Severity Critical High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Arbitrary File Creation Authentication Bypass Bruteforce Possible Buffer Overflow CSRF CSTI Citrix Gateway Open Redirect And XSS Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial-of-service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilities Ldap Injection Malware Missing Update Privilege Escalation SSRF Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity Adobe Experience Manager Misconfiguration CVE-2016-0957 CWE-693 CWE-693 High Apache HTTP Server mod_proxy SSRF (CVE-2021-40438) CVE-2021-40438 CWE-918 CWE-918 High Apache Log4j socket receiver deserialization vulnerability CVE-2017-5645 CWE-502 CWE-502 Critical Apache OFBiz Log4Shell RCE CVE-2021-44228 CWE-78 CWE-78 High Apache OFBiz SOAPService Deserialization RCE CVE-2021-26295 CWE-502 CWE-502 High Apache OFBiz XMLRPC Deserialization RCE (CVE-2020-9496) CVE-2020-9496 CWE-502 CWE-502 High Apache REST RCE CVE-2018-11770 CWE-94 CWE-94 High Apache Shiro Deserialization RCE CVE-2016-4437 CWE-78 CWE-78 High Apache Solr Deserialization of untrusted data via jmx.serviceUrl CVE-2019-0192 High Apache Solr Log4Shell RCE CVE-2021-44228 CWE-78 CWE-78 High Apache Solr Parameter Injection CWE-88 CWE-88 Medium Apache Solr SSRF CVE-2017-3164 CWE-918 CWE-918 Medium Apache Struts2 remote code execution vulnerability CVE-2016-0785 CWE-78 CWE-78 Critical Apache Struts2 Remote Command Execution (S2-052) CVE-2017-9805 CWE-94 CWE-94 High Apache Struts2 Remote Command Execution (S2-053) CVE-2017-12611 CWE-94 CWE-94 Critical Apache Unomi MVEL RCE (CVE-2020-13942) CVE-2020-13942 CWE-20 CWE-20 High Appwrite favicon SSRF (CVE-2023-27159) CVE-2023-27159 CWE-918 CWE-918 High Argument Injection CWE-88 CWE-88 High Atlassian OAuth Plugin IconUriServlet SSRF CVE-2017-9506 CWE-918 CWE-918 High Auxiliary systems SSRF CWE-918 CWE-918 High Code Evaluation (Python) CWE-95 CWE-95 Critical Code Evaluation (Ruby) CWE-94 CWE-94 Critical ColdFusion Access Control bypass with WDDX Deserialization RCE (CVE-2023-29298/CVE-2023-29300) CVE-2023-29298 CVE-2023-29300 CWE-502 CWE-502 High ColdFusion AMF Deserialization RCE CVE-2017-3066 CWE-502 CWE-502 High ColdFusion FlashGateway Deserialization RCE CVE-2019-7091 CVE-2019-7091 CWE-502 CWE-502 High ColdFusion JNDI injection RCE CVE-2018-15957 CWE-502 CWE-502 High Cross-site Scripting via Remote File Inclusion CWE-79 CWE-79 High Data Binding Expression Vulnerability in Spring Web Flow CVE-2017-4971 CWE-78 CWE-78 High Deserialization of Untrusted Data (.NET BinaryFormatter Object Deserialization) CWE-502 CWE-502 High Deserialization of Untrusted Data (Java JSON Deserialization) Fastjson CWE-502 CWE-502 High Deserialization of Untrusted Data (Java JSON Deserialization) Genson CWE-502 CWE-502 High Deserialization of Untrusted Data (Java JSON Deserialization) Jackson CWE-502 CWE-502 High Deserialization of Untrusted Data (Java JSON Deserialization) JsonIO