Vulnerability Name CVE Severity
AjaxControlToolkit directory traversal CVE-2015-4670
Apache 2.2.14 mod_isapi Dangling Pointer CVE-2010-0425
Apache 2.x version older than 2.2.3 CVE-2006-3747
Apache Log4j socket receiver deserialization vulnerability CVE-2017-5645
Apache Shiro Deserialization RCE
Apache Solr SSRF CVE-2017-3164
Apache Struts 2 ClassLoader manipulation and denial of service CVE-2014-0112 CVE-2014-0113 CVE-2014-0114
Apache Struts 2 ClassLoader manipulation and denial of service (S2-020) CVE-2014-0094 CVE-2014-0050
Apache Struts 2 DefaultActionMapper Prefixes OGNL Code Execution CVE-2013-2251
Apache Struts2 remote code execution vulnerability CVE-2016-0785
Apache Struts2 remote command execution (S2-045) CVE-2017-5638
Apache Struts2 Remote Command Execution (S2-048) CVE-2017-9791
Apache Struts2 Remote Command Execution (S2-052) CVE-2017-9805
Apache Struts2 Remote Command Execution (S2-053) CVE-2017-12611
Apache Struts Remote Code Execution (S2-057) CVE-2018-11776
Apache Tomcat Remote Code Execution Vulnerability CVE-2017-12615
Apache Win32 batch file remote command execution vulnerability CVE-2002-0061
Arbitrary EL Evaluation in RichFaces
Argument Injection
ASP code injection
Atlassian Crowd Remote Code Execution CVE-2019-11580
Bash code injection vulnerability CVE-2014-6271
BigIP iRule Tcl code injection
CakePHP 1.3.5 / 1.2.8 unserialize() vulnerability CVE-2010-4335
Check for apache versions up to 1.3.25, 2.0.38 CVE-2002-0392
Citrix ADC/Gateway Unauthenticated Remote Code Execution CVE-2019-19781
Code execution
CodeIgniter weak encryption key
ColdFusion AMF Deserialization RCE CVE-2017-3066
ColdFusion FlashGateway Deserialization RCE CVE-2019-7091 CVE-2019-7091
ColdFusion JNDI injection RCE CVE-2018-15957
Data Binding Expression Vulnerability in Spring Web Flow CVE-2017-4971
Drupal 7 arbitrary PHP code execution and information disclosure CVE-2012-4553 CVE-2012-4554
Drupal Core 4.6.x Arbitrary Code Execution (4.6.0 - 4.6.6) CVE-2006-2743
Drupal Core 4.6.x Arbitrary Code Execution (4.6.0 - 4.6.7) CVE-2006-2831
Drupal Core 4.7.x Arbitrary Code Execution (4.7.0 - 4.7.0) CVE-2006-2743
Drupal Core 4.7.x Arbitrary Code Execution (4.7.0 - 4.7.5) CVE-2007-0626
Drupal Core 5.x Arbitrary Code Execution (5.0 - 5.0) CVE-2007-0626
Drupal Core 5.x Arbitrary Code Execution (5.0 - 5.2) CVE-2007-5593
Drupal Core 6.x Remote Code Execution (6.0 - 6.38) CVE-2018-7600
Drupal Core 7.x Remote Code Execution (7.0 - 7.57) CVE-2018-7600
Drupal Core 7.x Remote Code Execution (7.0 - 7.58) CVE-2018-7602
Drupal Core 8.4.x Remote Code Execution (8.4.0 - 8.4.5) CVE-2018-7600
Drupal Core 8.4.x Remote Code Execution (8.4.0 - 8.4.7) CVE-2018-7602
Drupal Core 8.5.0 Remote Code Execution (8.5.0 - 8.5.0) CVE-2018-7600
Drupal Core 8.5.x Remote Code Execution (8.5.0 - 8.5.2) CVE-2018-7602
Drupal Core 8.5.x Remote Code Execution (8.5.0 - 8.5.10) CVE-2019-6340
Drupal Core 8.6.x Remote Code Execution (8.6.0 - 8.6.9) CVE-2019-6340
Drupal Core 8.x.x Remote Code Execution (8.0.0 - 8.3.8) CVE-2018-7600
