCE (CVE-2024-9463)
CVE-2024-9465
CWE-918
Critical
Palo Alto PAN-OS Management Interface Auth Bypass (CVE-2024-0012/CVE-2024-9474)
CVE-2024-9474
CWE-306
Critical
Progress Kemp LoadMaster RCE (CVE-2024-1212)
CVE-2024-1212
CWE-78
Critical
Rejetto HTTP File Server SSTI RCE (CVE-2024-23692)
CVE-2024-23692
CWE-1336
Critical
Remote File Inclusion
-
CWE-98
Critical
SysAid On-Premise RCE (CVE-2023-47246)
CVE-2023-47246
CWE-22
Critical
Apache Struts2 Remote Command Execution (S2-053)
CVE-2017-12611
CWE-94
Critical
Apache Log4j socket receiver deserialization vulnerability
CVE-2017-5645
CWE-502
Critical
CyberPanel RCE (CVE-2024-51567/CVE-2024-51568/CVE-2024-51378)
CVE-2024-51378
CWE-306
Critical
Code Evaluation (PHP)
-
CWE-94
Critical
Code Evaluation (Ruby)
-
CWE-94
Critical
Code Evaluation (Perl)
-
CWE-94
Critical
Apache Struts2 remote code execution vulnerability
CVE-2016-0785
CWE-78
Critical
Bash code injection vulnerability
CVE-2014-6271
CWE-78
Critical
Code Evaluation (ASP)
-
CWE-95
Critical
Code Evaluation (Apache Struts) S2-016
CVE-2013-2251
CWE-20
Critical
Server-Side Template Injection
-
CWE-20
Critical
WordPress Plugin WP-Stateless-Google Cloud Storage Remote Code Execution (2.2.0)
-
CWE-94
High
Drupal Core 4.7.x Arbitrary Code Execution (4.7.0 - 4.7.5)
CVE-2007-0626
CWE-95
High
Drupal Core 4.6.x Arbitrary Code Execution (4.6.0 - 4.6.7)
CVE-2006-2831
CWE-95
High
Drupal Core 4.6.x Arbitrary Code Execution (4.6.0 - 4.6.6)
CVE-2006-2743
CWE-95
High
WordPress Plugin WooCommerce Possible Remote Code Execution (3.4.5)
-
CWE-94
High
WordPress Plugin WooCommerce Possible Remote Code Execution (3.5.0)
-
CWE-94
High