2022-09-02 | CVE-2020-22669 | SQL Injection vulnerability in multiple products Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability. | 9.8 |
2022-04-27 | CVE-2022-24891 | ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. | 6.1 |
2022-04-25 | CVE-2022-23457 | ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. | 9.8 |
2022-03-24 | CVE-2022-27820 | Improper Certificate Validation vulnerability in Owasp ZED Attack Proxy OWASP Zed Attack Proxy (ZAP) through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server. | 4.0 |
2021-11-05 | CVE-2021-35368 | OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname. | 9.8 |
2021-10-18 | CVE-2021-42575 | The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements. | 9.8 |
2021-08-19 | CVE-2021-28490 | Cross-Site Request Forgery (CSRF) vulnerability in Owasp Csrfguard 3.1.0/4.0 In OWASP CSRFGuard through 3.1.0, CSRF can occur because the CSRF cookie may be retrieved by using only a session token. | 8.8 |
2021-06-22 | CVE-2010-3300 | Unspecified vulnerability in Owasp Enterprise Security API for Java 2.0 It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks. network high complexity owasp | 5.9 |
2021-01-13 | CVE-2021-23900 | Unspecified vulnerability in Owasp Json-Sanitizer OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. network low complexity owasp | 7.5 |
2021-01-13 | CVE-2021-23899 | XXE vulnerability in Owasp Json-Sanitizer OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. | 9.8 |