Vulnerabilities > Owasp

DATE CVE VULNERABILITY TITLE RISK
2022-09-02 CVE-2020-22669 SQL Injection vulnerability in multiple products
Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability.
network
low complexity
owasp debian CWE-89
critical
 9.8
9.8
2022-04-27 CVE-2022-24891 ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library.
network
low complexity
owasp oracle netapp
6.1
6.1
2022-04-25 CVE-2022-23457 Path Traversal vulnerability in multiple products
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library.
network
low complexity
owasp oracle netapp CWE-22
critical
 9.8
9.8
2022-03-24 CVE-2022-27820 Improper Certificate Validation vulnerability in Owasp ZED Attack Proxy
OWASP Zed Attack Proxy (ZAP) through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server.
network
high complexity
owasp CWE-295
4.0
4.0
2021-11-05 CVE-2021-35368 OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is affected by a Request Body Bypass via a trailing pathname.
network
low complexity
owasp fedoraproject debian
critical
 9.8
9.8
2021-10-18 CVE-2021-42575 The OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.
network
low complexity
owasp oracle
critical
 9.8
9.8
2021-08-19 CVE-2021-28490 Cross-Site Request Forgery (CSRF) vulnerability in Owasp Csrfguard 3.1.0/4.0
In OWASP CSRFGuard through 3.1.0, CSRF can occur because the CSRF cookie may be retrieved by using only a session token.
network
low complexity
owasp CWE-352
8.8
8.8
2021-06-22 CVE-2010-3300 Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking vulnerability in Owasp Enterprise Security API for Java 2.0
It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks.
network
high complexity
owasp CWE-649
5.9
5.9
2021-01-13 CVE-2021-23900 Unspecified vulnerability in Owasp Json-Sanitizer
OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input.
network
low complexity
owasp
7.5
7.5
2021-01-13 CVE-2021-23899 XXE vulnerability in Owasp Json-Sanitizer
OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input.
network
low complexity
owasp CWE-611
critical
 9.8
9.8