Drupal Core 8.x.x Remote Code Execution (8.0.0 - 8.4.8) CVE-2019-6340
Drupal Remote Code Execution (SA-CORE-2018-002) CVE-2018-7600
Drupal Remote Code Execution (SA-CORE-2018-004) CVE-2018-7602
Drupal REST Remote Code Execution CVE-2019-6340
EktronCMS Saxon XSLT parser remote code execution CVE-2015-0931
Ektron CMS unauthenticated code execution and Local File Read CVE-2012-5357 CVE-2012-5358
Elasticsearch remote code execution CVE-2014-3120
Exim Illegal IPv6 Address and SPA Authentication Buffer Overflow CVE-2005-0021
FastCGI Unauthorized Access Vulnerability
Flask debug mode
Flex BlazeDS AMF Deserialization RCE CVE-2017-5641
Gallery 3.0.4 remote code execution
GhostScript RCE (Remote Code Execution) CVE-2016-3714
GoAhead web server remote code execution CVE-2017-17562
HipChat for JIRA plugin - Velocity template injection CVE-2015-5603
Horde/IMP Plesk webmail exploit
Horde Imp Unauthenticated Remote Command Execution CVE-2018-19518
Horde remote code execution CVE-2014-1691
HTTP.sys remote code execution vulnerability CVE-2015-1635
IBM WebSphere RCE Java Deserialization Vulnerability CVE-2015-7450
ImageMagick remote code execution CVE-2016-3714
Invision Power Board version 3.3.4 unserialize PHP code execution CVE-2012-5692
Jboss Application Server HTTPServerILServlet.java remote code execution CVE-2017-7504
JBoss InvokerTransformer Remote Code Execution CVE-2015-7501
JBoss Seam framework remote code execution CVE-2010-1871
Joomla! Core 3.9.x Remote Code Execution (3.9.7 - 3.9.8) CVE-2019-14654
Joomla! Core 3.x.x Remote Code Execution (3.7.0 - 3.8.7) CVE-2018-11321
Joomla! Core Remote Code Execution (1.5.0 - 3.4.5) CVE-2015-8562
Joomla! JCE arbitrary file upload
Joomla! JomSocial remote code execution
Joomla! remote code execution vulnerability CVE-2015-8562
Liferay TunnelServlet Deserialization Remote Code Execution
Liferay version older than 7.0
Liferay version older than 7.1
Liferay XMLRPC Blind SSRF
Magento remote code execution CVE-2015-1397 CVE-2015-1398 CVE-2015-1399
MediaWiki remote code execution CVE-2014-1610
Microsoft IIS 6.0 WebDAV Buffer Overflow CVE-2017-7269
MoinMoin CVE-2012-6081 multiple arbitrary code execution vulnerabilities CVE-2012-6081
MongoDB injection
MovableType remote code execution CVE-2015-1592
Moveable Type 4.x unauthenticated remote command execution CVE-2013-0209
Multiple critical vulnerabilities in Apache Struts2 CVE-2012-0393
Multiple vulnerabilities reported in Parallels Plesk Sitebuilder
Nagios XI Magpie_debug.php Unauthenticated RCE CVE-2018-15708
Nagios XI Unauthenticated SQLi CVE-2018-8734 CVE-2018-8734
Nginx PHP code execution via FastCGI
OpenX 2.8.10 backdoor CVE-2013-4211
OpenX arbitrary file upload CVE-2009-4140
Oracle Business Intelligence AMF Deserialization RCE CVE-2020-2950 CVE-2020-2950
Oracle Reports rwservlet vulnerabilities CVE-2012-3152 CVE-2012-3153
Oracle Weblogic Async Component Deserialization RCE CVE-2019-2725 CVE-2019-2725
Oracle WebLogic Remote Code Execution via T3 CVE-2018-3245
Oracle Weblogic WLS-WSAT Component Deserialization RCE CVE-2017-3506 CVE-2017-10271
Perl code injection
