| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-40316 | OWASP BLT has RCE in Github Actions via untrusted Django model execution in workflow | OWASP-BLT | BLT | High | 8.8 | 2026-04-15 22:49:19 | Deep Dive |
| CVE-2026-3816 | OWASP DefectDojo SonarQubeParser/MSDefenderParser parser.py input_zip.read denial of service | OWASP | DefectDojo | Medium | 4.3 | 2026-03-09 11:02:11 | Deep Dive |
| CVE-2025-66021 | OWASP Java HTML Sanitizer is vulnerable to XSS via noscript tag and improper style tag sanitization | OWASP | java-html-sanitizer | - | - | 2025-11-26 01:53:38 | Deep Dive |
| CVE-2025-54571 | ModSecurity's Insufficient Return Value Handling can Lead to XSS and Source Code Disclosure | owasp-modsecurity | ModSecurity | - | - | 2025-08-05 23:39:41 | Deep Dive |
| CVE-2025-52891 | ModSecurity empty XML tag causes segmentation fault | owasp-modsecurity | ModSecurity | Medium | 6.5 | 2025-07-02 15:03:34 | Deep Dive |
| CVE-2025-48866 | ModSecurity has possible DoS vulnerability in sanitiseArg action | owasp-modsecurity | ModSecurity | High | 7.5 | 2025-06-02 15:46:20 | Deep Dive |
| CVE-2025-47947 | ModSecurity Has Possible DoS Vulnerability | owasp-modsecurity | ModSecurity | High | 7.5 | 2025-05-21 22:08:32 | Deep Dive |
| CVE-2025-27110 | Libmodsecurity3 has possible bypass of encoded HTML entities | owasp-modsecurity | ModSecurity | 高危 | - | 2025-02-25 20:00:44 | Deep Dive |
| CVE-2024-28153 | Jenkins OWASP Dependency-Check Plugin 安全漏洞 | Jenkins Project | Jenkins OWASP Dependency-Check Plugin | - | - | 2024-03-06 17:01:57 | Deep Dive |
| CVE-2024-1019 | WAF bypass of the ModSecurity v3 release line | OWASP ModSecurity | ModSecurity | High | 8.6 | 2024-01-30 16:09:42 | Deep Dive |
| CVE-2021-4247 | OWASP NodeGoat Query Parameter research.js denial of service | OWASP | NodeGoat | Medium | 4.3 | 2022-12-18 00:00:00 | Deep Dive |
| CVE-2022-39958 | Response body bypass in OWASP ModSecurity Core Rule Set via repeated HTTP Range header submission with a small byte range | OWASP | ModSecurity Core Rule Set | High | 7.5 | 2022-09-20 00:00:00 | Deep Dive |
| CVE-2022-39957 | Response body bypass in OWASP ModSecurity Core Rule Set via a specialy crafted charset in the HTTP Accept header | OWASP | ModSecurity Core Rule Set | High | 7.3 | 2022-09-20 00:00:00 | Deep Dive |
| CVE-2022-39956 | Partial rule set bypass in OWASP ModSecurity Core Rule Set for HTTP multipart requests using character encoding in the Content-Type or Content-Transfer-Encoding header | OWASP | ModSecurity Core Rule Set | High | 7.3 | 2022-09-20 00:00:00 | Deep Dive |
| CVE-2022-39955 | Partial rule set bypass in OWASP ModSecurity Core Rule Set by submitting a specially crafted HTTP Content-Type header | OWASP | ModSecurity Core Rule Set | High | 7.3 | 2022-09-20 00:00:00 | Deep Dive |
| CVE-2022-23457 | Path Traversal in ESAPI | OWASP ESAPI | org.owasp.esapi:esapi | High | 7.5 | 2022-04-25 00:00:00 | Deep Dive |
| CVE-2021-43577 | Jenkins 代码问题漏洞 | Jenkins project | Jenkins OWASP Dependency-Check Plugin | 高危 | - | 2021-11-12 10:35:21 | Deep Dive |
| CVE-2010-3300 | OWASP ESAPI 安全漏洞 | - | OWASP ESAPI | 中危 | - | 2021-06-22 11:56:27 | Deep Dive |
| CVE-2021-21633 | Jenkins OWASP Dependency-Track 跨站请求伪造漏洞 | Jenkins project | Jenkins OWASP Dependency-Track Plugin | 高危 | - | 2021-03-30 11:10:36 | Deep Dive |
| CVE-2021-21632 | Dependency-Track 安全漏洞 | Jenkins project | Jenkins OWASP Dependency-Track Plugin | 中危 | - | 2021-03-30 11:10:35 | Deep Dive |