Vulnerability Name CVE Severity
ActiveMQ OpenWire RCE (CVE-2023-46604) CVE-2023-46604
Adobe Commerce/Magento "CosmicSting" XXE (CVE-2024-34102) CVE-2024-34102
Adobe Experience Manager Misconfiguration CVE-2016-0957
Apache HTTP Server mod_proxy SSRF (CVE-2021-40438) CVE-2021-40438
Apache Log4j socket receiver deserialization vulnerability CVE-2017-5645
Apache OFBiz Log4Shell RCE CVE-2021-44228
Apache OFBiz SOAPService Deserialization RCE CVE-2021-26295
Apache OFBiz SSRF (CVE-2023-50968) CVE-2023-50968
Apache OFBiz XMLRPC Deserialization RCE (CVE-2020-9496/CVE-2023-49070) CVE-2020-9496 CVE-2023-49070
Apache REST RCE CVE-2018-11770
Apache Shiro Deserialization RCE CVE-2016-4437
Apache Solr Deserialization of untrusted data via jmx.serviceUrl CVE-2019-0192
Apache Solr Log4Shell RCE CVE-2021-44228
Apache Solr Parameter Injection
Apache Solr SSRF CVE-2017-3164
Apache Struts2 remote code execution vulnerability CVE-2016-0785
Apache Struts2 Remote Command Execution (S2-052) CVE-2017-9805
Apache Struts2 Remote Command Execution (S2-053) CVE-2017-12611
Apache Unomi MVEL RCE (CVE-2020-13942) CVE-2020-13942
Appwrite favicon SSRF (CVE-2023-27159) CVE-2023-27159
Argument Injection
Atlassian OAuth Plugin IconUriServlet SSRF CVE-2017-9506
Auxiliary systems SSRF
Code Evaluation (Python)
Code Evaluation (Ruby)
ColdFusion AMF Deserialization RCE CVE-2017-3066
ColdFusion FlashGateway Deserialization RCE CVE-2019-7091 CVE-2019-7091
ColdFusion JNDI injection RCE CVE-2018-15957
ColdFusion WDDX Deserialization RCE (CVE-2023-29300/CVE-2023-38203/CVE-2023-38204) CVE-2023-29300 CVE-2023-38203 CVE-2023-38204
Cross-site Scripting via Remote File Inclusion
Data Binding Expression Vulnerability in Spring Web Flow CVE-2017-4971
Deserialization of Untrusted Data (.NET BinaryFormatter Object Deserialization)
Deserialization of Untrusted Data (Java JSON Deserialization) Fastjson
Deserialization of Untrusted Data (Java JSON Deserialization) Genson
Deserialization of Untrusted Data (Java JSON Deserialization) Jackson
Deserialization of Untrusted Data (Java JSON Deserialization) JsonIO
Deserialization of Untrusted Data (Java Object Deserialization)
Deserialization of Untrusted Data (XStream)
DNN (DotNetNuke) CMS Cookie Deserialization RCE CVE-2017-9822
Edge Side Include injection
Email Header Injection
Ext JS arbitrary file read
Flex BlazeDS AMF Deserialization RCE CVE-2017-5641
ForgeRock AM / OpenAM Deserialization RCE (CVE-2021-35464) CVE-2021-35464
GeoServer SSRF (CVE-2021-40822) CVE-2021-40822
GeoServer WMS SSRF (CVE-2023-43795) CVE-2023-43795
GhostScript RCE (Remote Code Execution) CVE-2016-3714
Gitlab CI Lint SSRF
GitLab ExifTool RCE (CVE-2021-22205) CVE-2021-22205
Hasura GraphQL API without authentication
HTTP/2 pseudo-header server side request forgery
Httpoxy vulnerability
IBM ODM JNDI injection (CVE-2024-22319) CVE-2024-22319
IBM WebSphere RCE Java Deserialization Vulnerability CVE-2015-7450
ImageMagick remote code execution CVE-2016-3714
imgproxy SSRF (CVE-2023-30019) CVE-2023-30019
Ivanti EPM SQLi RCE (CVE-2024-29824) CVE-2024-29824
Ivanti Sentry Authentication Bypass (CVE-2023-38035) CVE-2023-38035
JavaMelody XML External Entity (XXE) vulnerability CVE-2018-15531
Jboss Application Server HTTPServerILServlet.java remote code execution CVE-2017-7504
JBoss InvokerTransformer Remote Code Execution CVE-2015-7501
Jira Unauthorized SSRF via REST API CVE-2019-8451
Jolokia XML External Entity (XXE) vulnerability
Kentico CMS Deserialization RCE CVE-2019-10068
Keycloak request_uri SSRF (CVE-2020-10770) CVE-2020-10770
Liferay TunnelServlet Deserialization Remote Code Execution
Liferay XMLRPC Blind SSRF
