🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
Documentation
Get a demo
Home
/
Web Application Vulnerabilities
/ Code Execution
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.4.2314
Code Execution
This page lists
409 vulnerabilities
in this category.
Critical: 69
High: 329
Medium: 10
Low: 1
Vulnerability Name
CVE
CWE
Severity
Argument Injection
-
CWE-88
High
Oracle WebLogic Remote Code Execution via T3
CVE-2018-3245
CWE-502
High
Apache Tomcat Remote Code Execution Vulnerability
CVE-2017-12615
CWE-94
High
RCE with Spring Data Commons
CVE-2018-1273
CWE-94
High
PHPUnit Remote Code Execution
CVE-2017-9841
CWE-94
High
MobileIron Remote Code Execution via LogService
CVE-2020-15505
CWE-78
High
vBulletin 5.x 0day pre-auth RCE
-
CWE-94
High
BigIP iRule Tcl code injection
-
CWE-78
High
Telerik Web UI RadAsyncUpload Deserialization
CVE-2019-18935
CWE-78
High
Unauthenticated Remote Code Execution via JSONWS in Liferay 7.2.0 CE GA1
CVE-2020-7961
CWE-78
High
Unauthenticated Remote Code Execution via JSONWS in Liferay 6.1 (LPS-88051)
-
CWE-78
High
Grafana avatar SSRF
CVE-2020-13379
CWE-78
High
F5 BIG-IP Traffic Management User Interface (TMUI) RCE
CVE-2020-5902
CWE-78
High
Citrix ADC/Gateway Unauthenticated Remote Code Execution
CVE-2019-19781
CWE-22
High
Oracle WebLogic Remote Code Execution via IIOP
CVE-2020-2551
CWE-502
High
Oracle Business Intelligence AMF Deserialization RCE CVE-2020-2950
CVE-2020-2950
CWE-502
High
Apache Unomi MVEL RCE (CVE-2020-13942)
CVE-2020-13942
CWE-20
High
Telerik Web UI Insecure Direct Object Reference
CVE-2017-11357
CWE-78
High
Telerik Web UI Unrestricted File Upload (CVE-2017-11317)
CVE-2017-11317
CWE-78
High
Apache OFBiz XMLRPC Deserialization RCE (CVE-2020-9496/CVE-2023-49070)
CVE-2023-49070
CWE-502
High
Ruby on Rails DoubleTap RCE (CVE-2019-5420)
CVE-2019-5420
CWE-502
High
Telerik Web UI Unrestricted File Upload (CVE-2014-2217)
CVE-2014-2217
CWE-78
High
WordPress Plugin Product Table by WBW Remote Code Execution (2.0.1)
CVE-2024-6365
CWE-94
High
Liferay version older than 7.1
-
CWE-918
Medium
PHP eval() used on user input
-
CWE-95
Medium
PHP unserialize() used on user input
-
CWE-20
Medium
Hashicorp Consul API is accessible without authentication
-
CWE-200
Medium
Python object deserialization of user-supplied data
-
CWE-20
Medium
Liferay XMLRPC Blind SSRF
-
CWE-918
Medium
PHP object deserialization of user-supplied data
-
CWE-20
Medium
PHP curl_exec() url is controlled by user
CVE-2009-0037
CWE-352
Medium
Apache Solr SSRF CVE-2017-3164
CVE-2017-3164
CWE-918
Medium
PHP preg_replace used on user input
-
CWE-20
Medium
Symfony ESI (Edge-Side Includes) enabled
-
CWE-200
Low
«
1
...
3
4
5
6
