Filter
-Infinity
0
Trending
OWASP Dependency-Track@dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via Vulnerability Details
5.4
First published (updated )
Dependency-TrackDependency-Track vulnerable to logging of API keys in clear text when handling API requests using keys with insufficient permissions
4.4
First published (updated )
Oracle WebLogic ServerCross-site Scripting in org.owasp.esapi:esapi -- antisamy-esapi.xml configuration file
6.1
First published (updated )
OWASP NodeGoatOWASP NodeGoat Query Parameter research.js denial of service
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Dependency-Track 4.13End of life
First published (updated )
go/github.com/corazawaf/coraza/v3OWASP Coraza WAF has parser confusion which leads to wrong URI in `REQUEST_FILENAME`
5.4
EPSS
0.04%
First published (updated )
Oracle UnifierThe OWASP Java HTML Sanitizer before 20211018.1 does not properly enforce policies associated with t…
9.8
First published (updated )
OWASP ModSecurity Core Rule Setcoreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not block multiple Content-Type…
9.8
First published (updated )
Dependency-Track 4.12Reached end of life
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Dependency-Track 4.12Reached end of life
First published (updated )
OWASP DefectDojoAn issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via th…
8.8
First published (updated )
OWASP Enterprise Security APIThe authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterpr…
2.6
First published (updated )
Dependency-Track 4.11Reached end of life
First published (updated )
Dependency-Track 4.11Reached end of life
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
OWASP Enterprise Security APIIt was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle at…
5.9
First published (updated )
OWASP Enterprise Security APIThe authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterpr…
5.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
OWASP ModSecurity Core Rule SetOWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is af…
9.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
OWASP Java HTML SanitizerOWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for craft…
7.5
First published (updated )
Red Hat FedoraPartial rule set bypass in OWASP ModSecurity Core Rule Set for HTTP multipart requests using character encoding in the Content-Type or Content-Transfer-Encoding header
9.8
First published (updated )
Red Hat FedoraResponse body bypass in OWASP ModSecurity Core Rule Set via repeated HTTP Range header submission with a small byte range
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.