Category - API Security Blog

curl: Security check up

Vulnerability description not...Read More ...

August 05, 2025

curl: Vulnerability Report: Public Exposure of Security Audit File

Vulnerability description not...Read More ...

August 05, 2025

WakaTime: Unauthorized Disclosure of Private Emails via WakaTime Private Leaderboards

The vulnerability allowed unauthorized disclosure of private email addresses of WakaTime users through the private leaderboards feature. The email addresses were exposed to leaderboard creators and me ...

August 05, 2025

curl: Stack use-after-scope in HTTP/3 POST request processing via CURLOPT_POSTFIELDS

Vulnerability description not...Read More ...

August 05, 2025

curl: CVE-2025-4947: QUIC certificate check skip with wolfSSL

Vulnerability description not...Read More ...

August 05, 2025

curl: CVE-2025-5025: No QUIC certificate pinning with wolfSSL

Vulnerability description not...Read More ...

August 05, 2025

Mozilla: IDOR: Account Deletion via Session Misbinding – Attacker Can Delete Victim Account

A critical vulnerability was identified in the Firefox Accounts API that allowed an authenticated attacker to permanently delete any user's account by sending a POST /v1/account/destroy request u ...

August 05, 2025

curl: Memory Leak in libcurl via Location Header Handling (CWE-770)

Vulnerability description not...Read More ...

August 05, 2025