vulnerability-rating-taxonomy
vulnerability-rating-taxonomy copied to clipboard
bugcrowd
Bugcrowd’s baseline priority ratings for common security vulnerabilities
Remove: P2 - Server Security Misconfiguration - Misconfigured DNS - High Impact Subdomain Takeover Change: From: P3 - Server Security Misconfiguration - Misconfigured DNS - Basic Subdomain Takeover To: P3...
Could the various bias templates (Data Biases, Algorithmic Biases, Societal Biases, Misinterpretation Biases, Developer Biases) be moved to subcategories of AI Application Security? They currently display as top-level categories in...
I request the addition of the following vulnerability to the Vulnerability Rating Taxonomy (VRT) based on a recent finding. Server-Side Include (SSI) injection (P2 - Server-Side Injection --> Server-Side Include...
I request the addition of new vulnerabilities to the Vulnerability Rating Taxonomy (VRT). Based on recent findings, incorporating these vulnerabilities will enhance its coverage and accuracy. 1. XPath injection (P2...
Hi all! One vulnerability submission that we get a lot of and have to deny is a "self-only" XSS e.g. a user pastes a vulnerable snippet into a comment field,...
Many of the VRT templates say e.g. `Login to the application` when it should say `Log in to the application`. `Login` - Noun. Example: Use your login details. `Log in`...
This is just a start on updating VRT for hardware submissions. I think updating current automotive ones to more general hardware would help instead of repeating issues. We could also...
Add: Server Security Misconfiguration - Exposed Portal - Protected - P5 Server Security Misconfiguration - Exposed Portal - Admin Portal - P1 Server Security Misconfiguration - Exposed Portal - Non-Admin...
The following URLs return a 404 error: File: ai_application_security/llm_security/prompt_injection/recommendations.md URL: https://aivillage.org/large%20language%20models/threat-modeling-llm/ File: server_security_misconfiguration/lack_of_security_headers/content_security_policy_report_only/recommendations.md URL: https://owasp.org/www-community/controls/Content_Security_Policy/ File: server_security_misconfiguration/lack_of_security_headers/x_content_security_policy/recommendations.md URL: https://owasp.org/www-community/controls/Content_Security_Policy/ File: server_security_misconfiguration/lack_of_security_headers/content_security_policy/recommendations.md URL: https://owasp.org/www-community/controls/Content_Security_Policy/ 
I searched buffer and found no results. I searched overflow and found integer overflow, in the smart contract class. But where would I log a normal, website buffer overflow?
