CVE - API Security Blog

CVE-2023-39685

An issue in hjson-java up to v3.0.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted JSON string.Read More ...

September 01, 2023

CVE-2022-44349

NAVBLUE S.A.S N-Ops & Crew 22.5-rc.50 is vulnerable to Cross Site Scripting (XSS).Read More ...

September 01, 2023

CVE-2023-41364

In tine through 2023.01.14.325, the sort parameter of the /index.php endpoint allows SQL Injection.Read More ...

September 01, 2023

CVE-2023-25042

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Liam Gladdy (Storm Consultancy) oAuth Twitter Feed for Developers plugin Read More ...

September 01, 2023

CVE-2023-40969

Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to Server Side Request Forgery (SSRF) via admin/modules/bibliography/pop_p2p.php.Read More ...

September 01, 2023

CVE-2023-40239

Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to information disclosure. The fixed firmware version is LW80.*.P246, i.e., '*' indicates that the full version spe ...

September 01, 2023

CVE-2023-25044

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sumo Social Share Boost plugin Read More ...

September 01, 2023

CVE-2023-24412

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Web-Settler Image Social Feed plugin Read More ...

September 01, 2023