🚀 Just released:
Latio 2026 Application Security Market Report.
Read it in our Whitepapers.
100% Signal 0% Noise
Platform
Invicti Platform
Zero-noise AppSec platform
Scan Code
Secure code before runtime
SAST
Early static security analysis
Open Source (SCA)
Find vulnerable dependencies
SBOM & License Risk
Generate SBOMs and track licenses
Secrets
Detect exposed secrets in applications
Infrastructure as Code
Ingest IaC security findings
Container
Track container image vulnerabilities
Test Runtime
Test live applications like attackers
DAST & AI DAST
Test runtime, prove exploitability
Agentic Pentesting
Automate real-world attack techniques
API Security Testing
Discover and test APIs
Attack Surface Management
Identify exposed apps and endpoints
Cloud AppSec
Get a single-pane view of cloud app risk
AI AppSec
Scan smarter, accelerate remediation
Manage Vulnerabilities
See, prioritize, reduce AppSec risk
Vulnerability Management (ASPM)
Centralize and correlate AppSec findings
Compliance & Executive Reporting
Measure risk and impact
Threat Intelligence
Reachability, exploitability, and business logic
Solutions
API Discovery
Manage Vulnerabilities
Automate Security Workflows
Track AppSec KPIs
Manage Open Source Risk
Pricing
Why Invicti
About Us
Case Studies
Contact Us
Careers
Resources
Resource Library
Blog
Webinars
White Papers
Podcasts
Invicti Learn
Savings Calculator
Live Training
Partners
Documentation
Get a demo
Home
/
Web Application Vulnerabilities
/ OOB Vulnerabilities
Web Application Vulnerabilities
Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise
Acunetix Standard & Premium
v.26.3.2229
OOB Vulnerabilities
This page lists
137 vulnerabilities
in this category.
Vulnerability Name
CVE
CWE
Severity
ActiveMQ OpenWire RCE (CVE-2023-46604)
CVE-2023-46604
CWE-502
Critical
Ivanti Sentry Authentication Bypass (CVE-2023-38035)
CVE-2023-38035
CWE-863
Critical
TorchServe Management API SSRF (CVE-2023-43654)
CVE-2023-43654
CWE-918
Critical
GhostScript RCE (Remote Code Execution)
CVE-2016-3714
CWE-78
Critical
WS_FTP AHT Deserialization RCE (CVE-2023-40044)
CVE-2023-40044
CWE-502
Critical
ColdFusion WDDX Deserialization RCE (CVE-2023-29300/CVE-2023-38203/CVE-2023-38204)
CVE-2023-38204
CWE-502
Critical
Code Evaluation (Python)
-
CWE-95
Critical
Adobe Commerce/Magento "CosmicSting" XXE (CVE-2024-34102)
CVE-2024-34102
CWE-611
Critical
Apache Log4j socket receiver deserialization vulnerability
CVE-2017-5645
CWE-502
Critical
Apache Struts2 Remote Command Execution (S2-053)
CVE-2017-12611
CWE-94
Critical
RCE in Ivanti Connect Secure and Policy Secure (CVE-2024-21887)
CVE-2024-21887
CWE-77
Critical
IBM ODM JNDI injection (CVE-2024-22319)
CVE-2024-22319
CWE-74
Critical
Apache OFBiz SSRF (CVE-2024-45507)
CVE-2024-45507
CWE-918
Critical
Apache Struts2 remote code execution vulnerability
CVE-2016-0785
CWE-78
Critical
Code Evaluation (Ruby)
-
CWE-94
Critical
Oracle E-Business Suite SSRF (CVE-2025-61882)
CVE-2025-61882
CWE-918
Critical
Code Evaluation (Perl)
-
CWE-94
Critical
PaloAlto Networks Expedition RCE (CVE-2024-9463)
CVE-2024-9465
CWE-918
Critical
Apache OFBiz XMLRPC Deserialization RCE (CVE-2020-9496/CVE-2023-49070)
CVE-2023-49070
CWE-502
High
RCE in SQL Server Reporting Services (SSRS)
CVE-2020-0618
CWE-78
High
HTTP/2 pseudo-header server side request forgery
-
CWE-918
High
GitLab ExifTool RCE (CVE-2021-22205)
CVE-2021-22205
CWE-918
High
ForgeRock AM / OpenAM Deserialization RCE (CVE-2021-35464)
CVE-2021-35464
CWE-502
High
Apache HTTP Server mod_proxy SSRF (CVE-2021-40438)
CVE-2021-40438
CWE-918
High
Zimbra Collaboration Suite SSRF (CVE-2020-7796)
CVE-2020-7796
CWE-918
