Vulnerabilities > Owasp
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-12 | CVE-2023-48171 | Unspecified vulnerability in Owasp Defectdojo An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component. | 8.8 |
| 2024-01-19 | CVE-2024-23686 | Information Exposure Through Log Files vulnerability in Owasp Dependency-Check DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file. | 5.3 |
| 2023-07-13 | CVE-2023-38199 | Type Confusion vulnerability in Owasp Coreruleset coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not detect multiple Content-Type request headers on some platforms. | 9.8 |
| 2022-10-25 | CVE-2022-39350 | Cross-site Scripting vulnerability in Owasp Dependency-Track Frontend @dependencytrack/frontend is a Single Page Application (SPA) used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. | 5.4 |
| 2022-10-25 | CVE-2022-39351 | Cleartext Storage of Sensitive Information vulnerability in Owasp Dependency-Track Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. | 4.4 |
| 2022-09-20 | CVE-2022-39955 | The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass by submitting a specially crafted HTTP Content-Type header field that indicates multiple character encoding schemes. | 9.8 |
| 2022-09-20 | CVE-2022-39956 | Improper Encoding or Escaping of Output vulnerability in multiple products The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and inspected by the web application firewall engine and the rule set. | 9.8 |
| 2022-09-20 | CVE-2022-39957 | Improper Encoding or Escaping of Output vulnerability in multiple products The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. | 7.5 |
| 2022-09-20 | CVE-2022-39958 | Improper Encoding or Escaping of Output vulnerability in multiple products The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range. | 7.5 |
| 2022-09-02 | CVE-2020-22669 | SQL Injection vulnerability in multiple products Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability. | 9.8 |