API Security Blog - API security-related news. More than just OWASP API Top 10. Hacking REST, GraphQL, gRPC, SOAP and others

API security news

Vulnerabilities, exploits, attacks and threats

Well-known information security vulnerabilities database

Main

Bugbounty

curl: HTTP Proxy Bypass via `CURLOPT_CUSTOMREQUEST` Verb Tunneling

Vulnerability description not...Read More ...

Continue Reading

September 14, 2025

Bugbounty

curl: CRLF injection in libcurl’s SMTP client via –mail-from and –mail-rcpt allows SMTP command smuggling

Vulnerability description not...Read More ...

Continue Reading

September 14, 2025

Bugbounty

curl: access notes without permission

Vulnerability description not...Read More ...

Continue Reading

September 14, 2025

Bugbounty

curl: Disclosure of email addresses

Vulnerability description not...Read More ...

Continue Reading

September 14, 2025

Bugbounty

curl: Use-After-Free in OpenSSL Keylog Callback via SSL_get_ex_data() in libcurl

Vulnerability description not...Read More ...

Continue Reading

September 14, 2025

Bugbounty

curl: Arbitrary File Read via file:// Protocol in cURL

Vulnerability description not...Read More ...

Continue Reading

September 14, 2025

Bugbounty

curl: Default Minimum TLS Version Set to TLS v1.0 (Cryptographic Weakness)

Vulnerability description not...Read More ...

Continue Reading

September 14, 2025

Bugbounty

WakaTime: Not a Vuln: Race Condition Allows Creation of Multiple Organizations with the Same Name

Vulnerability description not...Read More ...

Continue Reading

September 14, 2025

1 2 3 … 386,003 Next »