Vulnerability Name CVE Severity
Adobe Experience Manager Misconfiguration CVE-2016-0957
Apache HTTP Server mod_proxy SSRF (CVE-2021-40438) CVE-2021-40438
Apache Log4j socket receiver deserialization vulnerability CVE-2017-5645
Apache OFBiz Log4Shell RCE CVE-2021-44228
Apache OFBiz SOAPService Deserialization RCE CVE-2021-26295
Apache OFBiz XMLRPC Deserialization RCE (CVE-2020-9496) CVE-2020-9496
Apache REST RCE CVE-2018-11770
Apache Shiro Deserialization RCE CVE-2016-4437
Apache Solr Deserialization of untrusted data via jmx.serviceUrl CVE-2019-0192
Apache Solr Log4Shell RCE CVE-2021-44228
Apache Solr Parameter Injection
Apache Solr SSRF CVE-2017-3164
Apache Struts2 remote code execution vulnerability CVE-2016-0785
Apache Struts2 Remote Command Execution (S2-052) CVE-2017-9805
Apache Struts2 Remote Command Execution (S2-053) CVE-2017-12611
Apache Unomi MVEL RCE (CVE-2020-13942) CVE-2020-13942
Argument Injection
Atlassian OAuth Plugin IconUriServlet SSRF CVE-2017-9506
Auxiliary systems SSRF
ColdFusion AMF Deserialization RCE CVE-2017-3066
ColdFusion FlashGateway Deserialization RCE CVE-2019-7091 CVE-2019-7091
ColdFusion JNDI injection RCE CVE-2018-15957
Data Binding Expression Vulnerability in Spring Web Flow CVE-2017-4971
Deserialization of Untrusted Data (.NET BinaryFormatter Object Deserialization)
Deserialization of Untrusted Data (Java JSON Deserialization) Fastjson
Deserialization of Untrusted Data (Java JSON Deserialization) Genson
Deserialization of Untrusted Data (Java JSON Deserialization) Jackson
Deserialization of Untrusted Data (Java JSON Deserialization) JsonIO
Deserialization of Untrusted Data (Java Object Deserialization)
Deserialization of Untrusted Data (XStream)
DNN (DotNetNuke) CMS Cookie Deserialization RCE CVE-2017-9822
Edge Side Include injection
Ext JS arbitrary file read
Flex BlazeDS AMF Deserialization RCE CVE-2017-5641
ForgeRock AM / OpenAM Deserialization RCE (CVE-2021-35464) CVE-2021-35464
GhostScript RCE (Remote Code Execution) CVE-2016-3714
Gitlab CI Lint SSRF
GitLab ExifTool RCE (CVE-2021-22205) CVE-2021-22205
Hasura GraphQL API without authentication
HTTP/2 pseudo-header server side request forgery
Httpoxy vulnerability
IBM WebSphere RCE Java Deserialization Vulnerability CVE-2015-7450
ImageMagick remote code execution CVE-2016-3714
JavaMelody XML External Entity (XXE) vulnerability CVE-2018-15531
Jboss Application Server HTTPServerILServlet.java remote code execution CVE-2017-7504
JBoss InvokerTransformer Remote Code Execution CVE-2015-7501
Jira Unauthorized SSRF via REST API CVE-2019-8451
Jolokia XML External Entity (XXE) vulnerability
Kentico CMS Deserialization RCE
Keycloak request_uri SSRF (CVE-2020-10770) CVE-2020-10770
Liferay TunnelServlet Deserialization Remote Code Execution
Liferay XMLRPC Blind SSRF
ManageEngine Desktop Central Deserialization RCE (CVE-2020-10189) CVE-2020-10189
MobileIron Log4Shell RCE CVE-2021-44228
OpenCms Solr XML External Entity (XXE) vulnerability
Oracle Access Manager 'opensso' Deserialization RCE (CVE-2021-35587) CVE-2021-35587
Oracle ADF Faces 'Miracle' RCE (CVE-2022-21445) CVE-2022-21445
Oracle Business Intelligence AMF Deserialization RCE CVE-2020-2950 CVE-2020-2950
Oracle Business Intelligence Convert XXE CVE-2019-2767
Oracle Business Intelligence ReportTemplateService XXE (CVE-2021-2400) CVE-2021-2400
Oracle Business Intelligence ReportTemplateService XXE CVE-2019-2616
Oracle E-Business Suite Deserialization RCE
Oracle E-Business Suite SQL injection (CVE-2017-3549)
Oracle E-Business Suite SSRF (CVE-2017-10246) CVE-2017-10246
Oracle E-Business Suite SSRF (CVE-2018-3167) CVE-2018-3167
Oracle Reports rwservlet vulnerabilities CVE-2012-3152 CVE-2012-3153
Oracle Reports Services RWServlet environment variables disclosure
Oracle Weblogic Async Component Deserialization RCE CVE-2019-2725 CVE-2019-2725
Oracle WebLogic Remote Code Execution via IIOP CVE-2020-2551
Oracle WebLogic Remote Code Execution via T3 CVE-2018-3245
Oracle Weblogic T3 XXE (CVE-2019-2647) CVE-2019-2647
Oracle Weblogic T3 XXE (CVE-2019-2888) CVE-2019-2888
Oracle Weblogic WLS-WSAT Component Deserialization RCE CVE-2017-3506 CVE-2017-10271
Paperclip gem SSRF (Server side request forgery) CVE-2017-0889
Perl code injection
Python code injection
RCE in SQL Server Reporting Services (SSRS) CVE-2020-0618
RCE with Spring Data Commons CVE-2018-1273
Remote code execution in bootstrap-sass 3.2.0.3 CVE-2019-10842
Remote code execution of user-provided local names in Rails CVE-2020-8163
Remote file inclusion XSS
Reverse proxy bypass CVE-2011-3368
Reverse proxy misrouting
Reverse proxy misrouting through HTTP/2 pseudo-headers (SSRF)
Ruby on Rails code injection
Ruby on Rails DoubleTap RCE (CVE-2019-5420)
SAML Consumer Service External Dereference SSRF
SAML Consumer Service XML entity injection (XXE)
SAML Consumer Service XSLT injection
SAP BO BIP SSRF (CVE-2020-6308)
SAP Hybris Deserialization RCE
SAP IGS XXE (CVE-2018-2392, CVE-2018-2393) CVE-2018-2393
Sitecore XP Deserialization RCE (CVE-2021-42237)
Sonicwall SMA 100 Unintended proxy (CVE-2021-20042)
Ubiquiti Unifi Log4Shell RCE CVE-2021-44228
Unauthenticated Remote Code Execution via JSONWS in Liferay 7.2.0 CE GA1 CVE-2020-0618
uWSGI Unauthorized Access Vulnerability
VMware Horizon Log4Shell RCE CVE-2021-44228
VMware vCenter Log4Shell RCE CVE-2021-44228
Xdebug remote code execution via xdebug.remote_connect_back
XML external entity injection
XML external entity injection (variant)
XML external entity injection via external file
XML external entity injection via File Upload
XSLT injection
Zend Framework local file disclosure via XXE injection CVE-2012-3363 CVE-2015-5161
Zimbra Collaboration Suite SSRF (CVE-2020-7796) CVE-2020-7796