Code Execution - Vulnerabilities

Vulnerability Name	CVE CWE	CWE	Severity
.NET JSON.NET Deserialization RCE	CWE-502	CWE-502	High
Adobe Commerce/Magento "CosmicSting" XXE (CVE-2024-34102)	CVE-2024-34102 CWE-611	CWE-611	Critical
AjaxControlToolkit directory traversal	CVE-2015-4670 CWE-434	CWE-434	High
AjaxPro.NET Professional Deserialization RCE (CVE-2021-23758)	CWE-502	CWE-502	High
Apache 2.2.14 mod_isapi Dangling Pointer	CVE-2010-0425 CWE-20	CWE-20	High
Apache 2.x version older than 2.2.3	CVE-2006-3747 CWE-189	CWE-189	Medium
Apache HTTP Server Insecure Path Normalization (CVE-2021-41773, CVE-2021-42013)	CVE-2021-42013 CVE-2021-41773 CWE-22	CWE-22	High
Apache Log4j2 JNDI Remote Code Execution	CVE-2021-44228 CWE-78	CWE-78	Critical
Apache Log4j2 JNDI Remote Code Execution (404 page handler)	CVE-2021-44228 CWE-78	CWE-78	Critical
Apache Log4j2 JNDI Remote Code Execution (delayed)	CVE-2021-44228 CWE-78	CWE-78	Critical
Apache Log4j2 JNDI Remote Code Execution (per folder)	CVE-2021-44228 CWE-78	CWE-78	Critical
Apache Log4j socket receiver deserialization vulnerability	CVE-2017-5645 CWE-502	CWE-502	Critical
Apache mod_rewrite off-by-one buffer overflow vulnerability	CVE-2006-3747 CWE-189	CWE-189	High
Apache OFBiz Log4Shell RCE	CVE-2021-44228 CWE-78	CWE-78	High
Apache OFBiz RCE (CVE-2024-32113)	CVE-2024-32113 CWE-22	CWE-22	Critical
Apache OFBiz SOAPService Deserialization RCE	CVE-2021-26295 CWE-502	CWE-502	High
Apache OFBiz XMLRPC Deserialization RCE (CVE-2020-9496/CVE-2023-49070)	CVE-2020-9496 CVE-2023-49070 CWE-502	CWE-502	High
Apache Shiro Deserialization RCE	CVE-2016-4437 CWE-78	CWE-78	High
Apache Solr Deserialization of untrusted data via jmx.serviceUrl	CVE-2019-0192		High
Apache Solr Log4Shell RCE	CVE-2021-44228 CWE-78	CWE-78	High
Apache Solr SSRF CVE-2017-3164	CWE-918	CWE-918	Medium
Apache Struts 2 ClassLoader manipulation and denial of service	CVE-2014-0112 CVE-2014-0113 CVE-2014-0114 CWE-701	CWE-701	High
Apache Struts 2 ClassLoader manipulation and denial of service (S2-020)	CVE-2014-0094 CVE-2014-0050 CWE-701	CWE-701	High
Apache Struts2 remote code execution vulnerability	CVE-2016-0785 CWE-78	CWE-78	Critical
Apache Struts2 Remote Command Execution (S2-048)	CVE-2017-9791 CWE-94	CWE-94	High
Apache Struts2 Remote Command Execution (S2-052)	CVE-2017-9805 CWE-94	CWE-94	High
Apache Struts2 Remote Command Execution (S2-053)	CVE-2017-12611 CWE-94	CWE-94	Critical
Apache Struts Remote Code Execution (S2-057)	CVE-2018-11776 CWE-917	CWE-917	High
Apache Tapestry Unauthenticated RCE (CVE-2019-0195, CVE-2021-27850)	CVE-2021-27850 CWE-200	CWE-200	High
Apache Tomcat Remote Code Execution Vulnerability	CVE-2017-12615 CWE-94	CWE-94	High
Apache Unomi MVEL RCE (CVE-2020-13942)	CVE-2020-13942 CWE-20	CWE-20	High
Arbitrary EL Evaluation in RichFaces	CWE-917	CWE-917	High
Argument Injection	CWE-88	CWE-88	High
Atlassian Crowd Remote Code Execution	CVE-2019-11580 CWE-78	CWE-78	High
Authentication bypass via MongoDB operator injection	CWE-943	CWE-943	High
Bash code injection vulnerability	CVE-2014-6271 CWE-78	CWE-78	Critical
BigIP iRule Tcl code injection	CWE-78	CWE-78	High
Bonita Authorization Bypass (CVE-2022-25237)	CVE-2022-25237 CWE-863	CWE-863	High
Cacti Unauthenticated Command Injection (CVE-2022-46169)	CVE-2022-46169 CWE-77	CWE-77	Critical
CakePHP 1.3.5 / 1.2.8 unserialize() vulnerability	CVE-2010-4335 CWE-20	CWE-20	High
Check for apache versions up to 1.3.25, 2.0.38	CVE-2002-0392 CWE-119	CWE-119	High
Cisco IOS XE Web UI Implant (CVE-2023-20198)	CVE-2023-20198 CWE-912	CWE-912	Critical
Citrix ADC/Gateway Unauthenticated Remote Code Execution	CVE-2019-19781 CWE-22	CWE-22	High
Cmd hijack vulnerability	CWE-94	CWE-94	High
Code Evaluation (Apache Struts) S2-016	CVE-2013-2251 CWE-20	CWE-20	Critical
Code Evaluation (Apache Struts) S2-045	CVE-2017-5638 CWE-94	CWE-94	Critical
Code Evaluation (Apache Struts) S2-046	CVE-2017-5638 CWE-94	CWE-94	High
Code Evaluation (ASP)	CWE-95	CWE-95	Critical
Code Evaluation (PHP)	CWE-94	CWE-94	Critical
Code Evaluation (Python)	CWE-95	CWE-95	Critical
Code Evaluation (Ruby)	CWE-94	CWE-94	Critical
CodeIgniter weak encryption key	CWE-200	CWE-200	High
ColdFusion 8 FCKEditor file upload vulnerability	CVE-2009-2265 CWE-22	CWE-22	High
ColdFusion AMF Deserialization RCE	CVE-2017-3066 CWE-502	CWE-502	High
ColdFusion CFC Deserialization RCE (CVE-2023-26359/CVE-2023-26360)	CVE-2023-26359 CVE-2023-26360 CWE-502	CWE-502	High
ColdFusion FlashGateway Deserialization RCE CVE-2019-7091	CVE-2019-7091 CWE-502	CWE-502	High
ColdFusion JNDI injection RCE	CVE-2018-15957 CWE-502	CWE-502	High
Command Injection	CWE-94	CWE-94	Critical
Craft CMS RCE (CVE-2023-41892)	CVE-2023-41892 CWE-94	CWE-94	Critical
CrushFTP SSTI (CVE-2024-4040)	CVE-2024-4040 CWE-94	CWE-94	Critical
D-Link NAS Backdoor Account RCE (CVE-2024-3273, CVE-2024-3272)	CVE-2024-3273 CVE-2024-3272 CWE-77	CWE-77	Critical
Database User Has Admin Privileges	CWE-267	CWE-267	High
Data Binding Expression Vulnerability in Spring Web Flow	CVE-2017-4971 CWE-78	CWE-78	High
DotCMS unrestricted file upload (CVE-2022-26352)	CVE-2022-26352 CWE-434	CWE-434	High
Drupal 7 arbitrary PHP code execution and information disclosure	CVE-2012-4553 CVE-2012-4554 CWE-264	CWE-264	High
Drupal Core 4.6.x Arbitrary Code Execution (4.6.0 - 4.6.6)	CVE-2006-2743 CWE-95	CWE-95	High
Drupal Core 4.6.x Arbitrary Code Execution (4.6.0 - 4.6.7)	CVE-2006-2831 CWE-95	CWE-95	High
Drupal Core 4.7.x Arbitrary Code Execution (4.7.0 - 4.7.5)	CVE-2007-0626 CWE-95	CWE-95	High
Drupal Core 4.7.x Arbitrary Code Execution (4.7.0)	CVE-2006-2743 CWE-95	CWE-95	High
Drupal Core 5.x Arbitrary Code Execution (5.0 - 5.2)	CVE-2007-5593 CWE-95	CWE-95	High
Drupal Core 5.x Arbitrary Code Execution (5.0)	CVE-2007-0626 CWE-95	CWE-95	High
Drupal Core 6.x Remote Code Execution (6.0 - 6.38)	CVE-2018-7600 CWE-94	CWE-94	High
Drupal Core 7.x Remote Code Execution (7.0 - 7.57)	CVE-2018-7600 CWE-94	CWE-94	High
Drupal Core 7.x Remote Code Execution (7.0 - 7.58)	CVE-2018-7602 CWE-94	CWE-94	High
Drupal Core 7.x Remote Code Execution (7.0 - 7.73)	CVE-2020-13671 CWE-434	CWE-434	High
Drupal Core 7.x Remote Code Execution (7.0 - 7.74)	CVE-2020-28948 CVE-2020-28949 CWE-434	CWE-434	High
Drupal Core 8.4.x Remote Code Execution (8.4.0 - 8.4.5)	CVE-2018-7600 CWE-94	CWE-94	High
Drupal Core 8.4.x Remote Code Execution (8.4.0 - 8.4.7)	CVE-2018-7602 CWE-94	CWE-94	High
Drupal Core 8.5.0 Remote Code Execution (8.5.0)	CVE-2018-7600 CWE-94	CWE-94	High
Drupal Core 8.5.x Remote Code Execution (8.5.0 - 8.5.2)	CVE-2018-7602 CWE-94	CWE-94	High
Drupal Core 8.5.x Remote Code Execution (8.5.0 - 8.5.10)	CVE-2019-6340 CWE-94	CWE-94	High
Drupal Core 8.6.x Remote Code Execution (8.6.0 - 8.6.9)	CVE-2019-6340 CWE-94	CWE-94	High
Drupal Core 8.8.x Remote Code Execution (8.8.0 - 8.8.7)	CVE-2020-13664 CWE-94	CWE-94	High
Drupal Core 8.8.x Remote Code Execution (8.8.0 - 8.8.10)	CVE-2020-13671 CWE-434	CWE-434	High
Drupal Core 8.8.x Remote Code Execution (8.8.0 - 8.8.11)	CVE-2020-28948 CVE-2020-28949 CWE-434	CWE-434	High
Drupal Core 8.9.0 Remote Code Execution (8.9.0)	CVE-2020-13664 CWE-94	CWE-94	High
Drupal Core 8.9.x Remote Code Execution (8.9.0 - 8.9.8)	CVE-2020-13671 CWE-434	CWE-434	High
Drupal Core 8.9.x Remote Code Execution (8.9.0 - 8.9.9)	CVE-2020-28948 CVE-2020-28949 CWE-434	CWE-434	High
Drupal Core 8.x.x Remote Code Execution (8.0.0 - 8.3.8)	CVE-2018-7600 CWE-94	CWE-94	High
Drupal Core 8.x.x Remote Code Execution (8.0.0 - 8.4.8)	CVE-2019-6340 CWE-94	CWE-94	High
Drupal Core 8.x.x Remote Code Execution (8.0.0 - 8.7.14)	CVE-2020-13664 CWE-94	CWE-94	High
Drupal Core 9.0.0 Remote Code Execution (9.0.0)	CVE-2020-13664 CWE-94	CWE-94	High
Drupal Core 9.0.x Remote Code Execution (9.0.0 - 9.0.7)	CVE-2020-13671 CWE-434	CWE-434	High
Drupal Core 9.0.x Remote Code Execution (9.0.0 - 9.0.8)	CVE-2020-28948 CVE-2020-28949 CWE-434	CWE-434	High
Drupal Core 9.3.x Remote Code Execution (9.3.0 - 9.3.18)	CVE-2022-25277 CWE-434	CWE-434	High
Drupal Core 9.4.x Remote Code Execution (9.4.0 - 9.4.2)	CVE-2022-25277 CWE-434	CWE-434	High
Drupal Core Remote Code Execution (8.0.0 - 9.2.21)	CVE-2022-25277 CWE-434	CWE-434	High
Drupal Remote Code Execution (SA-CORE-2018-002)	CVE-2018-7600 CWE-94	CWE-94	High
Drupal Remote Code Execution (SA-CORE-2018-004)	CVE-2018-7602 CWE-94	CWE-94	High
Drupal REST Remote Code Execution	CVE-2019-6340 CWE-78	CWE-78	High
Ektron CMS multiple vulnerabilities	CWE-434	CWE-434	High
EktronCMS Saxon XSLT parser remote code execution	CVE-2015-0931 CWE-78	CWE-78	High
Ektron CMS unauthenticated code execution and Local File Read	CVE-2012-5357 CVE-2012-5358 CWE-20	CWE-20	High
Elasticsearch remote code execution	CVE-2014-3120 CWE-78	CWE-78	High