PHP 4.3.0 file disclosure and possible code execution CVE-2003-0097
PHP 5.3.9 remote code execution CVE-2012-0830
PHP code injection
PHP code injection (pmwiki)
PHP eval() used on user input
phpMoAdmin remote code execution
phpMyAdmin v3.5.2.2 backdoor CVE-2012-5159
phpThumb() fltr[] parameter command injection vulnerability CVE-2010-1598
PHPUnit Remote Code Execution CVE-2017-9841
Plone arbitrary code execution CVE-2011-3587
Python code injection
Rails remote code execution using render :inline CVE-2016-2098
RCE in SQL Server Reporting Services (SSRS) CVE-2020-0618
RCE with Spring Data Commons CVE-2018-1273
Remote Code Execution (RCE) in Spring Security OAuth CVE-2016-4977
Remote code execution in bootstrap-sass 3.2.0.3 CVE-2019-10842
Remote code execution vulnerability in WordPress Duplicator
Ruby on Rails code injection
Ruby on Rails directory traversal vulnerability CVE-2014-0130
Ruby on Rails weak/known secret token CVE-2013-0156
Ruby on Rails XML processor YAML deserialization code execution CVE-2013-0156
SAP Hybris Deserialization RCE
SAP NetWeaver ConfigServlet remote command execution
Security update: Hotfix available for ColdFusion CVE-2013-0625 CVE-2013-0629 CVE-2013-0631 CVE-2013-0632
Server-side JavaScript injection
Server-side template injection
Spring Boot Whitelabel Error Page SpEL
Spring Data REST RCE via PATCH requests CVE-2017-8046
Struts 2 development mode
Struts2/Xwork remote command execution CVE-2010-1870
Struts2/XWork remote command execution (S2-014) CVE-2013-1966 CVE-2013-2115
ThinkPHP v5.0.22/5.1.29 Remote Code Execution Vulnerability
timthumb.php remote code execution CVE-2011-4106
TimThumb WebShot remote code execution
TinyMCE ajax_create_folder remote code execution vulnerability
Umbraco CMS remote code execution
Umbraco CMS TemplateService remote code execution CVE-2013-4793
Unauthenticated Remote Code Execution via JSONWS in Liferay 7.2.0 CE GA1 CVE-2020-0618
UnrealIRCd 3.2.8.1 backdoor CVE-2010-2075
uWSGI Unauthorized Access Vulnerability
vBSEO 3.6.0 PHP code injection CVE-2012-5223
vBulletin 5 CONNECT remote code execution
vBulletin 5.x 0day pre-auth RCE
vBulletin PHP object injection vulnerability
Webmin v1.920 Unauhenticated Remote Command Execution CVE-2019-15107
WooFramework shortcode exploit
WordPress 'wp-admin/options.php' Remote Code Execution Vulnerability (0.6.2 - 2.3.2) CVE-2008-5695
WordPress 2.0.2 Username Remote PHP Code Injection Vulnerability (0.6.2 - 2.0.2) CVE-2006-2667 CVE-2006-2702
WordPress 2.1.1 Command Execution Backdoor Vulnerability (2.1.1 - 2.1.1) CVE-2007-1277
WordPress 2.6.2 Remote Code Execution Vulnerability (0.70 - 2.6.2) CVE-2008-4796
WordPress caching plugins PHP code execution CVE-2013-2010
WordPress Cookie Data PHP Code Injection Vulnerability (1.5 - 1.5.1.3) CVE-2005-2612
WordPress OptimizePress unrestricted file upload CVE-2013-7102
WordPress PHP Object Injection CVE-2013-4338
WordPress Plugin AccessAlly PHP Code Execution (3.3.1)
WordPress Plugin Ad Inserter-Ad Manager & AdSense Ads Remote Code Execution (2.4.21) CVE-2019-15324
