Filter
-Infinity
0

Trending

Last week
Last month
Last year

Dependency-Track 4.13End of life

First published (updated )
EOL-dependency-track-4.13

go/github.com/corazawaf/coraza/v3OWASP Coraza WAF has parser confusion which leads to wrong URI in `REQUEST_FILENAME`

medium
5.4
EPSS
0.04%
First published (updated )
CVE-2025-29914

Dependency-Track 4.12Reached end of life

First published (updated )
EOL-dependency-track-4.12

Dependency-Track 4.12Reached end of life

First published (updated )
latest-version-dependency-track-4.12

Dependency-Track 4.11Reached end of life

First published (updated )
EOL-dependency-track-4.11

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Dependency-Track 4.11Reached end of life

First published (updated )
latest-version-dependency-track-4.11

OWASP DefectDojoAn issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via th…

high
8.8
First published (updated )
CVE-2023-48171

OWASP Dependency-CheckDependencyCheck Debug Mode Logging of NVD API Key

medium
5.3
EPSS
0.05%
First published (updated )
CVE-2024-23686

Dependency-Track 4.10Reached end of life

First published (updated )
latest-version-dependency-track-4.10

Dependency-Track 4.10Reached end of life

First published (updated )
EOL-dependency-track-4.10

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Dependency-Track 4.9Reached end of life

First published (updated )
EOL-dependency-track-4.9

Dependency-Track 4.9Reached end of life

First published (updated )
latest-version-dependency-track-4.9

OWASP ModSecurity Core Rule Setcoreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not block multiple Content-Type…

critical
9.8
First published (updated )
CVE-2023-38199

Dependency-Track 4.8Reached end of life

First published (updated )
EOL-dependency-track-4.8

Dependency-Track 4.8Reached end of life

First published (updated )
latest-version-dependency-track-4.8

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

OWASP NodeGoatOWASP NodeGoat Query Parameter research.js denial of service

high
7.5
First published (updated )
CVE-2021-4247

Dependency-Track 4.7Reached end of life

First published (updated )
latest-version-dependency-track-4.7

Dependency-Track 4.7Reached end of life

First published (updated )
EOL-dependency-track-4.7

Dependency-TrackDependency-Track vulnerable to logging of API keys in clear text when handling API requests using keys with insufficient permissions

medium
4.4
First published (updated )
CVE-2022-39351

OWASP Dependency-Track@dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via Vulnerability Details

medium
5.4
First published (updated )
CVE-2022-39350

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Red Hat FedoraResponse body bypass in OWASP ModSecurity Core Rule Set via repeated HTTP Range header submission with a small byte range

high
7.5
First published (updated )
CVE-2022-39958

Red Hat FedoraResponse body bypass in OWASP ModSecurity Core Rule Set via a specialy crafted charset in the HTTP Accept header

high
7.5
First published (updated )
CVE-2022-39957

Red Hat FedoraPartial rule set bypass in OWASP ModSecurity Core Rule Set by submitting a specially crafted HTTP Content-Type header

critical
9.8
First published (updated )
CVE-2022-39955

Red Hat FedoraPartial rule set bypass in OWASP ModSecurity Core Rule Set for HTTP multipart requests using character encoding in the Content-Type or Content-Transfer-Encoding header

critical
9.8
First published (updated )
CVE-2022-39956

OWASP ModSecurity Core Rule SetSQL Injection

critical
9.8
First published (updated )
CVE-2020-22669

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Oracle WebLogic ServerCross-site Scripting in org.owasp.esapi:esapi -- antisamy-esapi.xml configuration file

medium
6.1
First published (updated )
CVE-2022-24891

Oracle WebLogic ServerPath Traversal in ESAPI

critical
9.8
First published (updated )
CVE-2022-23457

OWASP Zed Attack ProxyOWASP Zed Attack Proxy (ZAP) through w2022-03-21 does not verify the TLS certificate chain of an HTT…

medium
4.3
First published (updated )
CVE-2022-27820

OWASP ModSecurity Core Rule SetOWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is af…

critical
9.8
First published (updated )
CVE-2021-35368

Oracle UnifierThe OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with t…

critical
9.8
First published (updated )
CVE-2021-42575

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203