Vulnerabilities > Owasp > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-19 | CVE-2024-23686 | Information Exposure Through Log Files vulnerability in Owasp Dependency-Check DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file. | 5.3 |
| 2022-10-25 | CVE-2022-39350 | Cross-site Scripting vulnerability in Owasp Dependency-Track Frontend @dependencytrack/frontend is a Single Page Application (SPA) used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. | 5.4 |
| 2022-10-25 | CVE-2022-39351 | Cleartext Storage of Sensitive Information vulnerability in Owasp Dependency-Track Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. | 4.4 |
| 2022-04-27 | CVE-2022-24891 | ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. | 6.1 |
| 2022-03-24 | CVE-2022-27820 | Improper Certificate Validation vulnerability in Owasp ZED Attack Proxy OWASP Zed Attack Proxy (ZAP) through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server. | 4.0 |
| 2021-06-22 | CVE-2010-3300 | Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking vulnerability in Owasp Enterprise Security API for Java 2.0 It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks. | 5.9 |
| 2020-06-09 | CVE-2020-13973 | Cross-site Scripting vulnerability in Owasp Json-Sanitizer 1.0/1.1/1.2.0 OWASP json-sanitizer before 1.2.1 allows XSS. | 6.1 |
| 2019-07-29 | CVE-2019-1020007 | Cross-site Scripting vulnerability in Owasp Dependency-Track Dependency-Track before 3.5.1 allows XSS. | 5.4 |