CWE-502 CWE-502 High Deserialization of Untrusted Data (Java Object Deserialization) CWE-502 CWE-502 High Deserialization of Untrusted Data (XStream) CWE-502 CWE-502 High DNN (DotNetNuke) CMS Cookie Deserialization RCE CVE-2017-9822 CWE-502 CWE-502 High Edge Side Include injection CWE-918 CWE-918 High Email Header Injection CWE-20 CWE-20 High Ext JS arbitrary file read CWE-22 CWE-22 High Flex BlazeDS AMF Deserialization RCE CVE-2017-5641 CWE-502 CWE-502 High ForgeRock AM / OpenAM Deserialization RCE (CVE-2021-35464) CVE-2021-35464 CWE-502 CWE-502 High GhostScript RCE (Remote Code Execution) CVE-2016-3714 CWE-78 CWE-78 Critical Gitlab CI Lint SSRF CWE-918 CWE-918 Medium GitLab ExifTool RCE (CVE-2021-22205) CVE-2021-22205 CWE-918 CWE-918 High Hasura GraphQL API without authentication CWE-200 CWE-200 Medium HTTP/2 pseudo-header server side request forgery CWE-918 CWE-918 High Httpoxy vulnerability CWE-16 CWE-16 Medium IBM WebSphere RCE Java Deserialization Vulnerability CVE-2015-7450 CWE-502 CWE-502 High ImageMagick remote code execution CVE-2016-3714 CWE-78 CWE-78 High JavaMelody XML External Entity (XXE) vulnerability CVE-2018-15531 CWE-611 CWE-611 High Jboss Application Server HTTPServerILServlet.java remote code execution CVE-2017-7504 CWE-502 CWE-502 High JBoss InvokerTransformer Remote Code Execution CVE-2015-7501 CWE-502 CWE-502 High Jira Unauthorized SSRF via REST API CVE-2019-8451 CWE-918 CWE-918 High Jolokia XML External Entity (XXE) vulnerability CWE-611 CWE-611 High Kentico CMS Deserialization RCE CWE-502 CWE-502 High Keycloak request_uri SSRF (CVE-2020-10770) CVE-2020-10770 CWE-918 CWE-918 Medium Liferay TunnelServlet Deserialization Remote Code Execution CWE-502 CWE-502 High Liferay XMLRPC Blind SSRF CWE-918 CWE-918 Medium ManageEngine Desktop Central Deserialization RCE (CVE-2020-10189) CVE-2020-10189 CWE-502 CWE-502 High MobileIron Log4Shell RCE CVE-2021-44228 CWE-78 CWE-78 High OpenCms Solr XML External Entity (XXE) vulnerability CWE-611 CWE-611 High Oracle Access Manager 'opensso' Deserialization RCE (CVE-2021-35587) CVE-2021-35587 CWE-502 CWE-502 High Oracle ADF Faces 'Miracle' RCE (CVE-2022-21445) CVE-2022-21445 CWE-502 CWE-502 High Oracle Business Intelligence AMF Deserialization RCE CVE-2020-2950 CVE-2020-2950 CWE-502 CWE-502 High Oracle Business Intelligence Convert XXE CVE-2019-2767 CWE-611 CWE-611 High Oracle Business Intelligence ReportTemplateService XXE (CVE-2021-2400) CVE-2021-2400 CWE-611 CWE-611 High Oracle Business Intelligence ReportTemplateService XXE CVE-2019-2616 CWE-611 CWE-611 High Oracle E-Business Suite Deserialization RCE CWE-502 CWE-502 High Oracle E-Business Suite SQL injection (CVE-2017-3549) CWE-89 CWE-89 High Oracle E-Business Suite SSRF (CVE-2017-10246) CVE-2017-10246 CWE-918 CWE-918 High Oracle E-Business Suite SSRF (CVE-2018-3167) CVE-2018-3167 CWE-918 CWE-918 Medium Oracle Reports rwservlet vulnerabilities CVE-2012-3152 CVE-2012-3153 CWE-20 CWE-20 