WordPress Plugin Advanced Access Manager Arbitrary Code Execution (2.8.2) CVE-2014-6059
WordPress Plugin Ajax Search Lite Remote Command Execution (3.1)
WordPress Plugin All-in-One WP Migration Remote Code Execution (2.0.2) CVE-2014-8794
WordPress Plugin Analytics Remote Code Execution (1.7)
WordPress Plugin Arigato Autoresponder and Newsletter Remote Code Execution (2.5.1.9) CVE-2018-18461
WordPress Plugin BackWPup Remote and Local Code Execution (1.6.1) CVE-2011-4342 CVE-2011-5208
WordPress Plugin Best Seo Remote Code Execution (1.5)
WordPress Plugin BJ Lazy Load Remote Code Execution (0.7.5)
WordPress Plugin CM Download Manager Code Injection (2.0.3) CVE-2014-8877
WordPress Plugin Coming Soon Possible Remote Code Execution (1.1.3) CVE-2016-10033 CVE-2016-10045
WordPress Plugin Cool Video Gallery Command Injection (1.9) CVE-2015-7527
WordPress Plugin Custom Content Type Manager Remote Code Execution (0.9.8.5) CVE-2015-3173
WordPress Plugin Divi Builder PHP Code Injection (4.0.9)
WordPress Plugin Duplicator-WordPress Migration Remote Code Execution (1.2.40)
WordPress Plugin Easy Forms for Mailchimp PHP Code Injection (6.5.2) CVE-2019-15318
WordPress Plugin eShop Code Injection (6.3.11) CVE-2015-3421
WordPress Plugin EWWW Image Optimizer Remote Code Execution (2.8.3)
WordPress Plugin EZPZ One Click Backup Remote Code Execution (12.03.10) CVE-2014-3114
WordPress Plugin Fast Secure Contact Form Remote Code Execution (4.0.44) CVE-2016-10033 CVE-2016-10045
WordPress Plugin Feedify Remote Code Execution (2.0.0)
WordPress Plugin File Gallery Remote Code Execution (1.7.9) CVE-2014-2558
WordPress Plugin File Manager Remote Code Execution (4.5)
WordPress Plugin Flamingo Code Injection (1.1)
WordPress Plugin Formidable Forms Builder for WordPress-Contact Forms, Surveys & Quiz Forms Remote Code Execution (2.05.01)
WordPress Plugin Form Manager Remote Command Execution (1.7.2) CVE-2015-7806
WordPress Plugin Gantry 4 Framework Remote Command Execution (4.1.3)
WordPress Plugin Global Content Blocks PHP Code Execution and Information Disclosure Vulnerabilities (1.5.1)
WordPress Plugin Google Map Remote Code Execution (1.0)
WordPress Plugin Groundhogg-Marketing Automation & CRM for WordPress Remote Code Execution (1.3.4) CVE-2019-15647
WordPress Plugin Insert or Embed Articulate Content into WordPress Remote Code Execution (4.2997) CVE-2019-15649
WordPress Plugin is_human() 'type' Parameter Remote Command Injection (1.4.2)
WordPress Plugin iThemes Exchange:Simple WP Ecommerce Remote Code Execution (1.14.0)
WordPress Plugin Jekyll Exporter Remote Code Execution (2.2.0) CVE-2017-9841
WordPress Plugin Kanzu Support Desk-WordPress Helpdesk Remote Code Execution (2.4.6)
WordPress Plugin Lightbox Jquery Possible Remote Code Execution (0.24)
WordPress Plugin MailPress Remote Code Execution (7.0.2)
WordPress Plugin Maintenance Mode Under Construction Page Landing Page Possible Remote Code Execution (1.0.9) CVE-2016-10033 CVE-2016-10045
WordPress Plugin Master Popups Remote Code Execution (1.0.0)
