Category - API Security Blog

API security news

Main /

MainWP: Reflected XSS in “Cost Tracker” Notes Field

The reflected Cross-Site Scripting (XSS) vulnerability was discovered in the "Notes" input field of the Cost Tracker section in MainWP (Version 5.4.0.11). Arbitrary user input in thi ...

Continue Reading

August 05, 2025

curl: CVE-2025-5399: WebSocket endless loop

The function curl_ws_send() in libcurl contains an infinite loop that can be triggered by a malicious server under specific circumstances. The loop is caused by a condition in the code that is not pro ...

Continue Reading

August 05, 2025

curl: arbitrary file read via `file://` path traversal with `–path-as-is`

Vulnerability description not...Read More ...

Continue Reading

August 05, 2025

curl: Stack use-after-scope in HTTP/3 POST request processing via CURLOPT_POSTFIELDS

Vulnerability description not...Read More ...

Continue Reading

August 05, 2025

curl: curl ASSERTs when accessing an LDAP URL

Vulnerability description not...Read More ...

Continue Reading

August 05, 2025

curl: Exposure of Private RSA Private Key in curl GitHub Repository

Vulnerability description not...Read More ...

Continue Reading

August 05, 2025

curl: CVE-2025-4947: QUIC certificate check skip with wolfSSL

Vulnerability description not...Read More ...

Continue Reading

August 05, 2025

MainWP: Reflected XSS in “Client Notes” Field

A reflected Cross-Site Scripting (XSS) vulnerability was discovered in the "Notes" functionality under the Edit Client section. User input in the notes input field was not properly s ...

Continue Reading

August 05, 2025

« Previous 1 … 42,413 42,414 42,415 42,416 42,417 … 385,998 Next »

Back to Main

Subscribe for the latest news: