Vulnerabilities > Owasp > High

DATE CVE VULNERABILITY TITLE RISK
2024-08-12 CVE-2023-48171 Unspecified vulnerability in Owasp Defectdojo
An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component.
network
low complexity
owasp
8.8
2022-09-20 CVE-2022-39957 Improper Encoding or Escaping of Output vulnerability in multiple products
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass.
network
low complexity
owasp fedoraproject debian CWE-116
7.5
2022-09-20 CVE-2022-39958 Improper Encoding or Escaping of Output vulnerability in multiple products
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range.
network
low complexity
owasp fedoraproject debian CWE-116
7.5
2021-01-13 CVE-2021-23899 XXE vulnerability in Owasp Json-Sanitizer
OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input.
network
low complexity
owasp CWE-611
7.5
2018-09-03 CVE-2018-16384 SQL Injection vulnerability in Owasp Modsecurity Core Rule SET
A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 via {`a`b} where a is a special function name (such as "if") and b is the SQL statement to be executed.
network
low complexity
owasp CWE-89
7.5