Platform
Solutions
Pricing
Why Invicti
Resources Library
Get a demo
Home
/
Web Application Vulnerabilities
/ Code Execution
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
Code Execution
This page lists
401 vulnerabilities
in this category.
Critical: 62
High: 328
Medium: 10
Low: 1
Vulnerability Name
CVE
CWE
Severity
MovableType remote code execution
CVE-2015-1592
CWE-94
High
Moveable Type 4.x unauthenticated remote command execution
CVE-2013-0209
CWE-287
High
Oracle Weblogic WLS-WSAT Component Deserialization RCE
CVE-2017-10271
CWE-94
High
Apache Struts Remote Code Execution (S2-057)
CVE-2018-11776
CWE-917
High
GoAhead web server remote code execution
CVE-2017-17562
CWE-94
High
ForgeRock AM / OpenAM Deserialization RCE (CVE-2021-35464)
CVE-2021-35464
CWE-502
High
SonicWall SSL-VPN 8.0.0.0 RCE via ShellShock exploit
-
CWE-78
High
Missing Authentication Check in SAP Solution Manager
CVE-2020-6207
CWE-287
High
Python Debugger Unauthorized Access Vulnerability
-
CWE-200
High
Reflected Cross-Site Scripting (XSS) vulnerability in PAN-OS management web interface
CVE-2020-2036
CWE-79
High
Node.js Inspector Unauthorized Access Vulnerability
-
CWE-200
High
Node.js Debugger Unauthorized Access Vulnerability
-
CWE-200
High
Microsoft Exchange Server Pre-auth Path Confusion vulnerability (CVE-2021-34473)
CVE-2021-34473
CWE-918
High
Microsoft Exchange Server Server-Side Request Forgery (SSRF) vulnerability
CVE-2021-26855
CWE-918
High
GitLab ExifTool RCE (CVE-2021-22205)
CVE-2021-22205
CWE-918
High
F5 iControl REST unauthenticated remote command execution vulnerability
CVE-2021-22986
CWE-78
High
AjaxPro.NET Professional Deserialization RCE (CVE-2021-23758)
CVE-2021-23758
CWE-502
High
Apache HTTP Server Insecure Path Normalization (CVE-2021-41773, CVE-2021-42013)
CVE-2021-41773
CWE-22
High
Apache Tapestry Unauthenticated RCE (CVE-2019-0195, CVE-2021-27850)
CVE-2021-27850
CWE-200
High
Sitecore XP Deserialization RCE (CVE-2021-42237)
CVE-2021-42237
CWE-502
High
Apache OFBiz SOAPService Deserialization RCE
CVE-2021-26295
CWE-502
High
Grav CMS Unauthenticated RCE (CVE-2021-21425)
CVE-2021-21425
CWE-284
High
Unauthenticated OGNL injection in Confluence Server and Data Center
CVE-2021-26084
CWE-917
High
vBulletin Pre-Auth RCE Vulnerability
CVE-2020-17496
CWE-94
High
Symfony RCE via weak/predictable APP_SECRET
-
CWE-94
High
RCE in SQL Server Reporting Services (SSRS)
CVE-2020-0618
CWE-78
High
VMware vCenter Server Unauthorized Remote Code Execution
CVE-2021-21972
CWE-78
High
Authentication bypass via MongoDB operator injection
-
CWE-943
High
Xdebug remote code execution via xdebug.remote_connect_back
-
CWE-200
High
Apache OFBiz Log4Shell RCE
CVE-2021-44228
CWE-78
High
ColdFusion CFC Deserialization RCE (CVE-2023-26359/CVE-2023-26360)
CVE-2023-26360
CWE-502
High
Code Evaluation (Apache Struts) S2-046
CVE-2017-5638
CWE-94
High
Database User Has Admin Privileges
-
CWE-267
High
