API - API Security Blog

CVE-2025-25214

creation_timestamp| type| source ---|---|--- 2025-07-24 15:30:34+00:00| seen|...Read More ...

July 24, 2025

eKuiper API endpoints handling SQL queries with user-controlled table names.

Summary A critical SQL Injection vulnerability exists in the getLast API functionality of the eKuiper project. This flaw allows unauthenticated remote attackers to execute arbitrary SQL statements on ...

July 24, 2025

CVE-2025-7001 Insufficient Granularity of Access Control in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed priviledged users to access certain reso ...

July 24, 2025

CVE-2025-7695 Dataverse Integration 2.77 – 2.81 – Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via reset_password_link REST Route

The Dataverse Integration plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization checks within its reset_password_link REST endpoint in versions 2.77 through 2.81. The ...

July 24, 2025

CVE-2025-7780 Ai Engine <= 2.9.4 – Missing URL Scheme Validation to Authenticated (Subscriber+) Arbitrary File Read via simpleTranscribeAudio and get_audio Functions

The AI Engine plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.4. The simpleTranscribeAudio endpoint fails to restrict URL schemes before ...

July 24, 2025

CVE-2025-34077

creation_timestamp| type| source ---|---|--- 2025-07-23 21:02:34+00:00| seen|...Read More ...

July 24, 2025

CVE-2025-54371

creation_timestamp| type| source ---|---|--- 2025-07-24 00:43:36+00:00| seen|...Read More ...

July 24, 2025

CVE-2025-32019

creation_timestamp| type| source ---|---|--- 2025-07-24 00:34:19+00:00| seen|...Read More ...

July 24, 2025