🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
Documentation
Get a demo
Home
/
Web Application Vulnerabilities
/ Code Execution
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
Code Execution
This page lists
409 vulnerabilities
in this category.
Critical: 69
High: 329
Medium: 10
Low: 1
Vulnerability Name
CVE
CWE
Severity
Ruby on Rails directory traversal vulnerability
CVE-2014-0130
CWE-22
High
Rails remote code execution using render :inline
CVE-2016-2098
CWE-94
High
PrimeFaces 5.x Expression Language injection
CVE-2017-1000486
-
High
Multiple vulnerabilities reported in Parallels Plesk Sitebuilder
-
CWE-94
High
PHP-CGI remote code execution
CVE-2012-2311
CWE-20
High
Oracle Reports rwservlet vulnerabilities
CVE-2012-3153
CWE-20
High
Server-side JavaScript injection
-
CWE-20
High
MovableType remote code execution
CVE-2015-1592
CWE-94
High
Moveable Type 4.x unauthenticated remote command execution
CVE-2013-0209
CWE-287
High
Oracle Weblogic WLS-WSAT Component Deserialization RCE
CVE-2017-10271
CWE-94
High
Apache Struts Remote Code Execution (S2-057)
CVE-2018-11776
CWE-917
High
GoAhead web server remote code execution
CVE-2017-17562
CWE-94
High
GitLab ExifTool RCE (CVE-2021-22205)
CVE-2021-22205
CWE-918
High
VMware vCenter Server Unauthorized Remote Code Execution
CVE-2021-21972
CWE-78
High
SonicWall SSL-VPN 8.0.0.0 RCE via ShellShock exploit
-
CWE-78
High
Missing Authentication Check in SAP Solution Manager
CVE-2020-6207
CWE-287
High
Python Debugger Unauthorized Access Vulnerability
-
CWE-200
High
Reflected Cross-Site Scripting (XSS) vulnerability in PAN-OS management web interface
CVE-2020-2036
CWE-79
High
Node.js Inspector Unauthorized Access Vulnerability
-
CWE-200
High
Node.js Debugger Unauthorized Access Vulnerability
-
CWE-200
High
Microsoft Exchange Server Pre-auth Path Confusion vulnerability (CVE-2021-34473)
CVE-2021-34473
CWE-918
High
Microsoft Exchange Server Server-Side Request Forgery (SSRF) vulnerability
CVE-2021-26855
CWE-918
High
ForgeRock AM / OpenAM Deserialization RCE (CVE-2021-35464)
CVE-2021-35464
CWE-502
High
Authentication bypass via MongoDB operator injection
-
CWE-943
High
F5 iControl REST unauthenticated remote command execution vulnerability
CVE-2021-22986
CWE-78
High
Apache HTTP Server Insecure Path Normalization (CVE-2021-41773, CVE-2021-42013)
CVE-2021-41773
CWE-22
High
Apache Tapestry Unauthenticated RCE (CVE-2019-0195, CVE-2021-27850)
CVE-2021-27850
CWE-200
High
Sitecore XP Deserialization RCE (CVE-2021-42237)
CVE-2021-42237
CWE-502
High
Apache OFBiz SOAPService Deserialization RCE
CVE-2021-26295
CWE-502
High
Grav CMS Unauthenticated RCE (CVE-2021-21425)
CVE-2021-21425
CWE-284
High
Unauthenticated OGNL injection in Confluence Server and Data Center
CVE-2021-26084
CWE-917
High
vBulletin Pre-Auth RCE Vulnerability
CVE-2020-17496
CWE-94
High
Symfony RCE via weak/predictable APP_SECRET
-
CWE-94
High
AjaxPro.NET Professional Deserialization RCE (CVE-2021-23758)