Oracle Access Manager 'opensso' Deserialization RCE (CVE-2021-35587)
CVE-2021-35587
CWE-502
High
VMware Workspace ONE Access SSTI (CVE-2022-22954)
CVE-2022-22954
CWE-94
High
VMware vCenter Log4Shell RCE
CVE-2021-44228
CWE-78
High
Ubiquiti Unifi Log4Shell RCE
CVE-2021-44228
CWE-78
High
Symfony weak application secret
-
CWE-94
High
Oracle ADF Faces 'Miracle' RCE (CVE-2022-21445)
CVE-2022-21445
CWE-502
High
node-serialize Insecure Deserialization
CVE-2017-5941
CWE-502
High
Bonita Authorization Bypass (CVE-2022-25237)
CVE-2022-25237
CWE-863
High
MobileIron Log4Shell RCE
CVE-2021-44228
CWE-78
High
Fortinet Authentication bypass on administrative interface
CVE-2022-40684
CWE-288
High
elFinder RCE (CVE-2021-32682)
CVE-2021-32682
CWE-22
High
Apache Solr Log4Shell RCE
CVE-2021-44228
CWE-78
High
MongoDB $where operator JavaScript injection
-
CWE-943
High
ManageEngine Desktop Central Deserialization RCE (CVE-2020-10189)
CVE-2020-10189
CWE-502
High
.NET JSON.NET Deserialization RCE
-
CWE-502
High
DotCMS unrestricted file upload (CVE-2022-26352)
CVE-2022-26352
CWE-434
High
Unauthenticated remote code execution vulnerability in Confluence Server and Data Center
CVE-2022-26134
CWE-917
High
Remote code execution of user-provided local names in Rails
CVE-2020-8163
CWE-94
High
Nette framework PHP code injection via callback
CVE-2020-15227
CWE-94
High
MobileIron Remote Code Execution via LogService
CVE-2020-15505
CWE-78
High
Apache Solr Deserialization of untrusted data via jmx.serviceUrl
CVE-2019-0192
-
High
uWSGI Unauthorized Access Vulnerability
-
CWE-78
High
ThinkPHP v5.0.22/5.1.29 Remote Code Execution Vulnerability
-
CWE-94
High
Nagios XI Magpie_debug.php Unauthenticated RCE
CVE-2018-15708
CWE-94
High
Horde Imp Unauthenticated Remote Command Execution
CVE-2018-19518
CWE-94
High
FastCGI Unauthorized Access Vulnerability
-
CWE-78
High
Drupal REST Remote Code Execution
CVE-2019-6340
CWE-78
High
Remote code execution in bootstrap-sass 3.2.0.3
CVE-2019-10842
CWE-95
High
Atlassian Crowd Remote Code Execution
CVE-2019-11580
CWE-78
High
Oracle Weblogic Async Component Deserialization RCE CVE-2019-2725
CVE-2019-2725
CWE-94
High
Webmin v1.920 Unauhenticated Remote Command Execution
CVE-2019-15107
CWE-94
High
WordPress Super Socialat backdoor plugin
-
CWE-94
High
SAP NetWeaver ConfigServlet remote command execution
-
CWE-94
High
SAP Hybris Deserialization RCE
CVE-2019-0344
CWE-502
High
ColdFusion FlashGateway Deserialization RCE CVE-2019-7091
CVE-2019-7091
CWE-502
High
Argument Injection
-
CWE-88
High
Oracle WebLogic Remote Code Execution via T3
CVE-2018-3245
CWE-502
High
Apache Tomcat Remote Code Execution Vulnerability
CVE-2017-12615
CWE-94
High
RCE with Spring Data Commons
CVE-2018-1273
CWE-94
High
PHPUnit Remote Code Execution
CVE-2017-9841
CWE-94
High
Unauthenticated Remote Code Execution via JSONWS in Liferay 7.2.0 CE GA1
CVE-2020-7961
CWE-78
High
vBulletin 5.x 0day pre-auth RCE
-
CWE-94
High
«
1
...
4
5
6
»
