Vulnerabilities > Owasp > High

DATE CVE VULNERABILITY TITLE RISK
2024-08-12 CVE-2023-48171 Unspecified vulnerability in Owasp Defectdojo
An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component.
network
low complexity
owasp
8.8
2022-12-18 CVE-2021-4247 Unspecified vulnerability in Owasp Nodegoat
A vulnerability has been found in OWASP NodeGoat and classified as problematic.
network
low complexity
owasp
7.5
2022-09-20 CVE-2022-39957 Improper Encoding or Escaping of Output vulnerability in multiple products
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass.
network
low complexity
owasp fedoraproject debian CWE-116
7.5
2022-09-20 CVE-2022-39958 Improper Encoding or Escaping of Output vulnerability in multiple products
The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range.
network
low complexity
owasp fedoraproject debian CWE-116
7.5
2021-08-19 CVE-2021-28490 Cross-Site Request Forgery (CSRF) vulnerability in Owasp Csrfguard 3.1.0/4.0
In OWASP CSRFGuard through 3.1.0, CSRF can occur because the CSRF cookie may be retrieved by using only a session token.
network
low complexity
owasp CWE-352
8.8
2021-01-13 CVE-2021-23900 Unspecified vulnerability in Owasp Json-Sanitizer
OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input.
network
low complexity
owasp
7.5
2018-09-03 CVE-2018-16384 SQL Injection vulnerability in Owasp Modsecurity Core Rule SET
A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 via {`a`b} where a is a special function name (such as "if") and b is the SQL statement to be executed.
network
low complexity
owasp CWE-89
7.5
2018-06-07 CVE-2018-12036 Write-what-where Condition vulnerability in Owasp Dependency-Check
OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames.
local
low complexity
owasp CWE-123
7.8