High Oracle Reports Services RWServlet environment variables disclosure CWE-200 CWE-200 Low Oracle Weblogic Async Component Deserialization RCE CVE-2019-2725 CVE-2019-2725 CWE-94 CWE-94 High Oracle WebLogic Remote Code Execution via IIOP CVE-2020-2551 CWE-502 CWE-502 High Oracle WebLogic Remote Code Execution via T3 CVE-2018-3245 CWE-502 CWE-502 High Oracle Weblogic T3 XXE (CVE-2019-2647) CVE-2019-2647 CWE-611 CWE-611 High Oracle Weblogic T3 XXE (CVE-2019-2888) CVE-2019-2888 CWE-611 CWE-611 High Oracle Weblogic WLS-WSAT Component Deserialization RCE CVE-2017-3506 CVE-2017-10271 CWE-94 CWE-94 High Paperclip gem SSRF (Server side request forgery) CVE-2017-0889 CWE-918 CWE-918 High Perl code injection CWE-94 CWE-94 Critical RCE in SQL Server Reporting Services (SSRS) CVE-2020-0618 CWE-78 CWE-78 High RCE with Spring Data Commons CVE-2018-1273 CWE-94 CWE-94 High Remote code execution in bootstrap-sass 3.2.0.3 CVE-2019-10842 CWE-95 CWE-95 High Remote code execution of user-provided local names in Rails CVE-2020-8163 CWE-94 CWE-94 High Reverse proxy bypass CVE-2011-3368 CWE-20 CWE-20 Medium Reverse proxy misrouting CWE-918 CWE-918 High Reverse proxy misrouting through HTTP/2 pseudo-headers (SSRF) CWE-918 CWE-918 Medium Ruby on Rails DoubleTap RCE (CVE-2019-5420) CWE-502 CWE-502 High SAML Consumer Service External Dereference SSRF CWE-918 CWE-918 High SAML Consumer Service XML entity injection (XXE) CWE-611 CWE-611 High SAML Consumer Service XSLT injection CWE-91 CWE-91 High SAP BO BIP SSRF (CVE-2020-6308) CWE-918 CWE-918 Medium SAP Hybris Deserialization RCE CWE-502 CWE-502 High SAP IGS XXE (CVE-2018-2392, CVE-2018-2393) CVE-2018-2393 CWE-611 CWE-611 High SAP NW DI SSRF vulnerability (CVE-2021-33690) CVE-2021-33690 CWE-918 CWE-918 High Sitecore XP Deserialization RCE (CVE-2021-42237) CWE-502 CWE-502 High SOAP WS-Addressing SSRF CWE-918 CWE-918 Medium Sonicwall SMA 100 Unintended proxy (CVE-2021-20042) CWE-441 CWE-441 Medium Ubiquiti Unifi Log4Shell RCE CVE-2021-44228 CWE-78 CWE-78 High Unauthenticated Remote Code Execution via JSONWS in Liferay 7.2.0 CE GA1 CVE-2020-0618 CWE-78 CWE-78 High uWSGI Unauthorized Access Vulnerability CWE-78 CWE-78 High VMware Horizon Log4Shell RCE CVE-2021-44228 CWE-78 CWE-78 High VMware vCenter Log4Shell RCE CVE-2021-44228 CWE-78 CWE-78 High WS_FTP AHT Deserialization RCE (CVE-2023-40044) CWE-502 CWE-502 Critical Xdebug remote code execution via xdebug.remote_connect_back CWE-200 CWE-200 High XML external entity injection CWE-611 CWE-611 Critical XML external entity injection (variant) CWE-611 CWE-611 Critical XML External Entity Injection via external file CWE-611 CWE-611 Critical XML external entity injection via File Upload CWE-611 CWE-611 Critical XSLT injection CWE-91 CWE-91 High Zend Framework local file disclosure via XXE injection CVE-2012-3363 CVE-2015-5161 CWE-611 CWE-611 High Zimbra Collaboration Suite SSRF (CVE-2020-7796) CVE-2020-7796 CWE-918 CWE-918 High
