Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Arbitrary File Creation Arbitrary File Read Arbitrary File Write Authentication Bypass BOLA Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial-of-service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilitie Known Vulnerabilities Ldap Injection Malware Missing Update Path Traversal Privilege Escalation Remote Code Execution SSRF SSTI Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity .NET HTTP Remoting publicly exposed CWE-502 CWE-502 High .NET JSON.NET Deserialization RCE CWE-502 CWE-502 High ActiveMQ OpenWire RCE (CVE-2023-46604) CVE-2023-46604 CWE-502 CWE-502 Critical AjaxPro.NET Professional Deserialization RCE (CVE-2021-23758) CVE-2021-23758 CWE-502 CWE-502 High Apache Log4j socket receiver deserialization vulnerability CVE-2017-5645 CWE-502 CWE-502 Critical Apache OFBiz SOAPService Deserialization RCE CVE-2021-26295 CWE-502 CWE-502 High Apache OFBiz XMLRPC Deserialization RCE (CVE-2020-9496/CVE-2023-49070) CVE-2020-9496 CVE-2023-49070 CWE-502 CWE-502 High Apache Shiro Deserialization RCE CVE-2016-4437 CWE-78 CWE-78 High Apache Solr Deserialization of untrusted data via jmx.serviceUrl CVE-2019-0192 High CakePHP 1.3.5 / 1.2.8 unserialize() vulnerability CVE-2010-4335 CWE-20 CWE-20 High ColdFusion AMF Deserialization RCE CVE-2017-3066 CWE-502 CWE-502 High ColdFusion CFC Deserialization RCE (CVE-2023-26359/CVE-2023-26360) CVE-2023-26359 CVE-2023-26360 CWE-502 CWE-502 High ColdFusion FlashGateway Deserialization RCE CVE-2019-7091 CVE-2019-7091 CWE-502 CWE-502 High ColdFusion WDDX Deserialization RCE (CVE-2023-29300/CVE-2023-38203/CVE-2023-38204) CVE-2023-29300 CVE-2023-38203 CVE-2023-38204 CWE-502 CWE-502 Critical ColdFusion WDDX Deserialization RCE (CVE-2023-44353) CVE-2023-44353 CWE-502 CWE-502 Critical Deserialization of Untrusted Data (.NET BinaryFormatter Object Deserialization) CWE-502 CWE-502 High Deserialization of Untrusted Data (Java JSON Deserialization) Fastjson CWE-502 CWE-502 High Deserialization of Untrusted Data (Java JSON Deserialization) Genson CWE-502 CWE-502 High Deserialization of Untrusted Data (Java JSON Deserialization) Jackson CVE-2017-7525 CWE-502 CWE-502 High Deserialization of Untrusted Data (Java JSON Deserialization) JsonIO CWE-502 CWE-502 High Deserialization of Untrusted Data (Java Object Deserialization) CWE-502 CWE-502 High Deserialization of Untrusted Data (XStream) CVE-2013-7285 CVE-2020-26258 CVE-2020-26217 CWE-502 CWE-502 High DNN (DotNetNuke) CMS Cookie Deserialization RCE CVE-2017-9822 CVE-2017-9822 CWE-502 CWE-502 High Flex BlazeDS AMF Deserialization RCE CVE-2017-5641 CWE-502 CWE-502 High ForgeRock AM / OpenAM Deserialization RCE (CVE-2021-35464) CVE-2021-35464 CWE-502 CWE-502 High IBM Aspera Faspex RCE (CVE-2022-47986) CVE-2022-47986 CWE-502 CWE-502 Critical IBM WebSphere RCE Java Deserialization Vulnerability CVE-2015-7450 CWE-502 CWE-502 High Invision Power Board version 3.3.4 unserialize PHP code execution CVE-2012-5692 CWE-20 CWE-20 High Java object deserialization of user-supplied data CWE-20 CWE-20 Medium Kentico CMS Deserialization RCE CVE-2019-10068 CWE-502 CWE-502 High Liferay TunnelServlet Deserialization Remote Code Execution CWE-502 CWE-502 High node-serialize Insecure Deserialization CVE-2017-5941 CWE-502 CWE-502 High Oracle Access Manager 'opensso' Deserialization RCE (CVE-2021-35587) CVE-2021-35587 CWE-502 CWE-502 High Oracle ADF Faces 'Miracle' RCE (CVE-2022-21445) CVE-2022-21445 CWE-502 CWE-502 High Oracle Business Intelligence AMF Deserialization RCE CVE-2020-2950 CVE-2020-2950 CWE-502 CWE-502 High Oracle E-Business Suite Deserialization RCE CWE-502 CWE-502 High Oracle Weblogic Async Component Deserialization RCE CVE-2019-2725 CVE-2019-2725 CWE-94 CWE-94 High Oracle Weblogic WLS-WSAT Component Deserialization RCE CVE-2017-3506 CVE-2017-10271 CWE-94 CWE-94 High PHP object deserialization of user-supplied data CWE-20 CWE-20 Medium PHP unserialize() used on user input CWE-20 CWE-20 Medium Python object deserialization of user-supplied data CWE-20 CWE-20 Medium Python pickle serialization CWE-502 CWE-502 High Ruby on Rails DoubleTap RCE (CVE-2019-5420) CVE-2019-5420 CWE-502 CWE-502 High SAP Hybris Deserialization RCE CVE-2019-0344 CWE-502 CWE-502 High Sitecore XM/XP Insecure Deserialization (CVE-2025-27218) CVE-2025-27218 CWE-502 CWE-502 Critical Sitecore XP Deserialization RCE (CVE-2021-42237) CVE-2021-42237 CWE-502 CWE-502 High SolarWinds Web Help Desk RCE (CVE-2024-28986) CVE-2024-28986 CWE-502 CWE-502 Critical Telerik Web UI RadAsyncUpload Deserialization CVE-2019-18935 CWE-78 CWE-78 High vBulletin PHP object injection vulnerability CWE-915 CWE-915 High WS_FTP AHT Deserialization RCE (CVE-2023-40044) CVE-2023-40044 CWE-502 CWE-502 Critical
