Vulnerabilities > Owasp > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-08-12 | CVE-2023-48171 | Unspecified vulnerability in Owasp Defectdojo An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component. | 8.8 |
2022-12-18 | CVE-2021-4247 | Unspecified vulnerability in Owasp Nodegoat A vulnerability has been found in OWASP NodeGoat and classified as problematic. | 7.5 |
2022-09-20 | CVE-2022-39957 | Improper Encoding or Escaping of Output vulnerability in multiple products The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. | 7.5 |
2022-09-20 | CVE-2022-39958 | Improper Encoding or Escaping of Output vulnerability in multiple products The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range. | 7.5 |
2021-08-19 | CVE-2021-28490 | Cross-Site Request Forgery (CSRF) vulnerability in Owasp Csrfguard 3.1.0/4.0 In OWASP CSRFGuard through 3.1.0, CSRF can occur because the CSRF cookie may be retrieved by using only a session token. | 8.8 |
2021-01-13 | CVE-2021-23900 | Unspecified vulnerability in Owasp Json-Sanitizer OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. | 7.5 |
2018-09-03 | CVE-2018-16384 | SQL Injection vulnerability in Owasp Modsecurity Core Rule SET A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 via {`a`b} where a is a special function name (such as "if") and b is the SQL statement to be executed. | 7.5 |
2018-06-07 | CVE-2018-12036 | Write-what-where Condition vulnerability in Owasp Dependency-Check OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames. | 7.8 |