elFinder RCE (CVE-2021-32682)	CVE-2021-32682 CWE-22	CWE-22	High
F5 BIG-IP Request Smuggling (CVE-2023-46747)	CVE-2023-46747 CWE-288	CWE-288	Critical
F5 BIG-IP Traffic Management User Interface (TMUI) RCE	CVE-2020-5902 CWE-78	CWE-78	High
F5 iControl REST unauthenticated remote command execution vulnerability	CVE-2021-22986 CWE-78	CWE-78	High
FastCGI Unauthorized Access Vulnerability	CWE-78	CWE-78	High
Flask debug mode	CWE-489	CWE-489	High
Flex BlazeDS AMF Deserialization RCE	CVE-2017-5641 CWE-502	CWE-502	High
ForgeRock AM / OpenAM Deserialization RCE (CVE-2021-35464)	CVE-2021-35464 CWE-502	CWE-502	High
Fortinet Authentication bypass on administrative interface	CVE-2022-40684 CWE-288	CWE-288	High
Fortinet FortiNAC RCE via arbitrary file upload	CVE-2022-39952 CWE-610	CWE-610	High
Fortinet Out-Of-Bound Memory Write RCE (CVE-2024-21762)	CVE-2024-21762 CWE-787	CWE-787	Critical
Gallery 3.0.4 remote code execution	CWE-20	CWE-20	High
GeoServer RCE (CVE-2024-36401)	CVE-2024-36401 CWE-94	CWE-94	Critical
GhostScript RCE (Remote Code Execution)	CVE-2016-3714 CWE-78	CWE-78	Critical
GitLab ExifTool RCE (CVE-2021-22205)	CVE-2021-22205 CWE-918	CWE-918	High
GlobalProtect PAN-OS RCE (CVE-2024-3400)	CVE-2024-3400 CWE-77	CWE-77	Critical
GoAhead web server remote code execution	CVE-2017-17562 CWE-94	CWE-94	High
Grafana avatar SSRF	CVE-2020-13379 CWE-78	CWE-78	High
Grav CMS Unauthenticated RCE (CVE-2021-21425)	CWE-284	CWE-284	High
Hashicorp Consul API is accessible without authentication	CWE-200	CWE-200	Medium
HipChat for JIRA plugin - Velocity template injection	CVE-2015-5603 CWE-94	CWE-94	High
Horde/IMP Plesk webmail exploit	CWE-20	CWE-20	High
Horde Imp Unauthenticated Remote Command Execution	CVE-2018-19518 CWE-94	CWE-94	High
Horde remote code execution	CVE-2014-1691 CWE-94	CWE-94	High
HTTP.sys remote code execution vulnerability	CVE-2015-1635 CWE-119	CWE-119	High
IBM ODM JNDI injection (CVE-2024-22319)	CVE-2024-22319 CWE-74	CWE-74	Critical
IBM WebSphere RCE Java Deserialization Vulnerability	CVE-2015-7450 CWE-502	CWE-502	High
ImageMagick remote code execution	CVE-2016-3714 CWE-78	CWE-78	High
Invision Power Board version 3.3.4 unserialize PHP code execution	CVE-2012-5692 CWE-20	CWE-20	High
Ivanti EPM SQLi RCE (CVE-2024-29824)	CVE-2024-29824 CWE-89	CWE-89	High
Ivanti Sentry Authentication Bypass (CVE-2023-38035)	CVE-2023-38035 CWE-863	CWE-863	Critical
Java Debug Wire Protocol remote code execution	CWE-94	CWE-94	High
Jboss Application Server HTTPServerILServlet.java remote code execution	CVE-2017-7504 CWE-502	CWE-502	High
JBoss InvokerTransformer Remote Code Execution	CVE-2015-7501 CWE-502	CWE-502	High
JBoss Seam framework remote code execution	CVE-2010-1871 CWE-94	CWE-94	High
Joomla! Core 3.9.x Remote Code Execution (3.9.7 - 3.9.8)	CVE-2019-14654 CWE-94	CWE-94	High
Joomla! Core 3.x.x Remote Code Execution (3.7.0 - 3.8.7)	CVE-2018-11321 CWE-94	CWE-94	High
Joomla! Core Remote Code Execution (1.5.0 - 3.4.5)	CVE-2015-8562 CWE-94	CWE-94	High
Joomla! JCE arbitrary file upload	CWE-20	CWE-20	High
Joomla! JomSocial remote code execution	CWE-94	CWE-94	High
Joomla! remote code execution vulnerability	CVE-2015-8562 CWE-94	CWE-94	High
Juniper Junos OS J-Web RCE (CVE-2023-36845/CVE-2023-36846)	CVE-2023-36845 CVE-2023-36846 CWE-473	CWE-473	Critical
Kramer VIAware RCE (CVE-2021-36356/CVE-2021-35064)	CVE-2021-36356 CVE-2019-17124 CVE-2021-35064 CWE-434	CWE-434	Critical
Liferay TunnelServlet Deserialization Remote Code Execution	CWE-502	CWE-502	High
Liferay version older than 7.0	CWE-502	CWE-502	High
Liferay version older than 7.1	CWE-918	CWE-918	Medium
Liferay XMLRPC Blind SSRF	CWE-918	CWE-918	Medium
Lotus Notes formula injection	CWE-89	CWE-89	High
Lucee CF_CLIENT_ RCE	CWE-200	CWE-200	Critical
Lucee Unset Admin Password	CWE-200	CWE-200	Critical
Magento remote code execution	CVE-2015-1397 CVE-2015-1398 CVE-2015-1399 CWE-94	CWE-94	High
ManageEngine Desktop Central Deserialization RCE (CVE-2020-10189)	CVE-2020-10189 CWE-502	CWE-502	High
MediaWiki remote code execution	CVE-2014-1610 CWE-20	CWE-20	High
Microsoft Exchange Server Pre-auth Path Confusion vulnerability (CVE-2021-34473)	CVE-2021-34473 CWE-918	CWE-918	High
Microsoft Exchange Server Server-Side Request Forgery (SSRF) vulnerability	CVE-2021-26855 CWE-918	CWE-918	High
Microsoft IIS 6.0 WebDAV Buffer Overflow	CVE-2017-7269 CWE-287	CWE-287	High
Missing Authentication Check in SAP Solution Manager	CVE-2020-6207 CWE-287	CWE-287	High
MobileIron Log4Shell RCE	CVE-2021-44228 CWE-78	CWE-78	High
MobileIron Remote Code Execution via LogService	CVE-2020-15505 CWE-78	CWE-78	High
MoinMoin CVE-2012-6081 multiple arbitrary code execution vulnerabilities	CVE-2012-6081 CWE-434	CWE-434	High
MongoDB $where operator JavaScript injection	CWE-943	CWE-943	High
MongoDB injection	CWE-943	CWE-943	High
MovableType remote code execution	CVE-2015-1592 CWE-94	CWE-94	High
Moveable Type 4.x unauthenticated remote command execution	CVE-2013-0209 CWE-287	CWE-287	High
Multiple critical vulnerabilities in Apache Struts2	CVE-2012-0393 CWE-264	CWE-264	High
Multiple vulnerabilities reported in Parallels Plesk Sitebuilder	CWE-94	CWE-94	High
Mura/Masa CMS JSON API RCE	CWE-200	CWE-200	Critical
Nagios XI Magpie_debug.php Unauthenticated RCE	CVE-2018-15708 CWE-94	CWE-94	High
Nette framework PHP code injection via callback	CVE-2020-15227 CWE-94	CWE-94	High
Nginx PHP code execution via FastCGI	CWE-94	CWE-94	High
Nginx stack-based buffer overflow	CVE-2013-2028 CWE-189	CWE-189	High
node-serialize Insecure Deserialization	CVE-2017-5941 CWE-502	CWE-502	High
Node.js Debugger Unauthorized Access Vulnerability	CWE-200	CWE-200	High
Node.js Inspector Unauthorized Access Vulnerability	CWE-200	CWE-200	High
OpenX 2.8.10 backdoor	CVE-2013-4211 CWE-95	CWE-95	High
OpenX arbitrary file upload	CVE-2009-4140 CWE-434	CWE-434	High
Oracle Access Manager 'opensso' Deserialization RCE (CVE-2021-35587)	CVE-2021-35587 CWE-502	CWE-502	High
Oracle ADF Faces 'Miracle' RCE (CVE-2022-21445)	CVE-2022-21445 CWE-502	CWE-502	High
Oracle Business Intelligence AMF Deserialization RCE CVE-2020-2950	CVE-2020-2950 CWE-502	CWE-502	High
Oracle E-Business Suite Unauthenticated Remote Code Execution	CVE-2022-21587 CWE-94	CWE-94	High
Oracle Reports rwservlet vulnerabilities	CVE-2012-3152 CVE-2012-3153 CWE-20	CWE-20	High
Oracle Sun GlassFish/Java System Application Server Remote Authentication Bypass Vulnerability	CVE-2011-0807 CWE-287	CWE-287	High
Oracle Weblogic Async Component Deserialization RCE CVE-2019-2725	CVE-2019-2725 CWE-94	CWE-94	High
Oracle WebLogic Remote Code Execution (CVE-2020-14882)	CVE-2020-14882 CWE-78	CWE-78	Critical
Oracle WebLogic Remote Code Execution via IIOP	CVE-2020-2551 CWE-502	CWE-502	High
Oracle WebLogic Remote Code Execution via T3	CVE-2018-3245 CWE-502	CWE-502	High
Oracle Weblogic WLS-WSAT Component Deserialization RCE	CVE-2017-3506 CVE-2017-10271 CWE-94	CWE-94	High
Perl code injection	CWE-94	CWE-94	Critical
PHP-CGI remote code execution	CVE-2012-1823 CVE-2012-2311 CWE-20	CWE-20	High
PHP4 IMAP module buffer overflow vulnerability	CWE-119	CWE-119	Medium
PHP4 multiple vulnerabilities	CVE-2003-0860 CVE-2003-0861 CWE-119	CWE-119	High
PHP 4.3.0 file disclosure and possible code execution	CVE-2003-0097 CWE-20	CWE-20	Medium
PHP 5.3.9 remote code execution	CVE-2012-0830 CWE-399	CWE-399	High
PHP CGI Argument Injection (CVE-2024-4577)	CVE-2024-4577 CWE-78	CWE-78	Critical
PHP code injection (pmwiki)	CWE-94	CWE-94	High
PHP curl_exec() url is controlled by user	CVE-2009-0037 CWE-352	CWE-352	Medium
PHP eval() used on user input	CWE-95	CWE-95	Medium
PHP HTTP POST incorrect MIME header parsing vulnerability	CVE-2002-0717 CWE-20	CWE-20	Medium
phpMoAdmin remote code execution	CWE-95	CWE-95	High
phpMyAdmin v3.5.2.2 backdoor	CVE-2012-5159 CWE-95	CWE-95	High
PHP object deserialization of user-supplied data	CWE-20	CWE-20	Medium
PHP preg_replace used on user input	CWE-20	CWE-20	Medium
phpThumb() fltr[] parameter command injection vulnerability	CVE-2010-1598 CWE-20	CWE-20	High
PHPUnit Remote Code Execution	CVE-2017-9841 CWE-94	CWE-94	High
PHP unserialize() used on user input	CWE-20	CWE-20	Medium
PHP version older than 4.3.8	CVE-2004-0594 CVE-2004-0595 CWE-1104	CWE-1104	Medium
PHP version older than 5.2.1	CVE-2007-1376 CVE-2007-1380 CVE-2007-1453 CVE-2007-1454 CWE-1104	CWE-1104	High
PHP version older than 5.2.3	CVE-2007-1900 CVE-2007-2756 CVE-2007-2872 CWE-1104	CWE-1104	High
PHP version older than 5.2.5	CVE-2007-4840 CVE-2007-4887 CVE-2007-5898 CVE-2007-5899 CVE-2007-5900 CWE-1104	CWE-1104	High
PHP version older than 5.2.6	CVE-2007-4850 CVE-2008-0599 CVE-2008-0674 CVE-2008-1384 CVE-2008-2050 CVE-2008-2051 CWE-1104	CWE-1104	High
