Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
owasp vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-39351
Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Prior to version 4.6.0, performing an API request using a valid API key with insufficient permissions causes the API key to be written to Dependen...
Owasp Dependency-track
NA
CVE-2024-23686
DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an malicious user to recover the NVD API Key from a log file.
Owasp Dependency-check
7.5
CVSSv2
CVE-2021-23899
OWASP json-sanitizer prior to 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an malicious user to inject arbitrary HTML or XML into embedding documents.
Owasp Json-sanitizer
1 Github repository
5
CVSSv2
CVE-2021-23900
OWASP json-sanitizer prior to 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations.
Owasp Json-sanitizer
4.3
CVSSv2
CVE-2020-13973
OWASP json-sanitizer prior to 1.2.1 allows XSS. An attacker who controls a substring of the input JSON, and controls another substring adjacent to a SCRIPT element in which the output is embedded as JavaScript, may be able to confuse the HTML parser as to where the SCRIPT element...
Owasp Json-sanitizer
6.8
CVSSv2
CVE-2018-12036
OWASP Dependency-Check prior to 3.2.0 allows malicious users to write to arbitrary files via a crafted archive that holds directory traversal filenames.
Owasp Dependency-check
3.5
CVSSv2
CVE-2019-1020007
Dependency-Track prior to 3.5.1 allows XSS.
Owasp Dependency-track
7.5
CVSSv2
CVE-2021-35368
OWASP ModSecurity Core Rule Set 3.1.x prior to 3.1.2, 3.2.x prior to 3.2.1, and 3.3.x prior to 3.3.2 is affected by a Request Body Bypass via a trailing pathname.
Owasp Owasp Modsecurity Core Rule Set
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Debian Debian Linux 10.0
NA
CVE-2023-51652
OWASP AntiSamy .NET is a library for performing cleansing of HTML coming from untrusted sources. Prior to version 1.2.0, there is a potential for a mutation cross-site scripting (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject t...
Spassarop Owasp Antisamy .net
4.3
CVSSv2
CVE-2022-27820
OWASP Zed Attack Proxy (ZAP) through w2022-03-21 does not verify the TLS certificate chain of an HTTPS server.
Owasp Zed Attack Proxy
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »