Vulnerabilities > Owasp > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-19 | CVE-2024-23686 | Information Exposure Through Log Files vulnerability in Owasp Dependency-Check DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file. | 5.3 |
| 2022-10-25 | CVE-2022-39350 | Cross-site Scripting vulnerability in Owasp Dependency-Track Frontend @dependencytrack/frontend is a Single Page Application (SPA) used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. | 5.4 |
| 2022-10-25 | CVE-2022-39351 | Cleartext Storage of Sensitive Information vulnerability in Owasp Dependency-Track Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. | 4.4 |
| 2022-04-27 | CVE-2022-24891 | ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. | 6.1 |
| 2022-03-24 | CVE-2022-27820 | Improper Certificate Validation vulnerability in Owasp ZED Attack Proxy OWASP Zed Attack Proxy (ZAP) through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server. | 4.3 |
| 2021-08-19 | CVE-2021-28490 | Cross-Site Request Forgery (CSRF) vulnerability in Owasp Csrfguard 4.0 In OWASP CSRFGuard through 3.1.0, CSRF can occur because the CSRF cookie may be retrieved by using only a session token. | 6.8 |
| 2021-06-22 | CVE-2010-3300 | Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking vulnerability in Owasp Enterprise Security API for Java 2.0 It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks. | 4.3 |
| 2021-01-13 | CVE-2021-23900 | Unspecified vulnerability in Owasp Json-Sanitizer OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. | 5.0 |
| 2020-06-09 | CVE-2020-13973 | Cross-site Scripting vulnerability in Owasp Json-Sanitizer 1.0/1.1/1.2.0 OWASP json-sanitizer before 1.2.1 allows XSS. | 4.3 |
| 2018-06-07 | CVE-2018-12036 | Path Traversal vulnerability in Owasp Dependency-Check OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames. | 6.8 |