WordPress Plugin MobiLoud-WordPress Mobile Apps-Convert your WordPress Website to Native Mobile Apps Remote Code Execution (4.0.1)
WordPress Plugin Newsletter Subscription Form Possible Remote Code Execution (1.1.2) CVE-2016-10033 CVE-2016-10045
WordPress Plugin NextGEN Gallery-WordPress Gallery Remote Code Execution (2.1.59)
WordPress Plugin open-flash-chart-core Remote Code Execution (0.4) CVE-2009-4140
WordPress Plugin PHP Speedy 'admin_container.php' Remote PHP Code Execution (0.5.2)
WordPress Plugin Plainview Activity Monitor Remote Command Execution (20161228) CVE-2018-15877
WordPress Plugin ProfileGrid-User Profiles, Groups and Communities Remote Code Execution (2.8.5) CVE-2019-15873
WordPress Plugin PropertyHive Remote Code Execution (1.4.25)
WordPress Plugin Robo Gallery-Photo Gallery and Images Gallery Remote Code Execution (2.0.14)
WordPress Plugin Share Possible Remote Code Execution (1.0)
WordPress Plugin Shortcodes Ultimate Remote Code Execution (5.0.0)
WordPress Plugin Social Media Tab Remote Code Execution (1.0.9)
WordPress Plugin Social Photo Gallery Remote Code Execution (1.0) CVE-2019-14467
WordPress Plugin Statistics Remote Code Execution (1.8)
WordPress Plugin Subscribe Form Remote Command Execution (1.1)
WordPress Plugin ThemeREX Addons Remote Code Execution (All) CVE-2020-10257
WordPress Plugin Ultimate Member-User Profile & Membership Remote Code Execution (2.0.32)
WordPress Plugin UnGallery 'search' Parameter Remote Arbitrary Command Execution (2.1.5)
WordPress Plugin VaultPress Man-in-The-Middle (MiTM) Remote Code Execution (1.8.6)
WordPress Plugin VaultPress Remote Code Execution (1.9.0)
WordPress Plugin Video Embed & Thumbnail Generator 'kg_callffmpeg.php' Multiple Remote Code Execution Vulnerabilities (1.1) CVE-2012-1785
WordPress Plugin W3 Total Cache PHP Code Injection (0.9.2.8) CVE-2013-2010
WordPress Plugin WooCommerce Possible Remote Code Execution (3.4.5)
WordPress Plugin WooCommerce Possible Remote Code Execution (3.5.0)
WordPress Plugin Woody ad snippets-Insert Header Footer Code, AdSense Ads PHP Code Injection (1.3)
WordPress Plugin WordPress Download Manager Remote Code Execution (2.7.4)
WordPress Plugin WordPress Landing Pages Remote Code Execution (1.9.0) CVE-2015-5227
WordPress Plugin WP-Filebase Download Manager Remote Code Execution (0.3.0.03)
WordPress Plugin WP-Live Chat by 3CX Remote Code Execution (7.0.01) CVE-2016-10033 CVE-2016-10045
WordPress Plugin WP-Stateless-Google Cloud Storage Remote Code Execution (2.2.0)
WordPress Plugin WP-Syntax Remote PHP Code Execution (0.9.9) CVE-2009-2852
WordPress Plugin wp heyloyalty Remote Code Execution (1.1.4) CVE-2017-9841
WordPress Plugin WP Maintenance Mode Remote Code Execution (2.0.6) CVE-2018-20156
WordPress Plugin WP Super Cache PHP Code Injection (1.2) CVE-2013-2009 CVE-2013-2011
WordPress Plugin wSecure Lite Remote Code Execution (2.3)
WordPress Plugin Yoast SEO Possible Remote Code Execution (9.1.0) CVE-2018-19370
WordPress Plugin Zingiri Web Shop 'ajax_save_name.php' Remote Code Execution (2.2.3)
WordPress Super Socialat backdoor plugin