CVE-2021-23758
CWE-502
High
Bonita Authorization Bypass (CVE-2022-25237)
CVE-2022-25237
CWE-863
High
Xdebug remote code execution via xdebug.remote_connect_back
-
CWE-200
High
Oracle ADF Faces 'Miracle' RCE (CVE-2022-21445)
CVE-2022-21445
CWE-502
High
ColdFusion CFC Deserialization RCE (CVE-2023-26359/CVE-2023-26360)
CVE-2023-26360
CWE-502
High
Code Evaluation (Apache Struts) S2-046
CVE-2017-5638
CWE-94
High
Database User Has Admin Privileges
-
CWE-267
High
Oracle Access Manager 'opensso' Deserialization RCE (CVE-2021-35587)
CVE-2021-35587
CWE-502
High
VMware Workspace ONE Access SSTI (CVE-2022-22954)
CVE-2022-22954
CWE-94
High
VMware vCenter Log4Shell RCE
CVE-2021-44228
CWE-78
High
VMware Horizon Log4Shell RCE
CVE-2021-44228
CWE-78
High
Ubiquiti Unifi Log4Shell RCE
CVE-2021-44228
CWE-78
High
Symfony weak application secret
-
CWE-94
High
Apache OFBiz Log4Shell RCE
CVE-2021-44228
CWE-78
High
Unauthenticated remote code execution vulnerability in Confluence Server and Data Center
CVE-2022-26134
CWE-917
High
node-serialize Insecure Deserialization
CVE-2017-5941
CWE-502
High
MobileIron Log4Shell RCE
CVE-2021-44228
CWE-78
High
Fortinet Authentication bypass on administrative interface
CVE-2022-40684
CWE-288
High
elFinder RCE (CVE-2021-32682)
CVE-2021-32682
CWE-22
High
Apache Solr Log4Shell RCE
CVE-2021-44228
CWE-78
High
MongoDB $where operator JavaScript injection
-
CWE-943
High
ManageEngine Desktop Central Deserialization RCE (CVE-2020-10189)
CVE-2020-10189
CWE-502
High
.NET JSON.NET Deserialization RCE
-
CWE-502
High
DotCMS unrestricted file upload (CVE-2022-26352)
CVE-2022-26352
CWE-434
High
RCE in SQL Server Reporting Services (SSRS)
CVE-2020-0618
CWE-78
High
Remote code execution of user-provided local names in Rails
CVE-2020-8163
CWE-94
High
Nette framework PHP code injection via callback
CVE-2020-15227
CWE-94
High
Apache Solr Deserialization of untrusted data via jmx.serviceUrl
CVE-2019-0192
-
High
uWSGI Unauthorized Access Vulnerability
-
CWE-78
High
ThinkPHP v5.0.22/5.1.29 Remote Code Execution Vulnerability
-
CWE-94
High
Nagios XI Magpie_debug.php Unauthenticated RCE
CVE-2018-15708
CWE-94
High
Horde Imp Unauthenticated Remote Command Execution
CVE-2018-19518
CWE-94
High
FastCGI Unauthorized Access Vulnerability
-
CWE-78
High
Drupal REST Remote Code Execution
CVE-2019-6340
CWE-78
High
Remote code execution in bootstrap-sass 3.2.0.3
CVE-2019-10842
CWE-95
High
Atlassian Crowd Remote Code Execution
CVE-2019-11580
CWE-78
High
Oracle Weblogic Async Component Deserialization RCE CVE-2019-2725
CVE-2019-2725
CWE-94
High
Webmin v1.920 Unauhenticated Remote Command Execution
CVE-2019-15107
CWE-94
High
WordPress Super Socialat backdoor plugin
-
CWE-94
High
SAP NetWeaver ConfigServlet remote command execution
-
CWE-94
High
SAP Hybris Deserialization RCE
CVE-2019-0344
CWE-502
High
ColdFusion FlashGateway Deserialization RCE CVE-2019-7091
CVE-2019-7091
CWE-502
High
«
1
...
4
5
6
»
