owasp

Top products

The 15 most recently published vulnerabilities affecting owasp.

• CVE-2026-42268ModSecurity: Unsigned integer underflow in @verifySSN / @verifyCPF / @verifySVNR operators7.5May 12, 2026
• CVE-2026-30923libModSecurity3 denial of service via segfault when using t:hexDecode on single-character query strings7.5May 5, 2026
• CVE-2026-40316OWASP BLT has RCE in Github Actions via untrusted Django model execution in workflow8.8Apr 15, 2026
• CVE-2026-33691OWASP CRS: Whitespace padding in filenames bypasses file upload extension checks6.8Apr 2, 2026
• CVE-2026-3816OWASP DefectDojo SonarQubeParser/MSDefenderParser parser.py input_zip.read denial of service4.3Mar 9, 2026
• CVE-2026-21876OWASP CRS has multipart bypass using multiple content-type parts9.3Jan 8, 2026
• CVE-2025-66022FACTION Unauthenticated Custom Extension Upload leads to RCE9.6Nov 26, 2025
• CVE-2025-66021OWASP Java HTML Sanitizer is vulnerable to XSS via noscript tag and improper style tag sanitization6.1Nov 26, 2025
• CVE-2025-54571ModSecurity's Insufficient Return Value Handling can Lead to XSS and Source Code Disclosure6.1Aug 5, 2025
• CVE-2025-48866ModSecurity has possible DoS vulnerability in sanitiseArg action7.5Jun 2, 2025
• CVE-2023-48171An issue in OWASP DefectDojo before v.1.5.3.1 allows a remote attacker to escalate privileges via the user permissions component.8.8Aug 12, 2024
• CVE-2024-1019WAF bypass of the ModSecurity v3 release line8.6Jan 30, 2024
• CVE-2024-23686DependencyCheck Debug Mode Logging of NVD API Key5.3Jan 19, 2024
• CVE-2023-38285Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity.7.5Jul 26, 2023
• CVE-2023-38199coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not detect multiple Content-Type request headers on some platforms. This might allow attackers to bypass a WAF with a crafted pa...9.8Jul 13, 2023