Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

Code Execution

This page lists 401 vulnerabilities in this category.

Critical: 62 High: 328 Medium: 10 Low: 1
Vulnerability Name
CVE
CWE
Severity
Cacti Unauthenticated Command Injection (CVE-2022-46169)
CVE-2022-46169
CWE-77
Critical
Ingress-Nginx "IngressNightmare" RCE (CVE-2025-1974)
CVE-2025-1974
CWE-653
Critical
Rejetto HTTP File Server SSTI RCE (CVE-2024-23692)
CVE-2024-23692
CWE-1336
Critical
Remote File Inclusion
-
CWE-98
Critical
SysAid On-Premise RCE (CVE-2023-47246)
CVE-2023-47246
CWE-22
Critical
Server-Side Template Injection
-
CWE-20
Critical
Kramer VIAware RCE (CVE-2021-36356/CVE-2021-35064)
CVE-2021-35064
CWE-434
Critical
VMware Aria Operations for Networks RCE (CVE-2023-20887)
CVE-2023-20887
CWE-77
Critical
Lucee CF_CLIENT_ RCE
-
CWE-200
Critical
Lucee Unset Admin Password
-
CWE-200
Critical
Code Evaluation (Apache Struts) S2-016
CVE-2013-2251
CWE-20
Critical
Apache Struts Path traversal (S2-067/CVE-2024-53677, S2-066/CVE-2023-50164)
CVE-2023-50164
CWE-434
Critical
Apache Struts2 remote code execution vulnerability
CVE-2016-0785
CWE-78
Critical
Craft CMS register_argc_argv RCE (CVE-2024-56145)
CVE-2024-56145
CWE-94
Critical
Craft CMS RCE (CVE-2025-32432)
CVE-2025-32432
CWE-470
Critical
LLM Command Injection
-
CWE-78
Critical
Palo Alto PAN-OS Management Interface Auth Bypass (CVE-2024-0012/CVE-2024-9474)
CVE-2024-9474
CWE-306
Critical
PAN-OS Management Interface Authentication Bypass (CVE-2025-0108)
CVE-2025-0108
CWE-287
Critical
SharePoint "ToolShell" RCE (CVE-2025-49704/CVE-2025-49706/CVE-2025-53770/CVE-2025-53771)
CVE-2025-53771
CWE-287
Critical
Sitecore XM/XP Insecure Deserialization (CVE-2025-27218)
CVE-2025-27218
CWE-502
Critical
Wing FTP Server RCE (CVE-2025-47812)
CVE-2025-47812
CWE-158
Critical
Apache Log4j2 JNDI Remote Code Execution (delayed)
CVE-2021-44228
CWE-78
Critical
Apache Log4j2 JNDI Remote Code Execution (per folder)
CVE-2021-44228
CWE-78
Critical
Apache Log4j2 JNDI Remote Code Execution
CVE-2021-44228
CWE-78
Critical
Oracle WebLogic Remote Code Execution (CVE-2020-14882)
CVE-2020-14883
CWE-78
Critical
Code Evaluation (Apache Struts) S2-045
CVE-2017-5638
CWE-94
Critical
Apache Struts2 Remote Command Execution (S2-053)
CVE-2017-12611
CWE-94
Critical
GhostScript RCE (Remote Code Execution)
CVE-2016-3714
CWE-78
Critical
Adobe Commerce/Magento "CosmicSting" XXE (CVE-2024-34102)
CVE-2024-34102
CWE-611
Critical
Code Evaluation (Python)
-
CWE-95
Critical
Apache Log4j socket receiver deserialization vulnerability
CVE-2017-5645
CWE-502
Critical
Progress Kemp LoadMaster RCE (CVE-2024-1212)
CVE-2024-1212
CWE-78
Critical
Apache Log4j2 JNDI Remote Code Execution (404 page handler)
CVE-2021-44228
CWE-78
Critical
PaloAlto Networks Expedition RCE (CVE-2024-9463)
CVE-2024-9465
CWE-918
Critical
Fortinet Out-Of-Bound Memory Write RCE (CVE-2024-21762)
CVE-2024-21762
CWE-787
Critical
CyberPanel RCE (CVE-2024-51567/CVE-2024-51568/CVE-2024-51378)
CVE-2024-51378