High
Deserialization of Untrusted Data (XStream)
CVE-2020-26217
CWE-502
High
Sitecore XP Deserialization RCE (CVE-2021-42237)
CVE-2021-42237
CWE-502
High
Apache OFBiz SOAPService Deserialization RCE
CVE-2021-26295
CWE-502
High
Remote code execution of user-provided local names in Rails
CVE-2020-8163
CWE-94
High
Oracle WebLogic Remote Code Execution via IIOP
CVE-2020-2551
CWE-502
High
Unauthenticated Remote Code Execution via JSONWS in Liferay 7.2.0 CE GA1
CVE-2020-7961
CWE-78
High
Jolokia XML External Entity (XXE) vulnerability
-
CWE-611
High
SAP IGS XXE (CVE-2018-2392, CVE-2018-2393)
CVE-2018-2393
CWE-611
High
Oracle E-Business Suite Deserialization RCE
-
CWE-502
High
Ruby on Rails DoubleTap RCE (CVE-2019-5420)
CVE-2019-5420
CWE-502
High
Oracle E-Business Suite SQL injection (CVE-2017-3549)
CVE-2017-3549
CWE-89
High
Oracle E-Business Suite SSRF (CVE-2017-10246)
CVE-2017-10246
CWE-918
High
Apache Unomi MVEL RCE (CVE-2020-13942)
CVE-2020-13942
CWE-20
High
SAML Consumer Service XML entity injection (XXE)
-
CWE-611
High
Cross-site Scripting via Remote File Inclusion
-
CWE-79
High
ManageEngine Desktop Central Deserialization RCE (CVE-2020-10189)
CVE-2020-10189
CWE-502
High
SAP NW DI SSRF vulnerability (CVE-2021-33690)
CVE-2021-33690
CWE-918
High
Unvalidated JWT jku parameter
-
CWE-287
High
SAP BO BIP XXE (CVE-2022-28213)
CVE-2022-28213
CWE-112
High
GeoServer WMS SSRF (CVE-2023-43795)
CVE-2023-43795
CWE-918
High
GeoServer SSRF (CVE-2021-40822)
CVE-2021-40822
CWE-918
High
Skype for Business SSRF (CVE-2023-41763)
CVE-2023-41763
CWE-918
High
Apache OFBiz SSRF (CVE-2023-50968)
CVE-2023-50968
CWE-918
High
SSRF in Ivanti Connect Secure, Policy Secure and Neurons (CVE-2024-21893)
CVE-2024-21893
CWE-918
High
Ivanti EPM SQLi RCE (CVE-2024-29824)
CVE-2024-29824
CWE-89
High
SAML Consumer Service XSLT injection
-
CWE-91
High
SSRF in Server-Side Rendering
-
CWE-918
High
Oracle Access Manager 'opensso' Deserialization RCE (CVE-2021-35587)
CVE-2021-35587
CWE-502
High
Apache Solr Log4Shell RCE
CVE-2021-44228
CWE-78
High
OpenCms Chemistry XML External Entity (XXE) vulnerability (CVE-2023-42344)
CVE-2023-42344
CWE-611
High
OpenCms Chemistry Solr XML External Entity (XXE) vulnerability (CVE-2023-42346)
CVE-2023-42346
CWE-611
High
Appwrite favicon SSRF (CVE-2023-27159)
CVE-2023-27159
CWE-918
High
Deserialization of Untrusted Data (.NET BinaryFormatter Object Deserialization)
-
CWE-502
High
VMware vCenter Log4Shell RCE
CVE-2021-44228
CWE-78
High
VMware Horizon Log4Shell RCE
CVE-2021-44228
CWE-78
High
Ubiquiti Unifi Log4Shell RCE
CVE-2021-44228
CWE-78
High
Oracle ADF Faces 'Miracle' RCE (CVE-2022-21445)
CVE-2022-21445
CWE-502
High
Apache OFBiz Log4Shell RCE
CVE-2021-44228
CWE-78
High
MobileIron Log4Shell RCE
CVE-2021-44228
CWE-78
High
Kentico CMS Deserialization RCE
CVE-2019-10068
CWE-502
High
Oracle Business Intelligence AMF Deserialization RCE CVE-2020-2950
CVE-2020-2950
CWE-502
High
DNN (DotNetNuke) CMS Cookie Deserialization RCE CVE-2017-9822
CVE-2017-9822
CWE-502
High
Flex BlazeDS AMF Deserialization RCE
CVE-2017-5641
CWE-502
High
uWSGI Unauthorized Access Vulnerability
-
CWE-78
High
Paperclip gem SSRF (Server side request forgery)
CVE-2017-0889
CWE-918
High
Liferay TunnelServlet Deserialization Remote Code Execution
-
CWE-502
High
Deserialization of Untrusted Data (Java Object Deserialization)
-
CWE-502
High
Deserialization of Untrusted Data (Java JSON Deserialization) JsonIO
-
CWE-502
High
Deserialization of Untrusted Data (Java JSON Deserialization) Jackson
CVE-2017-7525
CWE-502
High
Deserialization of Untrusted Data (Java JSON Deserialization) Genson
-
CWE-502
High
1
2
»
