Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (48 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-23900 1 Owasp 1 Json-sanitizer 2024-11-21 7.5 High
OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these situations.
CVE-2021-23899 1 Owasp 1 Json-sanitizer 2024-11-21 9.8 Critical
OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents.
CVE-2020-13973 1 Owasp 1 Json-sanitizer 2024-11-21 6.1 Medium
OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls a substring of the input JSON, and controls another substring adjacent to a SCRIPT element in which the output is embedded as JavaScript, may be able to confuse the HTML parser as to where the SCRIPT element ends, and cause non-script content to be interpreted as JavaScript.
CVE-2019-1020007 1 Owasp 1 Dependency-track 2024-11-21 N/A
Dependency-Track before 3.5.1 allows XSS.
CVE-2018-16384 1 Owasp 1 Owasp Modsecurity Core Rule Set 2024-11-21 7.5 High
A SQL injection bypass (aka PL1 bypass) exists in OWASP ModSecurity Core Rule Set (owasp-modsecurity-crs) through v3.1.0-rc3 via {`a`b} where a is a special function name (such as "if") and b is the SQL statement to be executed.
CVE-2018-12036 1 Owasp 1 Dependency-check 2024-11-21 N/A
OWASP Dependency-Check before 3.2.0 allows attackers to write to arbitrary files via a crafted archive that holds directory traversal filenames.
CVE-2010-3300 1 Owasp 1 Enterprise Security Api For Java 2024-11-21 5.9 Medium
It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks.
CVE-2023-48171 1 Owasp 1 Defectdojo 2024-09-18 8.8 High
An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component.