API - API Security Blog

CVE-2025-7204 Exposure of password hashes via API responses in ConnectWise PSA

In ConnectWise PSA versions older than 2025.9, a vulnerability exists where authenticated users could gain access to sensitive user information. Specific API requests were found to return an overly ve ...

July 09, 2025

CVE-2025-3780 WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible <= 6.7.16 – Missing Authorization to Unauthenticated Plugin Settings Modification

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability c ...

July 09, 2025

CVE-2025-7379

creation_timestamp| type| source ---|---|--- 2025-07-09 12:11:08+00:00| seen|...Read More ...

July 09, 2025

CVE-2025-3499

creation_timestamp| type| source ---|---|--- 2025-07-09 12:10:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ltjrumj5m52y 2025-07-09 12:47:29+00:00| seen|...Read More ...

July 09, 2025

CVE-2025-3498

creation_timestamp| type| source ---|---|--- 2025-07-09 12:00:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ltjrcpo7i32o 2025-07-09 12:47:29+00:00| seen|...Read More ...

July 09, 2025

CVE-2025-3497

creation_timestamp| type| source ---|---|--- 2025-07-09 12:47:29+00:00| seen|...Read More ...

July 09, 2025

CVE-2025-38261

creation_timestamp| type| source ---|---|--- 2025-07-09 11:01:07+00:00| seen| https://bsky.app/profile/bluesky.awakari.com/post/3ltjnz7l7cb2y 2025-07-09 11:04:25+00:00| seen|...Read More ...

July 09, 2025

CVE-2025-38246

creation_timestamp| type| source ---|---|--- 2025-07-09 11:00:56+00:00| seen| https://bsky.app/profile/bluesky.awakari.com/post/3ltjnyvpawd23 2025-07-09 11:03:50+00:00| seen|...Read More ...

July 09, 2025