Plone arbitrary code execution	CVE-2011-3587 CWE-78	CWE-78	High
PrimeFaces 5.x Expression Language injection	CVE-2017-1000486		High
Progress Kemp LoadMaster RCE (CVE-2024-1212)	CVE-2024-1212 CWE-78	CWE-78	Critical
Python Debugger Unauthorized Access Vulnerability	CWE-200	CWE-200	High
Python object deserialization of user-supplied data	CWE-20	CWE-20	Medium
Rails remote code execution using render :inline	CVE-2016-2098 CWE-94	CWE-94	High
RCE in Ivanti Connect Secure and Policy Secure (CVE-2024-21887)	CVE-2024-21887 CWE-77	CWE-77	Critical
RCE in SQL Server Reporting Services (SSRS)	CVE-2020-0618 CWE-78	CWE-78	High
RCE with Spring Data Commons	CVE-2018-1273 CWE-94	CWE-94	High
Reflected Cross-Site Scripting (XSS) vulnerability in PAN-OS management web interface	CVE-2020-2036 CWE-79	CWE-79	High
Rejetto HTTP File Server SSTI RCE (CVE-2024-23692)	CVE-2024-23692 CWE-1336	CWE-1336	Critical
Remote Code Execution (RCE) in Spring Security OAuth	CVE-2016-4977 CWE-94	CWE-94	High
Remote Code Execution (Spring4Shell)	CVE-2022-22965 CWE-94	CWE-94	Critical
Remote code execution in bootstrap-sass 3.2.0.3	CVE-2019-10842 CWE-95	CWE-95	High
Remote code execution of user-provided local names in Rails	CVE-2020-8163 CWE-94	CWE-94	High
Remote code execution vulnerability in WordPress Duplicator	CWE-98	CWE-98	High
Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (CVE-2024-6387)	CVE-2024-6387 CWE-362	CWE-362	High
Ruby on Rails directory traversal vulnerability	CVE-2014-0130 CWE-22	CWE-22	High
Ruby on Rails DoubleTap RCE (CVE-2019-5420)	CWE-502	CWE-502	High
Ruby on Rails weak/known secret token	CVE-2013-0156 CWE-200	CWE-200	High
SAP Hybris Deserialization RCE	CWE-502	CWE-502	High
SAP NetWeaver ConfigServlet remote command execution	CWE-94	CWE-94	High
Security update: Hotfix available for ColdFusion	CVE-2013-0625 CVE-2013-0629 CVE-2013-0631 CVE-2013-0632 CWE-255	CWE-255	High
Server-side JavaScript injection	CWE-20	CWE-20	High
Server-Side Template Injection	CWE-20	CWE-20	Critical
Sitecore XP Deserialization RCE (CVE-2021-42237)	CVE-2021-42237 CWE-502	CWE-502	High
Sitecore XP TemplateParser RCE (CVE-2023-35813)	CVE-2023-35813 CWE-94	CWE-94	Critical
SonicWall SSL-VPN 8.0.0.0 RCE via ShellShock exploit	CWE-78	CWE-78	High
Spring Boot Whitelabel Error Page SpEL	CWE-94	CWE-94	High
Spring Data REST RCE via PATCH requests	CVE-2017-8046 CWE-94	CWE-94	High
Struts 2 development mode	CWE-489	CWE-489	High
Struts2/XWork remote command execution (S2-014)	CVE-2013-1966 CVE-2013-2115 CWE-94	CWE-94	High
Symfony ESI (Edge-Side Includes) enabled	CWE-16	CWE-16	Low
Symfony RCE via weak/predictable APP_SECRET	CWE-94	CWE-94	High
Symfony weak application secret	CWE-94	CWE-94	High
SysAid On-Premise RCE (CVE-2023-47246)	CVE-2023-47246 CWE-22	CWE-22	Critical
Telerik Web UI Insecure Direct Object Reference	CVE-2017-11357 CWE-78	CWE-78	High
Telerik Web UI RadAsyncUpload Deserialization	CVE-2019-18935 CWE-78	CWE-78	High
Telerik Web UI Unrestricted File Upload (CVE-2014-2217)	CVE-2014-2217 CWE-78	CWE-78	High
Telerik Web UI Unrestricted File Upload (CVE-2017-11317)	CVE-2017-11317 CWE-78	CWE-78	High
Text4shell: Apache Commons Text RCE via insecure interpolation	CVE-2022-42889 CWE-94	CWE-94	Critical
ThinkPHP v5.0.22/5.1.29 Remote Code Execution Vulnerability	CWE-94	CWE-94	High
Tiki Wiki CMS: Arbitrary Code Execution			High
Tiki Wiki CMS: Remote Code Execution via Calendar Module			High
timthumb.php remote code execution	CVE-2011-4106 CWE-20	CWE-20	High
TimThumb WebShot remote code execution	CWE-94	CWE-94	High
TinyMCE ajax_create_folder remote code execution vulnerability	CWE-94	CWE-94	High
Ubiquiti Unifi Log4Shell RCE	CVE-2021-44228 CWE-78	CWE-78	High
Umbraco CMS remote code execution	CWE-94	CWE-94	High
Umbraco CMS TemplateService remote code execution	CVE-2013-4793 CWE-94	CWE-94	High
Unauthenticated OGNL injection in Confluence Server and Data Center	CVE-2021-26084 CWE-917	CWE-917	High
Unauthenticated OGNL injection in Confluence Server and Data Center (CVE-2023-22527)	CVE-2023-22527 CWE-917	CWE-917	Critical
Unauthenticated Remote Code Execution via JSONWS in Liferay 6.1 (LPS-88051)	CWE-78	CWE-78	High
Unauthenticated Remote Code Execution via JSONWS in Liferay 7.2.0 CE GA1	CVE-2020-0618 CVE-2020-7961 CWE-78	CWE-78	High
Unauthenticated remote code execution vulnerability in Confluence Server and Data Center	CVE-2022-26134 CWE-917	CWE-917	High
uWSGI Unauthorized Access Vulnerability	CWE-78	CWE-78	High
vBSEO 3.6.0 PHP code injection	CVE-2012-5223 CWE-94	CWE-94	High
vBulletin 5 CONNECT remote code execution	CWE-94	CWE-94	High
vBulletin 5.x 0day pre-auth RCE	CWE-94	CWE-94	High
vBulletin PHP object injection vulnerability	CWE-915	CWE-915	High
vBulletin Pre-Auth RCE Vulnerability	CVE-2020-17496 CWE-94	CWE-94	High
VMware Aria Operations for Networks RCE (CVE-2023-20887)	CVE-2023-20887 CWE-77	CWE-77	Critical
VMware Horizon Log4Shell RCE	CVE-2021-44228 CWE-78	CWE-78	High
VMware vCenter Log4Shell RCE	CVE-2021-44228 CWE-78	CWE-78	High
VMware vCenter Server Unauthorized Remote Code Execution	CVE-2021-21972 CWE-78	CWE-78	High
VMware Workspace ONE Access SSTI (CVE-2022-22954)	CVE-2022-22954 CWE-94	CWE-94	High
WebDAV remote code execution	CWE-434	CWE-434	High
Webmin v1.920 Unauhenticated Remote Command Execution	CVE-2019-15107 CWE-94	CWE-94	High
WooFramework shortcode exploit	CWE-95	CWE-95	High
WordPress 'wp-admin/options.php' Remote Code Execution Vulnerability (0.6.2 - 2.3.2)	CVE-2008-5695 CWE-20	CWE-20	High
WordPress 2.0.2 Username Remote PHP Code Injection Vulnerability (0.6.2 - 2.0.2)	CVE-2006-2667 CVE-2006-2702 CWE-94	CWE-94	High
WordPress 2.1.1 Command Execution Backdoor Vulnerability (2.1.1)	CVE-2007-1277 CWE-94	CWE-94	High
WordPress 2.6.2 Remote Code Execution Vulnerability (0.70 - 2.6.2)	CVE-2008-4796 CWE-94	CWE-94	High
WordPress 5.9.x Shortcode Execution (5.9 - 5.9.6)	CWE-862	CWE-862	High
WordPress 6.0.x Shortcode Execution (6.0 - 6.0.4)	CWE-862	CWE-862	High
WordPress 6.1.x Shortcode Execution (6.1 - 6.1.2)	CWE-862	CWE-862	High
WordPress 6.2.x Shortcode Execution (6.2 - 6.2.1)	CWE-862	CWE-862	High
WordPress 6.4.x Remote Code Execution (6.4 - 6.4.1)	CWE-502	CWE-502	High
WordPress caching plugins PHP code execution	CVE-2013-2010 CWE-95	CWE-95	High
WordPress Cookie Data PHP Code Injection Vulnerability (1.5 - 1.5.1.3)	CVE-2005-2612 CWE-94	CWE-94	High
WordPress OptimizePress unrestricted file upload	CVE-2013-7102 CWE-20	CWE-20	High
WordPress Plugin AccessAlly PHP Code Execution (3.3.1)	CWE-94	CWE-94	High
WordPress Plugin Ad Inserter-Ad Manager & AdSense Ads Remote Code Execution (2.4.21)	CVE-2019-15324 CWE-94	CWE-94	High
WordPress Plugin Advanced Access Manager Arbitrary Code Execution (2.8.2)	CVE-2014-6059 CWE-95	CWE-95	High
WordPress Plugin Ajax Search Lite Remote Command Execution (3.1)	CWE-95	CWE-95	High
WordPress Plugin All-in-One WP Migration Remote Code Execution (2.0.2)	CVE-2014-8794 CWE-94	CWE-94	High
WordPress Plugin All in One SEO-Best WordPress SEO-Easily Improve SEO Rankings & Increase Traffic Remote Code Execution (4.1.0.1)	CVE-2021-24307 CWE-94	CWE-94	High
WordPress Plugin Analytics Remote Code Execution (1.7)	CWE-94	CWE-94	High
WordPress Plugin Arigato Autoresponder and Newsletter Remote Code Execution (2.5.1.9)	CVE-2018-18461 CWE-94	CWE-94	High
WordPress Plugin Backup Migration Remote Code Execution (1.3.7)	CVE-2023-6553 CWE-94	CWE-94	High
WordPress Plugin BackWPup Remote and Local Code Execution (1.6.1)	CVE-2011-4342 CVE-2011-5208 CWE-22 CWE-94	CWE-22 CWE-94	High
WordPress Plugin Best Seo Remote Code Execution (1.5)	CWE-94	CWE-94	High
WordPress Plugin BJ Lazy Load Remote Code Execution (0.7.5)	CWE-94	CWE-94	High
WordPress Plugin Bricks Remote Code Execution (1.9.6)	CVE-2024-25600 CWE-94	CWE-94	High
WordPress Plugin Broadcast Live Video-Live Streaming:HTML5, WebRTC, HLS, RTSP, RTMP Remote Code Execution (5.5.15)	CVE-2023-25699 CWE-94	CWE-94	High
WordPress Plugin Catch Themes Demo Import Remote Code Execution (2.1)	CVE-2022-0440 CWE-94	CWE-94	High
WordPress Plugin CiviCRM Remote Code Execution (5.24.2)	CVE-2020-36388 CWE-502	CWE-502	High
WordPress Plugin CM Download Manager Code Injection (2.0.3)	CVE-2014-8877 CWE-95	CWE-95	High
WordPress Plugin Coming Soon Possible Remote Code Execution (1.1.3)	CVE-2016-10033 CVE-2016-10045 CWE-94	CWE-94	High
WordPress Plugin Cool Video Gallery Command Injection (1.9)	CVE-2015-7527 CWE-94	CWE-94	High
WordPress Plugin Custom Content Type Manager Remote Code Execution (0.9.8.5)	CVE-2015-3173 CWE-94	CWE-94	High
WordPress Plugin Divi Builder PHP Code Injection (4.0.9)	CWE-95	CWE-95	High
WordPress Plugin Duplicator-WordPress Migration Remote Code Execution (1.2.40)	CWE-94	CWE-94	High