CWE-306
Critical
Code Evaluation (ASP)
-
CWE-95
Critical
PHP CGI Argument Injection (CVE-2024-4577)
CVE-2024-4577
CWE-78
Critical
Code Evaluation (Perl)
-
CWE-94
Critical
Sitecore XP TemplateParser RCE (CVE-2023-35813)
CVE-2023-35813
CWE-94
Critical
Code Evaluation (PHP)
-
CWE-94
Critical
Code Evaluation (Ruby)
-
CWE-94
Critical
D-Link NAS Backdoor Account RCE (CVE-2024-3273, CVE-2024-3272)
CVE-2024-3272
CWE-77
Critical
Bash code injection vulnerability
CVE-2014-6271
CWE-78
Critical
Juniper Junos OS J-Web RCE (CVE-2023-36845/CVE-2023-36846)
CVE-2023-36846
CWE-473
Critical
F5 BIG-IP Request Smuggling (CVE-2023-46747)
CVE-2023-46747
CWE-288
Critical
Craft CMS RCE (CVE-2023-41892)
CVE-2023-41892
CWE-94
Critical
Cisco IOS XE Web UI Implant (CVE-2023-20198)
CVE-2023-20198
CWE-912
Critical
CrushFTP SSTI (CVE-2024-4040)
CVE-2024-4040
CWE-94
Critical
GeoServer RCE (CVE-2024-36401)
CVE-2024-36401
CWE-94
Critical
Ivanti Sentry Authentication Bypass (CVE-2023-38035)
CVE-2023-38035
CWE-863
Critical
Text4shell: Apache Commons Text RCE via insecure interpolation
CVE-2022-42889
CWE-94
Critical
Command Injection
-
CWE-94
Critical
Apache OFBiz RCE (CVE-2024-45195)
CVE-2024-45195
CWE-425
Critical
Apache OFBiz RCE (CVE-2024-32113/CVE-2024-36104/CVE-2024-38856)
CVE-2024-38856
CWE-22
Critical
Mura/Masa CMS JSON API RCE
-
CWE-200
Critical
Remote Code Execution (Spring4Shell)
CVE-2022-22965
CWE-94
Critical
RCE in Ivanti Connect Secure and Policy Secure (CVE-2024-21887)
CVE-2024-21887
CWE-77
Critical
Unauthenticated OGNL injection in Confluence Server and Data Center (CVE-2023-22527)
CVE-2023-22527
CWE-917
Critical
Ivanti CSA Path Traversal (CVE-2024-8963/CVE-2024-8190)
CVE-2024-8190
CWE-22
Critical
IBM ODM JNDI injection (CVE-2024-22319)
CVE-2024-22319
CWE-74
Critical
GlobalProtect PAN-OS RCE (CVE-2024-3400)
CVE-2024-3400
CWE-77
Critical
Drupal Core 8.9.x Remote Code Execution (8.9.0 - 8.9.9)
CVE-2020-28949
CWE-434
High
WordPress Plugin WP-Syntax Remote PHP Code Execution (0.9.9)
CVE-2009-2852
CWE-20
High
Drupal Core 8.9.x Remote Code Execution (8.9.0 - 8.9.8)
CVE-2020-13671
CWE-434
High
Drupal Core 9.0.x Remote Code Execution (9.0.0 - 9.0.7)
CVE-2020-13671
CWE-434
High
Drupal Core 9.0.x Remote Code Execution (9.0.0 - 9.0.8)
CVE-2020-28949
CWE-434
High
Drupal Core 9.3.x Remote Code Execution (9.3.0 - 9.3.18)
CVE-2022-25277
CWE-434
High
Drupal Core 9.4.x Remote Code Execution (9.4.0 - 9.4.2)
CVE-2022-25277
CWE-434
High
Drupal Core Remote Code Execution (8.0.0 - 9.2.21)
CVE-2022-25277
CWE-434
High
Joomla! Core Remote Code Execution (1.5.0 - 3.4.5)
CVE-2015-8562
CWE-94
High
WordPress 'wp-admin/options.php' Remote Code Execution Vulnerability (0.6.2 - 2.3.2)
CVE-2008-5695
CWE-20
High
Joomla! Core 3.x.x Remote Code Execution (3.7.0 - 3.8.7)
CVE-2018-11321
CWE-94
High
Joomla! Core 3.9.x Remote Code Execution (3.9.7 - 3.9.8)
CVE-2019-14654
CWE-94
High
WordPress Cookie Data PHP Code Injection Vulnerability (1.5 - 1.5.1.3)
CVE-2005-2612
CWE-94
High