Vulnerabilities > Owasp

DATE CVE VULNERABILITY TITLE RISK
2024-08-12 CVE-2023-48171 Unspecified vulnerability in Owasp Defectdojo
An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component.
network
low complexity
owasp
8.8
2024-01-19 CVE-2024-23686 Information Exposure Through Log Files vulnerability in Owasp Dependency-Check
DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file.
network
low complexity
owasp CWE-532
5.3
2023-07-13 CVE-2023-38199 Type Confusion vulnerability in Owasp Coreruleset
coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not detect multiple Content-Type request headers on some platforms.
network
low complexity
owasp CWE-843
critical
9.8
2022-12-18 CVE-2021-4247 Unspecified vulnerability in Owasp Nodegoat
A vulnerability has been found in OWASP NodeGoat and classified as problematic.
network
low complexity
owasp
7.5
2022-10-25 CVE-2022-39350 Cross-site Scripting vulnerability in Owasp Dependency-Track Frontend
@dependencytrack/frontend is a Single Page Application (SPA) used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
network
low complexity
owasp CWE-79
5.4
2022-10-25 CVE-2022-39351 Cleartext Storage of Sensitive Information vulnerability in Owasp Dependency-Track
Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
local
low complexity
owasp CWE-312
4.4
2022-09-20 CVE-2022-39955 The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes.
network
low complexity
owasp fedoraproject debian
critical
9.8
2022-09-20 CVE-2022-39956 Improper Encoding or Escaping of Output vulnerability in multiple products
The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and inspected by the web application firewall engine and the rule set.
network
low complexity
owasp fedoraproject debian CWE-116
critical
9.8
2022-09-20 CVE-2022-39957 Improper Encoding or Escaping of Output vulnerability in multiple products
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass.
network
low complexity
owasp fedoraproject debian CWE-116
7.5
2022-09-20 CVE-2022-39958 Improper Encoding or Escaping of Output vulnerability in multiple products
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range.
network
low complexity
owasp fedoraproject debian CWE-116
7.5