WordPress Plugin Dynamic Content for Elementor Remote Code Execution (1.9.5.6)	CVE-2020-26596 CWE-94	CWE-94	High
WordPress Plugin Easy Forms for Mailchimp PHP Code Injection (6.5.2)	CVE-2019-15318 CWE-95	CWE-95	High
WordPress Plugin eShop Code Injection (6.3.11)	CVE-2015-3421 CWE-94	CWE-94	High
WordPress Plugin EWWW Image Optimizer Remote Code Execution (2.8.3)	CWE-94	CWE-94	High
WordPress Plugin EZPZ One Click Backup Remote Code Execution (12.03.10)	CVE-2014-3114 CWE-78	CWE-78	High
WordPress Plugin Fast Secure Contact Form Remote Code Execution (4.0.44)	CVE-2016-10033 CVE-2016-10045 CWE-94	CWE-94	High
WordPress Plugin Feedify Remote Code Execution (2.0.0)	CWE-94	CWE-94	High
WordPress Plugin File Gallery Remote Code Execution (1.7.9)	CVE-2014-2558 CWE-94	CWE-94	High
WordPress Plugin File Manager Remote Code Execution (4.5)	CWE-94	CWE-94	High
WordPress Plugin Five Star Restaurant Menu-WordPress Ordering Remote Code Execution (2.2.0)	CVE-2020-29045 CWE-502	CWE-502	High
WordPress Plugin Flamingo Code Injection (1.1)	CWE-95	CWE-95	High
WordPress Plugin Formidable Forms-Contact Form, Survey, Quiz, Calculator & Custom Form Builder Remote Code Execution (2.05.01)	CWE-94	CWE-94	High
WordPress Plugin Form Manager Remote Command Execution (1.7.2)	CVE-2015-7806 CWE-94	CWE-94	High
WordPress Plugin Gantry 4 Framework Remote Command Execution (4.1.3)	CWE-95	CWE-95	High
WordPress Plugin Global Content Blocks PHP Code Execution and Information Disclosure Vulnerabilities (1.5.1)	CWE-95 CWE-200	CWE-95 CWE-200	High
WordPress Plugin Google Map Remote Code Execution (1.0)	CWE-94	CWE-94	High
WordPress Plugin Groundhogg-Marketing Automation & CRM for WordPress Remote Code Execution (1.3.4)	CVE-2019-15647 CWE-94	CWE-94	High
WordPress Plugin Gutenberg Block Editor Toolkit-EditorsKit Remote Code Execution (1.31.5)	CVE-2021-24546 CWE-94	CWE-94	High
WordPress Plugin Import XML and RSS Feeds Remote Code Execution (2.1.4)	CVE-2023-4521 CWE-94	CWE-94	High
WordPress Plugin Include Me Remote Code Execution (1.2.1)	CVE-2021-24453 CWE-94	CWE-94	High
WordPress Plugin Insert or Embed Articulate Content into WordPress Remote Code Execution (4.2997)	CVE-2019-15649 CWE-94	CWE-94	High
WordPress Plugin is_human() 'type' Parameter Remote Command Injection (1.4.2)	CWE-95	CWE-95	High
WordPress Plugin iThemes Exchange:Simple WP Ecommerce Remote Code Execution (1.14.0)	CWE-94	CWE-94	High
WordPress Plugin Jekyll Exporter Remote Code Execution (2.2.0)	CVE-2017-9841 CWE-94	CWE-94	High
WordPress Plugin Kanzu Support Desk-WordPress Helpdesk Remote Code Execution (2.4.6)	CWE-94	CWE-94	High
WordPress Plugin Lightbox Jquery Possible Remote Code Execution (0.24)	CWE-94	CWE-94	High
WordPress Plugin Loco Translate PHP Code Injection (2.5.3)	CVE-2021-24721 CWE-95	CWE-95	High
WordPress Plugin MailPress Remote Code Execution (7.0.2)	CWE-94	CWE-94	High
WordPress Plugin Maintenance Mode Under Construction Page Landing Page Possible Remote Code Execution (1.0.9)	CVE-2016-10033 CVE-2016-10045 CWE-94	CWE-94	High
WordPress Plugin Master Popups Remote Code Execution (1.0.0)	CWE-94	CWE-94	High
WordPress Plugin MobiLoud-WordPress Mobile Apps-Convert your WordPress Website to Native Mobile Apps Remote Code Execution (4.0.1)	CWE-94	CWE-94	High
WordPress Plugin Newsletter Subscription Form Possible Remote Code Execution (1.1.2)	CVE-2016-10033 CVE-2016-10045 CWE-94	CWE-94	High
WordPress Plugin NextGEN Gallery-WordPress Gallery Remote Code Execution (2.1.59)	CWE-94	CWE-94	High
WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress PHP Code Injection (3.6.10)	CWE-94	CWE-94	High
WordPress Plugin open-flash-chart-core Remote Code Execution (0.4)	CVE-2009-4140 CWE-434	CWE-434	High
WordPress Plugin Photo Gallery, Images, Slider in Rbs Image Gallery Remote Code Execution (2.0.14)	CWE-94	CWE-94	High
WordPress Plugin PHP Everywhere Multiple Remote Code Execution Vulnerabilities (2.0.3)	CVE-2022-24663 CVE-2022-24664 CVE-2022-24665 CWE-94	CWE-94	High
WordPress Plugin PHP Speedy 'admin_container.php' Remote PHP Code Execution (0.5.2)	CWE-94	CWE-94	High
WordPress Plugin Plainview Activity Monitor Remote Command Execution (20161228)	CVE-2018-15877 CWE-94	CWE-94	High
WordPress Plugin Product Lister for Walmart Remote Code Execution (1.0.1)	CVE-2017-9841 CWE-94	CWE-94	High
WordPress Plugin Product Table by WBW Remote Code Execution (2.0.1)	CVE-2024-6365 CWE-94	CWE-94	High
WordPress Plugin ProfileGrid-User Profiles, Groups and Communities Remote Code Execution (2.8.5)	CVE-2019-15873 CWE-94	CWE-94	High
WordPress Plugin PropertyHive Remote Code Execution (1.4.25)	CWE-94	CWE-94	High
WordPress Plugin Secure File Manager Remote Code Execution (2.8.1)	CVE-2020-35235 CWE-94	CWE-94	High
WordPress Plugin Share Possible Remote Code Execution (1.0)	CWE-94	CWE-94	High
WordPress Plugin Similar Posts-Best Related Posts for WordPress Remote Code Execution (3.1.5)	CVE-2021-24537 CWE-94	CWE-94	High
WordPress Plugin Social Media Tab Remote Code Execution (1.0.9)	CWE-94	CWE-94	High
WordPress Plugin Social Photo Gallery Remote Code Execution (1.0)	CVE-2019-14467 CWE-94	CWE-94	High
WordPress Plugin Statistics Remote Code Execution (1.8)	CWE-94	CWE-94	High
WordPress Plugin Subscribe Form Remote Command Execution (1.1)	CWE-94	CWE-94	High
WordPress Plugin ThemeREX Addons Remote Code Execution (All)	CVE-2020-10257 CWE-94	CWE-94	High
WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Remote Code Execution (2.0.32)	CWE-94	CWE-94	High
WordPress Plugin UnGallery 'search' Parameter Remote Arbitrary Command Execution (2.1.5)	CWE-95	CWE-95	High
WordPress Plugin Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Remote Code Execution (1.5.89)	CVE-2023-6743 CWE-94	CWE-94	High
WordPress Plugin VaultPress Man-in-The-Middle (MiTM) Remote Code Execution (1.8.6)	CWE-94	CWE-94	High
WordPress Plugin VaultPress Remote Code Execution (1.9.0)	CWE-94	CWE-94	High
WordPress Plugin Video Embed & Thumbnail Generator 'kg_callffmpeg.php' Multiple Remote Code Execution Vulnerabilities (1.1)	CVE-2012-1785 CWE-20	CWE-20	High
WordPress Plugin W3 Total Cache PHP Code Injection (0.9.2.8)	CVE-2013-2010 CWE-95	CWE-95	High
WordPress Plugin WishList Member X Remote Code Execution (3.25.1)	CVE-2024-37109 CWE-94	CWE-94	High
WordPress Plugin WooCommerce Possible Remote Code Execution (3.4.5)	CWE-94	CWE-94	High
WordPress Plugin WooCommerce Possible Remote Code Execution (3.5.0)	CWE-94	CWE-94	High
WordPress Plugin WooCommerce Remote Code Execution (4.0.1)	CWE-94	CWE-94	High
WordPress Plugin Woody ad snippets-Insert Header Footer Code, AdSense Ads PHP Code Injection (1.3)	CWE-95	CWE-95	High
WordPress Plugin WordPress Download Manager Remote Code Execution (2.7.4)	CWE-94	CWE-94	High
WordPress Plugin WordPress Landing Pages Remote Code Execution (1.9.0)	CVE-2015-5227 CWE-94	CWE-94	High
WordPress Plugin WordPress Mega Menu-QuadMenu Remote Code Execution (2.0.6)	CWE-94	CWE-94	High
WordPress Plugin WordPress PDF Light Viewer Command Injection (1.4.11)	CVE-2021-24684 CWE-94	CWE-94	High
WordPress Plugin WordPress Shortcodes-Shortcodes Ultimate Remote Code Execution (5.0.0)	CWE-94	CWE-94	High
WordPress Plugin WordPress WP-Advanced-Search Remote Code Execution (3.3.3)	CWE-94	CWE-94	High
WordPress Plugin WP-Filebase Download Manager Remote Code Execution (0.3.0.03)	CWE-94	CWE-94	High
WordPress Plugin WP-Live Chat by 3CX Remote Code Execution (7.0.01)	CVE-2016-10033 CVE-2016-10045 CWE-94	CWE-94	High
WordPress Plugin WP-Stateless-Google Cloud Storage Remote Code Execution (2.2.0)	CWE-94	CWE-94	High
WordPress Plugin WP-Syntax Remote PHP Code Execution (0.9.9)	CVE-2009-2852 CWE-20	CWE-20	High
WordPress Plugin WP E-Signature Remote Code Execution (1.5.6.5)	CWE-94	CWE-94	High
WordPress Plugin wp heyloyalty Remote Code Execution (1.1.4)	CVE-2017-9841 CWE-94	CWE-94	High
WordPress Plugin WP Hotel Booking Remote Code Execution (1.10.2)	CVE-2020-29047 CWE-502	CWE-502	High
WordPress Plugin WP Maintenance Mode Remote Code Execution (2.0.6)	CVE-2018-20156 CWE-94	CWE-94	High
WordPress Plugin WP Super Cache PHP Code Injection (1.2)	CVE-2013-2009 CVE-2013-2011 CWE-95	CWE-95	High
WordPress Plugin WP Super Cache Remote Code Execution (1.7.1)	CVE-2021-24209 CWE-94	CWE-94	High
WordPress Plugin wSecure Lite Remote Code Execution (2.3)	CVE-2016-10960 CWE-94	CWE-94	High
WordPress Plugin Yoast SEO Possible Remote Code Execution (9.1.0)	CVE-2018-19370 CWE-94	CWE-94	High
WordPress Plugin Zingiri Web Shop 'ajax_save_name.php' Remote Code Execution (2.2.3)	CWE-95	CWE-95	High
WordPress Super Socialat backdoor plugin	CWE-94	CWE-94	High
Xdebug remote code execution via xdebug.remote_connect_back	CWE-200	CWE-200	High
Array	CWE-20	CWE-20

