Category - API Security Blog

curl: Title: Remote Code Execution (RCE) via Arbitrary Library Loading in `–engine` option

Vulnerability description not...Read More ...

August 12, 2025

WakaTime: Double Clickjacking Attack on WakaTime OAuth Authorization Flow at https://wakatime.com/oauth/authorize

The WakaTime OAuth authorization flow was vulnerable to a double-clickjacking attack. The attack allowed an attacker to trick users into unknowingly clicking the "Connect my WakaTime account& ...

August 12, 2025

curl: Default Minimum TLS Version Set to TLS v1.0 (Cryptographic Weakness)

Vulnerability description not...Read More ...

August 12, 2025

curl: Disk Space Exhaustion leading to a Denial of Service (DoS)

Vulnerability description not...Read More ...

August 12, 2025

curl: Stack use-after-scope in HTTP/3 POST request processing via CURLOPT_POSTFIELDS

Vulnerability description not...Read More ...

August 12, 2025

curl: access notes without permission

Vulnerability description not...Read More ...

August 12, 2025

curl: OpenSSL HTTP/3 bogus CURLINFO_TLS_SSL_PTR

Vulnerability description not...Read More ...

August 12, 2025

Lichess: CSRF at Network feature

A CSRF vulnerability was found in the network feature, where an attacker could change the Network Routing settings by sending a CSRF script to the...Read More ...

August 12, 2025