Portswigger Burp Suite — known CVE vulnerabilities
Every CVE whose affected-product data names Portswigger Burp Suite, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2018-1153 — CVSS 7.4 (high): Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate the server certificate in a couple of HTTPS requests which allows a man in…
CVE-2021-29416 — CVSS 6.5 (medium): An issue was discovered in PortSwigger Burp Suite before 2021.2. During viewing of a malicious request, it can be manipulated into issuing…
CVE-2021-44230 — CVSS 6.5 (medium): PortSwigger Burp Suite Enterprise Edition before 2021.11 on Windows has weak file permissions for the embedded H2 database, which might…
CVE-2018-10377 — CVSS 5.9 (medium): PortSwigger Burp Suite before 1.7.34 has Improper Certificate Validation of the Collaborator server certificate, which might allow…
CVE-2022-35406 — CVSS 4.3 (medium): A URL disclosure issue was discovered in Burp Suite before 2022.6. If a user views a crafted response in the Repeater or Intruder, it may…