.NET JSON.NET Deserialization RCE

CWE-502

High

Adobe Commerce/Magento "CosmicSting" XXE (CVE-2024-34102)

CVE-2024-34102

CWE-611

Critical

AjaxControlToolkit directory traversal

CVE-2015-4670

CWE-434

High

AjaxPro.NET Professional Deserialization RCE (CVE-2021-23758)

CWE-502

High

Apache 2.2.14 mod_isapi Dangling Pointer

CVE-2010-0425

CWE-20

High

Apache 2.x version older than 2.2.3

CVE-2006-3747

CWE-189

Medium

Apache HTTP Server Insecure Path Normalization (CVE-2021-41773, CVE-2021-42013)

CVE-2021-42013 CVE-2021-41773

CWE-22

High

Apache Log4j2 JNDI Remote Code Execution

CVE-2021-44228

CWE-78

Critical

Apache Log4j2 JNDI Remote Code Execution (404 page handler)

CVE-2021-44228

CWE-78

Critical

Apache Log4j2 JNDI Remote Code Execution (delayed)

CVE-2021-44228

CWE-78

Critical

Apache Log4j2 JNDI Remote Code Execution (per folder)

CVE-2021-44228

CWE-78

Critical

Apache Log4j socket receiver deserialization vulnerability

CVE-2017-5645

CWE-502

Critical

Apache mod_rewrite off-by-one buffer overflow vulnerability

CVE-2006-3747

CWE-189

High

Apache OFBiz Log4Shell RCE

CVE-2021-44228

CWE-78

High

Apache OFBiz RCE (CVE-2024-32113)

CVE-2024-32113

CWE-22

Critical

Apache OFBiz SOAPService Deserialization RCE

CVE-2021-26295

CWE-502

High

Apache OFBiz XMLRPC Deserialization RCE (CVE-2020-9496/CVE-2023-49070)

CVE-2020-9496 CVE-2023-49070

CWE-502

High

Apache Shiro Deserialization RCE

CVE-2016-4437

CWE-78

High

Apache Solr Deserialization of untrusted data via jmx.serviceUrl

CVE-2019-0192

High

Apache Solr Log4Shell RCE

CVE-2021-44228

CWE-78

High

Apache Solr SSRF CVE-2017-3164

CWE-918

Medium

Apache Struts 2 ClassLoader manipulation and denial of service

CVE-2014-0112 CVE-2014-0113 CVE-2014-0114

CWE-701

High

Apache Struts 2 ClassLoader manipulation and denial of service (S2-020)

CVE-2014-0094 CVE-2014-0050

CWE-701

High

Apache Struts2 remote code execution vulnerability

CVE-2016-0785

CWE-78

Critical

Apache Struts2 Remote Command Execution (S2-048)

CVE-2017-9791

CWE-94

High

Apache Struts2 Remote Command Execution (S2-052)

CVE-2017-9805

CWE-94

High

Apache Struts2 Remote Command Execution (S2-053)

CVE-2017-12611

CWE-94

Critical

Apache Struts Remote Code Execution (S2-057)

CVE-2018-11776

CWE-917

High

Apache Tapestry Unauthenticated RCE (CVE-2019-0195, CVE-2021-27850)

CVE-2021-27850

CWE-200

High

Apache Tomcat Remote Code Execution Vulnerability

CVE-2017-12615

CWE-94

High

Apache Unomi MVEL RCE (CVE-2020-13942)

CVE-2020-13942

CWE-20

High

Arbitrary EL Evaluation in RichFaces

CWE-917

High

Argument Injection

CWE-88

High

Atlassian Crowd Remote Code Execution

CVE-2019-11580

CWE-78

High

Authentication bypass via MongoDB operator injection

CWE-943

High

Bash code injection vulnerability

CVE-2014-6271

CWE-78

Critical

BigIP iRule Tcl code injection

CWE-78

High

Bonita Authorization Bypass (CVE-2022-25237)

CVE-2022-25237

CWE-863

High

Cacti Unauthenticated Command Injection (CVE-2022-46169)

CVE-2022-46169

CWE-77

Critical

CakePHP 1.3.5 / 1.2.8 unserialize() vulnerability

CVE-2010-4335

CWE-20

High

Check for apache versions up to 1.3.25, 2.0.38

CVE-2002-0392

CWE-119

High

Cisco IOS XE Web UI Implant (CVE-2023-20198)

CVE-2023-20198

CWE-912

Critical

Citrix ADC/Gateway Unauthenticated Remote Code Execution

CVE-2019-19781

CWE-22

High

Cmd hijack vulnerability

CWE-94

High

Code Evaluation (Apache Struts) S2-016

CVE-2013-2251

CWE-20

Critical

Code Evaluation (Apache Struts) S2-045

CVE-2017-5638

CWE-94

Critical

Code Evaluation (Apache Struts) S2-046

CVE-2017-5638

CWE-94

High

Code Evaluation (ASP)

CWE-95

Critical

Code Evaluation (PHP)

CWE-94

Critical

Code Evaluation (Python)

CWE-95

Critical

Code Evaluation (Ruby)

CWE-94

Critical

CodeIgniter weak encryption key

CWE-200

High

ColdFusion 8 FCKEditor file upload vulnerability

CVE-2009-2265

CWE-22

High

ColdFusion AMF Deserialization RCE

CVE-2017-3066

CWE-502

High

ColdFusion CFC Deserialization RCE (CVE-2023-26359/CVE-2023-26360)

CVE-2023-26359 CVE-2023-26360

CWE-502

High

ColdFusion FlashGateway Deserialization RCE CVE-2019-7091

CVE-2019-7091

CWE-502

High

ColdFusion JNDI injection RCE

CVE-2018-15957

CWE-502

High

Command Injection

CWE-94

Critical

Craft CMS RCE (CVE-2023-41892)

CVE-2023-41892

CWE-94

Critical

CrushFTP SSTI (CVE-2024-4040)

CVE-2024-4040

CWE-94

Critical

D-Link NAS Backdoor Account RCE (CVE-2024-3273, CVE-2024-3272)

CVE-2024-3273 CVE-2024-3272

CWE-77

Critical

Database User Has Admin Privileges

CWE-267

High

Data Binding Expression Vulnerability in Spring Web Flow

CVE-2017-4971

CWE-78

High

DotCMS unrestricted file upload (CVE-2022-26352)

CVE-2022-26352

CWE-434

High

Drupal 7 arbitrary PHP code execution and information disclosure

CVE-2012-4553 CVE-2012-4554

CWE-264

High

Drupal Core 4.6.x Arbitrary Code Execution (4.6.0 - 4.6.6)

CVE-2006-2743

CWE-95

High

Drupal Core 4.6.x Arbitrary Code Execution (4.6.0 - 4.6.7)

CVE-2006-2831

CWE-95

High

Drupal Core 4.7.x Arbitrary Code Execution (4.7.0 - 4.7.5)

CVE-2007-0626

CWE-95

High

Drupal Core 4.7.x Arbitrary Code Execution (4.7.0)

CVE-2006-2743

CWE-95

High

Drupal Core 5.x Arbitrary Code Execution (5.0 - 5.2)

CVE-2007-5593

CWE-95

High

Drupal Core 5.x Arbitrary Code Execution (5.0)

CVE-2007-0626

CWE-95

High

Drupal Core 6.x Remote Code Execution (6.0 - 6.38)

CVE-2018-7600

CWE-94

High

Drupal Core 7.x Remote Code Execution (7.0 - 7.57)

CVE-2018-7600

CWE-94

High

Drupal Core 7.x Remote Code Execution (7.0 - 7.58)

CVE-2018-7602

CWE-94

High

Drupal Core 7.x Remote Code Execution (7.0 - 7.73)

CVE-2020-13671

CWE-434

High

Drupal Core 7.x Remote Code Execution (7.0 - 7.74)

CVE-2020-28948 CVE-2020-28949

CWE-434

High

Drupal Core 8.4.x Remote Code Execution (8.4.0 - 8.4.5)

CVE-2018-7600

CWE-94

High

Drupal Core 8.4.x Remote Code Execution (8.4.0 - 8.4.7)

CVE-2018-7602

CWE-94

High

Drupal Core 8.5.0 Remote Code Execution (8.5.0)

CVE-2018-7600

CWE-94

High

Drupal Core 8.5.x Remote Code Execution (8.5.0 - 8.5.2)

CVE-2018-7602

CWE-94

High

Drupal Core 8.5.x Remote Code Execution (8.5.0 - 8.5.10)