ManageEngine Desktop Central Deserialization RCE (CVE-2020-10189) CVE-2020-10189
MobileIron Log4Shell RCE CVE-2021-44228
Next.js image Blind SSRF
OpenCms Chemistry Solr XML External Entity (XXE) vulnerability (CVE-2023-42346) CVE-2023-42346
OpenCms Chemistry XML External Entity (XXE) vulnerability (CVE-2023-42344) CVE-2023-42344
OpenCms Solr XML External Entity (XXE) vulnerability
Oracle Access Manager 'opensso' Deserialization RCE (CVE-2021-35587) CVE-2021-35587
Oracle ADF Faces 'Miracle' RCE (CVE-2022-21445) CVE-2022-21445
Oracle Business Intelligence AMF Deserialization RCE CVE-2020-2950 CVE-2020-2950
Oracle Business Intelligence Convert XXE CVE-2019-2767
Oracle Business Intelligence ReportTemplateService XXE (CVE-2021-2400) CVE-2021-2400
Oracle Business Intelligence ReportTemplateService XXE CVE-2019-2616
Oracle E-Business Suite Deserialization RCE
Oracle E-Business Suite SQL injection (CVE-2017-3549)
Oracle E-Business Suite SSRF (CVE-2017-10246) CVE-2017-10246
Oracle E-Business Suite SSRF (CVE-2018-3167) CVE-2018-3167
Oracle Reports rwservlet vulnerabilities CVE-2012-3152 CVE-2012-3153
Oracle Reports Services RWServlet environment variables disclosure
Oracle Weblogic Async Component Deserialization RCE CVE-2019-2725 CVE-2019-2725
Oracle WebLogic Remote Code Execution via IIOP CVE-2020-2551
Oracle WebLogic Remote Code Execution via T3 CVE-2018-3245
Oracle Weblogic T3 XXE (CVE-2019-2647) CVE-2019-2647
Oracle Weblogic T3 XXE (CVE-2019-2888) CVE-2019-2888
Oracle Weblogic WLS-WSAT Component Deserialization RCE CVE-2017-3506 CVE-2017-10271
Paperclip gem SSRF (Server side request forgery) CVE-2017-0889
Perl code injection
RCE in Ivanti Connect Secure and Policy Secure (CVE-2024-21887) CVE-2024-21887
RCE in SQL Server Reporting Services (SSRS) CVE-2020-0618
RCE with Spring Data Commons CVE-2018-1273
Remote code execution in bootstrap-sass 3.2.0.3 CVE-2019-10842
Remote code execution of user-provided local names in Rails CVE-2020-8163
Reverse proxy bypass CVE-2011-3368
Reverse proxy misrouting
Reverse proxy misrouting through HTTP/2 pseudo-headers (SSRF)
Ruby on Rails DoubleTap RCE (CVE-2019-5420)
SAML Consumer Service External Dereference SSRF
SAML Consumer Service XML entity injection (XXE)
SAML Consumer Service XSLT injection
SAP BO BIP SSRF (CVE-2020-6308)
SAP BO BIP XXE (CVE-2022-28213) CVE-2022-28213
SAP Hybris Deserialization RCE
SAP IGS XXE (CVE-2018-2392, CVE-2018-2393) CVE-2018-2393
SAP NW DI SSRF vulnerability (CVE-2021-33690) CVE-2021-33690
Sitecore XP Deserialization RCE (CVE-2021-42237) CVE-2021-42237
Skype for Business SSRF (CVE-2023-41763) CVE-2023-41763
SOAP WS-Addressing SSRF
Sonicwall SMA 100 Unintended proxy (CVE-2021-20042)
SSRF in Ivanti Connect Secure, Policy Secure and Neurons (CVE-2024-21893) CVE-2024-21893
SSRF in Server-Side Rendering
TorchServe Management API SSRF (CVE-2023-43654) CVE-2023-43654
Ubiquiti Unifi Log4Shell RCE CVE-2021-44228
Unauthenticated Remote Code Execution via JSONWS in Liferay 7.2.0 CE GA1 CVE-2020-0618 CVE-2020-7961
uWSGI Unauthorized Access Vulnerability
VMware Horizon Log4Shell RCE CVE-2021-44228
VMware vCenter Log4Shell RCE CVE-2021-44228
WS_FTP AHT Deserialization RCE (CVE-2023-40044) CVE-2023-40044
Xdebug remote code execution via xdebug.remote_connect_back
XML external entity injection
XML external entity injection (variant)
XML External Entity Injection via external file
XML external entity injection via File Upload
XSLT injection
XXE in Ivanti Connect Secure, Policy Secure and Neurons (CVE-2024-22024) CVE-2024-22024
Zend Framework local file disclosure via XXE injection CVE-2012-3363 CVE-2015-5161
Zimbra Collaboration Suite SSRF (CVE-2020-7796) CVE-2020-7796