CVE-2019-6340

CWE-94

High

Drupal Core 8.6.x Remote Code Execution (8.6.0 - 8.6.9)

CVE-2019-6340

CWE-94

High

Drupal Core 8.8.x Remote Code Execution (8.8.0 - 8.8.7)

CVE-2020-13664

CWE-94

High

Drupal Core 8.8.x Remote Code Execution (8.8.0 - 8.8.10)

CVE-2020-13671

CWE-434

High

Drupal Core 8.8.x Remote Code Execution (8.8.0 - 8.8.11)

CVE-2020-28948 CVE-2020-28949

CWE-434

High

Drupal Core 8.9.0 Remote Code Execution (8.9.0)

CVE-2020-13664

CWE-94

High

Drupal Core 8.9.x Remote Code Execution (8.9.0 - 8.9.8)

CVE-2020-13671

CWE-434

High

Drupal Core 8.9.x Remote Code Execution (8.9.0 - 8.9.9)

CVE-2020-28948 CVE-2020-28949

CWE-434

High

Drupal Core 8.x.x Remote Code Execution (8.0.0 - 8.3.8)

CVE-2018-7600

CWE-94

High

Drupal Core 8.x.x Remote Code Execution (8.0.0 - 8.4.8)

CVE-2019-6340

CWE-94

High

Drupal Core 8.x.x Remote Code Execution (8.0.0 - 8.7.14)

CVE-2020-13664

CWE-94

High

Drupal Core 9.0.0 Remote Code Execution (9.0.0)

CVE-2020-13664

CWE-94

High

Drupal Core 9.0.x Remote Code Execution (9.0.0 - 9.0.7)

CVE-2020-13671

CWE-434

High

Drupal Core 9.0.x Remote Code Execution (9.0.0 - 9.0.8)

CVE-2020-28948 CVE-2020-28949

CWE-434

High

Drupal Core 9.3.x Remote Code Execution (9.3.0 - 9.3.18)

CVE-2022-25277

CWE-434

High

Drupal Core 9.4.x Remote Code Execution (9.4.0 - 9.4.2)

CVE-2022-25277

CWE-434

High

Drupal Core Remote Code Execution (8.0.0 - 9.2.21)

CVE-2022-25277

CWE-434

High

Drupal Remote Code Execution (SA-CORE-2018-002)

CVE-2018-7600

CWE-94

High

Drupal Remote Code Execution (SA-CORE-2018-004)

CVE-2018-7602

CWE-94

High

Drupal REST Remote Code Execution

CVE-2019-6340

CWE-78

High

Ektron CMS multiple vulnerabilities

CWE-434

High

EktronCMS Saxon XSLT parser remote code execution

CVE-2015-0931

CWE-78

High

Ektron CMS unauthenticated code execution and Local File Read

CVE-2012-5357 CVE-2012-5358

CWE-20

High

Elasticsearch remote code execution

CVE-2014-3120

CWE-78

High

elFinder RCE (CVE-2021-32682)

CVE-2021-32682

CWE-22

High

F5 BIG-IP Request Smuggling (CVE-2023-46747)

CVE-2023-46747

CWE-288

Critical

F5 BIG-IP Traffic Management User Interface (TMUI) RCE

CVE-2020-5902

CWE-78

High

F5 iControl REST unauthenticated remote command execution vulnerability

CVE-2021-22986

CWE-78

High

FastCGI Unauthorized Access Vulnerability

CWE-78

High

Flask debug mode

CWE-489

High

Flex BlazeDS AMF Deserialization RCE

CVE-2017-5641

CWE-502

High

ForgeRock AM / OpenAM Deserialization RCE (CVE-2021-35464)

CVE-2021-35464

CWE-502

High

Fortinet Authentication bypass on administrative interface

CVE-2022-40684

CWE-288

High

Fortinet FortiNAC RCE via arbitrary file upload

CVE-2022-39952

CWE-610

High

Fortinet Out-Of-Bound Memory Write RCE (CVE-2024-21762)

CVE-2024-21762

CWE-787

Critical

Gallery 3.0.4 remote code execution

CWE-20

High

GeoServer RCE (CVE-2024-36401)

CVE-2024-36401

CWE-94

Critical

GhostScript RCE (Remote Code Execution)

CVE-2016-3714

CWE-78

Critical

GitLab ExifTool RCE (CVE-2021-22205)

CVE-2021-22205

CWE-918

High

GlobalProtect PAN-OS RCE (CVE-2024-3400)

CVE-2024-3400

CWE-77

Critical

GoAhead web server remote code execution

CVE-2017-17562

CWE-94

High

Grafana avatar SSRF

CVE-2020-13379

CWE-78

High

Grav CMS Unauthenticated RCE (CVE-2021-21425)

CWE-284

High

Hashicorp Consul API is accessible without authentication

CWE-200

Medium

HipChat for JIRA plugin - Velocity template injection

CVE-2015-5603

CWE-94

High

Horde/IMP Plesk webmail exploit

CWE-20

High

Horde Imp Unauthenticated Remote Command Execution

CVE-2018-19518

CWE-94

High

Horde remote code execution

CVE-2014-1691

CWE-94

High

HTTP.sys remote code execution vulnerability

CVE-2015-1635

CWE-119

High

IBM ODM JNDI injection (CVE-2024-22319)

CVE-2024-22319

CWE-74

Critical

IBM WebSphere RCE Java Deserialization Vulnerability

CVE-2015-7450

CWE-502

High

ImageMagick remote code execution

CVE-2016-3714

CWE-78

High

Invision Power Board version 3.3.4 unserialize PHP code execution

CVE-2012-5692

CWE-20

High

Ivanti EPM SQLi RCE (CVE-2024-29824)

CVE-2024-29824

CWE-89

High

Ivanti Sentry Authentication Bypass (CVE-2023-38035)

CVE-2023-38035

CWE-863

Critical

Java Debug Wire Protocol remote code execution

CWE-94

High

Jboss Application Server HTTPServerILServlet.java remote code execution

CVE-2017-7504

CWE-502

High

JBoss InvokerTransformer Remote Code Execution

CVE-2015-7501

CWE-502

High

JBoss Seam framework remote code execution

CVE-2010-1871

CWE-94

High

Joomla! Core 3.9.x Remote Code Execution (3.9.7 - 3.9.8)

CVE-2019-14654

CWE-94

High

Joomla! Core 3.x.x Remote Code Execution (3.7.0 - 3.8.7)

CVE-2018-11321

CWE-94

High

Joomla! Core Remote Code Execution (1.5.0 - 3.4.5)

CVE-2015-8562

CWE-94

High

Joomla! JCE arbitrary file upload

CWE-20

High

Joomla! JomSocial remote code execution

CWE-94

High

Joomla! remote code execution vulnerability

CVE-2015-8562

CWE-94

High

Juniper Junos OS J-Web RCE (CVE-2023-36845/CVE-2023-36846)

CVE-2023-36845 CVE-2023-36846

CWE-473

Critical

Kramer VIAware RCE (CVE-2021-36356/CVE-2021-35064)

CVE-2021-36356 CVE-2019-17124 CVE-2021-35064

CWE-434

Critical

Liferay TunnelServlet Deserialization Remote Code Execution

CWE-502

High

Liferay version older than 7.0

CWE-502

High

Liferay version older than 7.1

CWE-918

Medium

Liferay XMLRPC Blind SSRF

CWE-918

Medium

Lotus Notes formula injection

CWE-89

High

Lucee CF_CLIENT_ RCE

CWE-200

Critical

Lucee Unset Admin Password

CWE-200

Critical

Magento remote code execution

CVE-2015-1397 CVE-2015-1398 CVE-2015-1399

CWE-94

High

ManageEngine Desktop Central Deserialization RCE (CVE-2020-10189)

CVE-2020-10189

CWE-502

High

MediaWiki remote code execution

CVE-2014-1610

CWE-20

High

Microsoft Exchange Server Pre-auth Path Confusion vulnerability (CVE-2021-34473)

CVE-2021-34473

CWE-918

High

Microsoft Exchange Server Server-Side Request Forgery (SSRF) vulnerability

CVE-2021-26855

CWE-918

High

Microsoft IIS 6.0 WebDAV Buffer Overflow

CVE-2017-7269

CWE-287

High

Missing Authentication Check in SAP Solution Manager

CVE-2020-6207

CWE-287

High

MobileIron Log4Shell RCE

CVE-2021-44228

CWE-78

High

MobileIron Remote Code Execution via LogService

CVE-2020-15505

CWE-78

High

MoinMoin CVE-2012-6081 multiple arbitrary code execution vulnerabilities

CVE-2012-6081

CWE-434

High

MongoDB $where operator JavaScript injection

CWE-943

High

MongoDB injection

CWE-943

High

MovableType remote code execution

CVE-2015-1592

CWE-94

High

Moveable Type 4.x unauthenticated remote command execution

CVE-2013-0209

CWE-287

High

Multiple critical vulnerabilities in Apache Struts2

CVE-2012-0393

CWE-264

High

Multiple vulnerabilities reported in Parallels Plesk Sitebuilder

CWE-94

High

Mura/Masa CMS JSON API RCE

CWE-200

Critical

Nagios XI Magpie_debug.php Unauthenticated RCE

CVE-2018-15708

CWE-94

High

Nette framework PHP code injection via callback

CVE-2020-15227

CWE-94

High

Nginx PHP code execution via FastCGI

CWE-94

High

Nginx stack-based buffer overflow

CVE-2013-2028

CWE-189

High

node-serialize Insecure Deserialization

CVE-2017-5941

CWE-502

High

Node.js Debugger Unauthorized Access Vulnerability

CWE-200

High

Node.js Inspector Unauthorized Access Vulnerability

CWE-200

High

OpenX 2.8.10 backdoor

CVE-2013-4211

CWE-95

High

OpenX arbitrary file upload

CVE-2009-4140

CWE-434

High

Oracle Access Manager 'opensso' Deserialization RCE (CVE-2021-35587)

CVE-2021-35587

CWE-502

High

Oracle ADF Faces 'Miracle' RCE (CVE-2022-21445)

CVE-2022-21445

CWE-502

High

Oracle Business Intelligence AMF Deserialization RCE CVE-2020-2950

CVE-2020-2950

CWE-502

High

Oracle E-Business Suite Unauthenticated Remote Code Execution

CVE-2022-21587

CWE-94

High

Oracle Reports rwservlet vulnerabilities

CVE-2012-3152 CVE-2012-3153

CWE-20

High

Oracle Sun GlassFish/Java System Application Server Remote Authentication Bypass Vulnerability

CVE-2011-0807

CWE-287

High

Oracle Weblogic Async Component Deserialization RCE CVE-2019-2725

CVE-2019-2725

CWE-94

High

Oracle WebLogic Remote Code Execution (CVE-2020-14882)

CVE-2020-14882

CWE-78

Critical

Oracle WebLogic Remote Code Execution via IIOP

CVE-2020-2551

CWE-502

High

Oracle WebLogic Remote Code Execution via T3

CVE-2018-3245

CWE-502

High

Oracle Weblogic WLS-WSAT Component Deserialization RCE

CVE-2017-3506 CVE-2017-10271

CWE-94

High

Perl code injection

CWE-94

Critical

PHP-CGI remote code execution

CVE-2012-1823 CVE-2012-2311

CWE-20

High

PHP4 IMAP module buffer overflow vulnerability

CWE-119

Medium

PHP4 multiple vulnerabilities

CVE-2003-0860 CVE-2003-0861

CWE-119

High

PHP 4.3.0 file disclosure and possible code execution

CVE-2003-0097

CWE-20

Medium

PHP 5.3.9 remote code execution

CVE-2012-0830

CWE-399

High

PHP CGI Argument Injection (CVE-2024-4577)

CVE-2024-4577

CWE-78

Critical

PHP code injection (pmwiki)

CWE-94

High

PHP curl_exec() url is controlled by user

CVE-2009-0037

CWE-352

Medium

PHP eval() used on user input

CWE-95

Medium

PHP HTTP POST incorrect MIME header parsing vulnerability

CVE-2002-0717

CWE-20

Medium

phpMoAdmin remote code execution

CWE-95

High

phpMyAdmin v3.5.2.2 backdoor

CVE-2012-5159

CWE-95

High

PHP object deserialization of user-supplied data

CWE-20

Medium

PHP preg_replace used on user input

CWE-20

Medium

phpThumb() fltr[] parameter command injection vulnerability

CVE-2010-1598

CWE-20

High

PHPUnit Remote Code Execution

CVE-2017-9841

CWE-94

High

PHP unserialize() used on user input

CWE-20

Medium

PHP version older than 4.3.8

CVE-2004-0594 CVE-2004-0595

CWE-1104

Medium

PHP version older than 5.2.1

CVE-2007-1376 CVE-2007-1380 CVE-2007-1453 CVE-2007-1454

CWE-1104

High

PHP version older than 5.2.3

CVE-2007-1900 CVE-2007-2756 CVE-2007-2872

CWE-1104

High

PHP version older than 5.2.5

CVE-2007-4840 CVE-2007-4887 CVE-2007-5898 CVE-2007-5899 CVE-2007-5900

CWE-1104

High

PHP version older than 5.2.6

CVE-2007-4850 CVE-2008-0599 CVE-2008-0674 CVE-2008-1384 CVE-2008-2050 CVE-2008-2051

CWE-1104

High

Plone arbitrary code execution

CVE-2011-3587

CWE-78

High

PrimeFaces 5.x Expression Language injection

CVE-2017-1000486

High

Progress Kemp LoadMaster RCE (CVE-2024-1212)

CVE-2024-1212

CWE-78

Critical

Python Debugger Unauthorized Access Vulnerability

CWE-200

High

Python object deserialization of user-supplied data

CWE-20

Medium

Rails remote code execution using render :inline

CVE-2016-2098

CWE-94

High

RCE in Ivanti Connect Secure and Policy Secure (CVE-2024-21887)

CVE-2024-21887

CWE-77

Critical

RCE in SQL Server Reporting Services (SSRS)

CVE-2020-0618

CWE-78

High

RCE with Spring Data Commons

CVE-2018-1273

CWE-94

High

Reflected Cross-Site Scripting (XSS) vulnerability in PAN-OS management web interface

CVE-2020-2036

CWE-79

High

Rejetto HTTP File Server SSTI RCE (CVE-2024-23692)

CVE-2024-23692

CWE-1336

Critical

Remote Code Execution (RCE) in Spring Security OAuth

CVE-2016-4977

CWE-94

High

Remote Code Execution (Spring4Shell)

CVE-2022-22965

CWE-94

Critical

Remote code execution in bootstrap-sass 3.2.0.3

CVE-2019-10842

CWE-95

High

Remote code execution of user-provided local names in Rails

CVE-2020-8163

CWE-94

High

Remote code execution vulnerability in WordPress Duplicator

CWE-98

High

Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (CVE-2024-6387)

CVE-2024-6387

CWE-362

High

Ruby on Rails directory traversal vulnerability

CVE-2014-0130

CWE-22

High

Ruby on Rails DoubleTap RCE (CVE-2019-5420)

CWE-502

High

Ruby on Rails weak/known secret token

CVE-2013-0156

CWE-200

High

SAP Hybris Deserialization RCE

CWE-502

High

SAP NetWeaver ConfigServlet remote command execution

CWE-94

High

Security update: Hotfix available for ColdFusion

CVE-2013-0625 CVE-2013-0629 CVE-2013-0631 CVE-2013-0632

CWE-255

High

Server-side JavaScript injection

CWE-20

High

Server-Side Template Injection

CWE-20

Critical

Sitecore XP Deserialization RCE (CVE-2021-42237)

CVE-2021-42237

CWE-502

High

Sitecore XP TemplateParser RCE (CVE-2023-35813)

CVE-2023-35813

CWE-94

Critical

SonicWall SSL-VPN 8.0.0.0 RCE via ShellShock exploit

CWE-78

High

Spring Boot Whitelabel Error Page SpEL

CWE-94

High

Spring Data REST RCE via PATCH requests

CVE-2017-8046

CWE-94

High

Struts 2 development mode

CWE-489

High

Struts2/XWork remote command execution (S2-014)

CVE-2013-1966 CVE-2013-2115

CWE-94

High

Symfony ESI (Edge-Side Includes) enabled

CWE-16

Low

Symfony RCE via weak/predictable APP_SECRET

CWE-94

High

Symfony weak application secret

CWE-94

High

SysAid On-Premise RCE (CVE-2023-47246)

CVE-2023-47246

CWE-22

Critical

Telerik Web UI Insecure Direct Object Reference

CVE-2017-11357

CWE-78

High

Telerik Web UI RadAsyncUpload Deserialization

CVE-2019-18935

CWE-78

High

Telerik Web UI Unrestricted File Upload (CVE-2014-2217)

CVE-2014-2217

CWE-78

High

Telerik Web UI Unrestricted File Upload (CVE-2017-11317)

CVE-2017-11317

CWE-78

High

Text4shell: Apache Commons Text RCE via insecure interpolation

CVE-2022-42889

CWE-94

Critical

ThinkPHP v5.0.22/5.1.29 Remote Code Execution Vulnerability

CWE-94

High

Tiki Wiki CMS: Arbitrary Code Execution

High

Tiki Wiki CMS: Remote Code Execution via Calendar Module

High

timthumb.php remote code execution

CVE-2011-4106

CWE-20

High

TimThumb WebShot remote code execution

CWE-94

High

TinyMCE ajax_create_folder remote code execution vulnerability

CWE-94

High

Ubiquiti Unifi Log4Shell RCE

CVE-2021-44228

CWE-78

High

Umbraco CMS remote code execution

CWE-94

High

Umbraco CMS TemplateService remote code execution

CVE-2013-4793

CWE-94

High

Unauthenticated OGNL injection in Confluence Server and Data Center

CVE-2021-26084

CWE-917

High

Unauthenticated OGNL injection in Confluence Server and Data Center (CVE-2023-22527)

CVE-2023-22527

CWE-917

Critical

Unauthenticated Remote Code Execution via JSONWS in Liferay 6.1 (LPS-88051)

CWE-78

High

Unauthenticated Remote Code Execution via JSONWS in Liferay 7.2.0 CE GA1

CVE-2020-0618 CVE-2020-7961

CWE-78

High

Unauthenticated remote code execution vulnerability in Confluence Server and Data Center

CVE-2022-26134

CWE-917

High

uWSGI Unauthorized Access Vulnerability

CWE-78

High

vBSEO 3.6.0 PHP code injection

CVE-2012-5223

CWE-94

High

vBulletin 5 CONNECT remote code execution

CWE-94

High

vBulletin 5.x 0day pre-auth RCE

CWE-94

High

vBulletin PHP object injection vulnerability

CWE-915

High

vBulletin Pre-Auth RCE Vulnerability

CVE-2020-17496

CWE-94

High

VMware Aria Operations for Networks RCE (CVE-2023-20887)

CVE-2023-20887

CWE-77

Critical

VMware Horizon Log4Shell RCE

CVE-2021-44228

CWE-78

High

VMware vCenter Log4Shell RCE

CVE-2021-44228

CWE-78

High

VMware vCenter Server Unauthorized Remote Code Execution

CVE-2021-21972

CWE-78

High

VMware Workspace ONE Access SSTI (CVE-2022-22954)

CVE-2022-22954

CWE-94

High

WebDAV remote code execution

CWE-434

High

Webmin v1.920 Unauhenticated Remote Command Execution

CVE-2019-15107

CWE-94

High

WooFramework shortcode exploit

CWE-95

High

WordPress 'wp-admin/options.php' Remote Code Execution Vulnerability (0.6.2 - 2.3.2)

CVE-2008-5695

CWE-20

High

WordPress 2.0.2 Username Remote PHP Code Injection Vulnerability (0.6.2 - 2.0.2)

CVE-2006-2667 CVE-2006-2702

CWE-94

High

WordPress 2.1.1 Command Execution Backdoor Vulnerability (2.1.1)

CVE-2007-1277

CWE-94

High

WordPress 2.6.2 Remote Code Execution Vulnerability (0.70 - 2.6.2)

CVE-2008-4796

CWE-94

High

WordPress 5.9.x Shortcode Execution (5.9 - 5.9.6)

CWE-862

High

WordPress 6.0.x Shortcode Execution (6.0 - 6.0.4)

CWE-862

High

WordPress 6.1.x Shortcode Execution (6.1 - 6.1.2)

CWE-862

High

WordPress 6.2.x Shortcode Execution (6.2 - 6.2.1)

CWE-862

High

WordPress 6.4.x Remote Code Execution (6.4 - 6.4.1)

CWE-502

High

WordPress caching plugins PHP code execution

CVE-2013-2010

CWE-95

High

WordPress Cookie Data PHP Code Injection Vulnerability (1.5 - 1.5.1.3)

CVE-2005-2612

CWE-94

High

WordPress OptimizePress unrestricted file upload

CVE-2013-7102

CWE-20

High

WordPress Plugin AccessAlly PHP Code Execution (3.3.1)

CWE-94

High

WordPress Plugin Ad Inserter-Ad Manager & AdSense Ads Remote Code Execution (2.4.21)

CVE-2019-15324

CWE-94

High

WordPress Plugin Advanced Access Manager Arbitrary Code Execution (2.8.2)

CVE-2014-6059

CWE-95

High

WordPress Plugin Ajax Search Lite Remote Command Execution (3.1)

CWE-95

High

WordPress Plugin All-in-One WP Migration Remote Code Execution (2.0.2)

CVE-2014-8794

CWE-94

High

WordPress Plugin All in One SEO-Best WordPress SEO-Easily Improve SEO Rankings & Increase Traffic Remote Code Execution (4.1.0.1)

CVE-2021-24307

CWE-94

High

WordPress Plugin Analytics Remote Code Execution (1.7)

CWE-94

High

WordPress Plugin Arigato Autoresponder and Newsletter Remote Code Execution (2.5.1.9)

CVE-2018-18461

CWE-94

High

WordPress Plugin Backup Migration Remote Code Execution (1.3.7)

CVE-2023-6553

CWE-94

High

WordPress Plugin BackWPup Remote and Local Code Execution (1.6.1)

CVE-2011-4342 CVE-2011-5208

CWE-22 CWE-94

High

WordPress Plugin Best Seo Remote Code Execution (1.5)

CWE-94

High

WordPress Plugin BJ Lazy Load Remote Code Execution (0.7.5)

CWE-94

High

WordPress Plugin Bricks Remote Code Execution (1.9.6)

CVE-2024-25600

CWE-94

High

WordPress Plugin Broadcast Live Video-Live Streaming:HTML5, WebRTC, HLS, RTSP, RTMP Remote Code Execution (5.5.15)

CVE-2023-25699

CWE-94

High

WordPress Plugin Catch Themes Demo Import Remote Code Execution (2.1)

CVE-2022-0440

CWE-94

High

WordPress Plugin CiviCRM Remote Code Execution (5.24.2)

CVE-2020-36388

CWE-502

High

WordPress Plugin CM Download Manager Code Injection (2.0.3)

CVE-2014-8877

CWE-95

High

WordPress Plugin Coming Soon Possible Remote Code Execution (1.1.3)

CVE-2016-10033 CVE-2016-10045

CWE-94

High

WordPress Plugin Cool Video Gallery Command Injection (1.9)

CVE-2015-7527

CWE-94

High

WordPress Plugin Custom Content Type Manager Remote Code Execution (0.9.8.5)

CVE-2015-3173

CWE-94

High

WordPress Plugin Divi Builder PHP Code Injection (4.0.9)

CWE-95

High

WordPress Plugin Duplicator-WordPress Migration Remote Code Execution (1.2.40)

CWE-94

High

WordPress Plugin Dynamic Content for Elementor Remote Code Execution (1.9.5.6)

CVE-2020-26596

CWE-94

High

WordPress Plugin Easy Forms for Mailchimp PHP Code Injection (6.5.2)

CVE-2019-15318

CWE-95

High

WordPress Plugin eShop Code Injection (6.3.11)

CVE-2015-3421

CWE-94

High

WordPress Plugin EWWW Image Optimizer Remote Code Execution (2.8.3)

CWE-94

High

WordPress Plugin EZPZ One Click Backup Remote Code Execution (12.03.10)

CVE-2014-3114

CWE-78

High

WordPress Plugin Fast Secure Contact Form Remote Code Execution (4.0.44)

CVE-2016-10033 CVE-2016-10045

CWE-94

High

WordPress Plugin Feedify Remote Code Execution (2.0.0)

CWE-94

High

WordPress Plugin File Gallery Remote Code Execution (1.7.9)

CVE-2014-2558

CWE-94

High

WordPress Plugin File Manager Remote Code Execution (4.5)

CWE-94

High

WordPress Plugin Five Star Restaurant Menu-WordPress Ordering Remote Code Execution (2.2.0)

CVE-2020-29045

CWE-502

High

WordPress Plugin Flamingo Code Injection (1.1)

CWE-95

High

WordPress Plugin Formidable Forms-Contact Form, Survey, Quiz, Calculator & Custom Form Builder Remote Code Execution (2.05.01)

CWE-94

High

WordPress Plugin Form Manager Remote Command Execution (1.7.2)

CVE-2015-7806

CWE-94

High

WordPress Plugin Gantry 4 Framework Remote Command Execution (4.1.3)

CWE-95

High

WordPress Plugin Global Content Blocks PHP Code Execution and Information Disclosure Vulnerabilities (1.5.1)

CWE-95 CWE-200

High

WordPress Plugin Google Map Remote Code Execution (1.0)

CWE-94

High

WordPress Plugin Groundhogg-Marketing Automation & CRM for WordPress Remote Code Execution (1.3.4)

CVE-2019-15647

CWE-94

High

WordPress Plugin Gutenberg Block Editor Toolkit-EditorsKit Remote Code Execution (1.31.5)

CVE-2021-24546

CWE-94

High

WordPress Plugin Import XML and RSS Feeds Remote Code Execution (2.1.4)

CVE-2023-4521

CWE-94

High

WordPress Plugin Include Me Remote Code Execution (1.2.1)

CVE-2021-24453

CWE-94

High

WordPress Plugin Insert or Embed Articulate Content into WordPress Remote Code Execution (4.2997)

CVE-2019-15649

CWE-94

High

WordPress Plugin is_human() 'type' Parameter Remote Command Injection (1.4.2)

CWE-95

High

WordPress Plugin iThemes Exchange:Simple WP Ecommerce Remote Code Execution (1.14.0)

CWE-94

High

WordPress Plugin Jekyll Exporter Remote Code Execution (2.2.0)

CVE-2017-9841

CWE-94

High

WordPress Plugin Kanzu Support Desk-WordPress Helpdesk Remote Code Execution (2.4.6)

CWE-94

High

WordPress Plugin Lightbox Jquery Possible Remote Code Execution (0.24)

CWE-94

High

WordPress Plugin Loco Translate PHP Code Injection (2.5.3)

CVE-2021-24721

CWE-95

High

WordPress Plugin MailPress Remote Code Execution (7.0.2)

CWE-94

High

WordPress Plugin Maintenance Mode Under Construction Page Landing Page Possible Remote Code Execution (1.0.9)

CVE-2016-10033 CVE-2016-10045

CWE-94

High

WordPress Plugin Master Popups Remote Code Execution (1.0.0)

CWE-94

High

WordPress Plugin MobiLoud-WordPress Mobile Apps-Convert your WordPress Website to Native Mobile Apps Remote Code Execution (4.0.1)

CWE-94

High

WordPress Plugin Newsletter Subscription Form Possible Remote Code Execution (1.1.2)

CVE-2016-10033 CVE-2016-10045

CWE-94

High

WordPress Plugin NextGEN Gallery-WordPress Gallery Remote Code Execution (2.1.59)

CWE-94

High

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress PHP Code Injection (3.6.10)

CWE-94

High

WordPress Plugin open-flash-chart-core Remote Code Execution (0.4)

CVE-2009-4140

CWE-434

High

WordPress Plugin Photo Gallery, Images, Slider in Rbs Image Gallery Remote Code Execution (2.0.14)

CWE-94

High

WordPress Plugin PHP Everywhere Multiple Remote Code Execution Vulnerabilities (2.0.3)

CVE-2022-24663 CVE-2022-24664 CVE-2022-24665

CWE-94

High

WordPress Plugin PHP Speedy 'admin_container.php' Remote PHP Code Execution (0.5.2)

CWE-94

High

WordPress Plugin Plainview Activity Monitor Remote Command Execution (20161228)

CVE-2018-15877

CWE-94

High

WordPress Plugin Product Lister for Walmart Remote Code Execution (1.0.1)

CVE-2017-9841

CWE-94

High

WordPress Plugin Product Table by WBW Remote Code Execution (2.0.1)

CVE-2024-6365

CWE-94

High

WordPress Plugin ProfileGrid-User Profiles, Groups and Communities Remote Code Execution (2.8.5)

CVE-2019-15873

CWE-94

High

WordPress Plugin PropertyHive Remote Code Execution (1.4.25)

CWE-94

High

WordPress Plugin Secure File Manager Remote Code Execution (2.8.1)

CVE-2020-35235

CWE-94

High

WordPress Plugin Share Possible Remote Code Execution (1.0)

CWE-94

High

WordPress Plugin Similar Posts-Best Related Posts for WordPress Remote Code Execution (3.1.5)

CVE-2021-24537

CWE-94

High

WordPress Plugin Social Media Tab Remote Code Execution (1.0.9)

CWE-94

High

WordPress Plugin Social Photo Gallery Remote Code Execution (1.0)

CVE-2019-14467

CWE-94

High

WordPress Plugin Statistics Remote Code Execution (1.8)

CWE-94

High

WordPress Plugin Subscribe Form Remote Command Execution (1.1)

CWE-94

High

WordPress Plugin ThemeREX Addons Remote Code Execution (All)

CVE-2020-10257

CWE-94

High

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Remote Code Execution (2.0.32)

CWE-94

High

WordPress Plugin UnGallery 'search' Parameter Remote Arbitrary Command Execution (2.1.5)

CWE-95

High

WordPress Plugin Unlimited Elements For Elementor (Free Widgets, Addons, Templates) Remote Code Execution (1.5.89)

CVE-2023-6743

CWE-94

High

WordPress Plugin VaultPress Man-in-The-Middle (MiTM) Remote Code Execution (1.8.6)

CWE-94

High

WordPress Plugin VaultPress Remote Code Execution (1.9.0)

CWE-94

High

WordPress Plugin Video Embed & Thumbnail Generator 'kg_callffmpeg.php' Multiple Remote Code Execution Vulnerabilities (1.1)

CVE-2012-1785

CWE-20

High

WordPress Plugin W3 Total Cache PHP Code Injection (0.9.2.8)

CVE-2013-2010

CWE-95

High

WordPress Plugin WishList Member X Remote Code Execution (3.25.1)

CVE-2024-37109

CWE-94

High

WordPress Plugin WooCommerce Possible Remote Code Execution (3.4.5)

CWE-94

High

WordPress Plugin WooCommerce Possible Remote Code Execution (3.5.0)

CWE-94

High

WordPress Plugin WooCommerce Remote Code Execution (4.0.1)

CWE-94

High

WordPress Plugin Woody ad snippets-Insert Header Footer Code, AdSense Ads PHP Code Injection (1.3)

CWE-95

High

WordPress Plugin WordPress Download Manager Remote Code Execution (2.7.4)

CWE-94

High

WordPress Plugin WordPress Landing Pages Remote Code Execution (1.9.0)

CVE-2015-5227

CWE-94

High

WordPress Plugin WordPress Mega Menu-QuadMenu Remote Code Execution (2.0.6)

CWE-94

High

WordPress Plugin WordPress PDF Light Viewer Command Injection (1.4.11)

CVE-2021-24684

CWE-94

High

WordPress Plugin WordPress Shortcodes-Shortcodes Ultimate Remote Code Execution (5.0.0)

CWE-94

High

WordPress Plugin WordPress WP-Advanced-Search Remote Code Execution (3.3.3)

CWE-94

High

WordPress Plugin WP-Filebase Download Manager Remote Code Execution (0.3.0.03)

CWE-94

High

WordPress Plugin WP-Live Chat by 3CX Remote Code Execution (7.0.01)

CVE-2016-10033 CVE-2016-10045

CWE-94

High

WordPress Plugin WP-Stateless-Google Cloud Storage Remote Code Execution (2.2.0)

CWE-94

High

WordPress Plugin WP-Syntax Remote PHP Code Execution (0.9.9)

CVE-2009-2852

CWE-20

High

WordPress Plugin WP E-Signature Remote Code Execution (1.5.6.5)

CWE-94

High

WordPress Plugin wp heyloyalty Remote Code Execution (1.1.4)

CVE-2017-9841

CWE-94

High

WordPress Plugin WP Hotel Booking Remote Code Execution (1.10.2)

CVE-2020-29047

CWE-502

High

WordPress Plugin WP Maintenance Mode Remote Code Execution (2.0.6)

CVE-2018-20156

CWE-94

High

WordPress Plugin WP Super Cache PHP Code Injection (1.2)

CVE-2013-2009 CVE-2013-2011

CWE-95

High

WordPress Plugin WP Super Cache Remote Code Execution (1.7.1)

CVE-2021-24209

CWE-94

High

WordPress Plugin wSecure Lite Remote Code Execution (2.3)

CVE-2016-10960

CWE-94

High

WordPress Plugin Yoast SEO Possible Remote Code Execution (9.1.0)

CVE-2018-19370

CWE-94

High

WordPress Plugin Zingiri Web Shop 'ajax_save_name.php' Remote Code Execution (2.2.3)

CWE-95

High

WordPress Super Socialat backdoor plugin

CWE-94

High

Xdebug remote code execution via xdebug.remote_connect_back

CWE-200

High

Array

CWE-20

Code Execution Vulnerabilities

Severity

Vulnerability Categories

Still Have Questions?

Take action and discover your vulnerabilities