CVE-2025-13864 Breeze – WordPress Cache Plugin <= 2.2.21 - Missing Authorization to Cache Deletion

The Breeze - WordPress Cache Plugin plugin for WordPress is vulnerable to unauthorized cache clearing in all versions up to, and including, 2.2.21. This is due to the REST API endpoint /wp-json/breeze/v1/clear-all-cache being registered with permissioncallback = 'returntrue' and authentication...

CVE-2025-13864

The Breeze WordPress Cache Plugin (WordPress) is vulnerable in all versions up to 2.2.21 due to the REST endpoint /wp-json/breeze/v1/clear-all-cache being registered with permission_callback =&gt; '__return_true' and authentication disabled by default when the API is enabled. This allows unauthen...

EUVD-2024-39573

Malicious code in bioql PyPI...

CVE-2024-51692

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in askewbrook Bing Search API Integration abbs-bing-search allows Reflected XSS.This issue affects Bing Search API Integration: from n/a through = 0.3.3...

Top Tips for Weather API Integration and Data Utilization

Integrate weather APIs to enhance your app with real-time data, forecasts, and personalized insights. Improve user experience while…...

CVE-2024-51692

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in askewbrook Bing Search API Integration abbs-bing-search allows Reflected XSS.This issue affects Bing Search API Integration: from n/a through = 0.3.3...

CVE-2024-51692

CVE-2024-51692 (Bing Search API Integration, WordPress) is a reflected XSS vulnerability in the Bing Search API Integration plugin (Askew Brook) that could allow an attacker to inject and execute script during page generation. It affects the plugin version range from earlier releases up to 0.3.3....

CVE-2024-51692 WordPress Bing Search API Integration plugin <= 0.3.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in askewbrook Bing Search API Integration abbs-bing-search allows Reflected XSS.This issue affects Bing Search API Integration: from n/a through = 0.3.3...

WordPress Bing Search API Integration Plugin <= 0.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Bing Search API Integration Type Plugin Vulnerable versions = 0.3.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51692 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 61326e410f4b Credits João Pedro S Alcântara...

Exploit for CVE-2024-8504

ViciDial Exploit Suite Author: Havok Project URL: Vi...

Emerson Ovation OCR400 Controller Stack-Based Buffer Overflow (CVE-2019-10967)

In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a stack-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long file name from the LIST command to the FTP service, which may cause the service to overwrite buffers, leading to remote...

Exploit for SQL Injection in Valvepress Automatic

Badges !MIT Licensehttps://img.shields.io/badge/Licens...

Crawlector - Threat Hunting Framework Designed For Scanning Websites For Malicious Objects

Crawlector the name Crawlector is a combination of Crawl er & Detector is a threat hunting framework designed for scanning websites for malicious objects. Note-1 : The framework was first presented at the No Hat conference in Bergamo, Italy on October 22nd, 2022 Slides, YouTube Recording. Also, i...

Information Disclosure

github.com/mongodb/mongodb-atlas-kubernetes is vulnerable to Information Disclosure. The vulnerability arises when DEBUG mode logging is enabled as there is no logic to handle the hiding of sensitive information. This can lead to the potential disclosure of confidential data such as GCP service...

Secret logging may occur in debug mode of Atlas Operator

The affected versions of MongoDB Atlas Kubernetes Operator may print sensitive information like GCP service account keys and API integration secrets while DEBUG mode logging is enabled. This issue affects MongoDB Atlas Kubernetes Operator versions: 1.5.0, 1.6.0, 1.6.1, 1.7.0. Please note that thi...

Design/Logic Flaw

The affected versions of MongoDB Atlas Kubernetes Operator may print sensitive information like GCP service account keys and API integration secrets while DEBUG mode logging is enabled. This issue affects MongoDB Atlas Kubernetes Operator versions: 1.5.0, 1.6.0, 1.6.1, 1.7.0. Please note that thi...

CVE-2023-0436 Secret logging may occur in debug mode of Atlas Operator

The affected versions of MongoDB Atlas Kubernetes Operator may print sensitive information like GCP service account keys and API integration secrets while DEBUG mode logging is enabled. This issue affects MongoDB Atlas Kubernetes Operator versions: 1.5.0, 1.6.0, 1.6.1, 1.7.0. Please note that thi...

Zendesk: Privilege escalation - Support-Contributor to Support and Product Admin via `/api/v2/██████` . No ADMIN PRIVILEGE required.

The vulnerability allowed a support contributor with the lowest privilege to escalate their role to a full support and product administrator without requiring any administrative privileges. The vulnerable endpoint /api/███ did not properly validate the user's privilege level, enabling the privile...

GHSA-P6P2-QQ95-VQ5H Remote Code Execution in Custom Integration Upload

Impact The Fides webserver API allows custom integrations to be uploaded as a ZIP file. This ZIP file must contain YAML files, but Fides can be configured to also accept the inclusion of custom Python code in it. The custom code is executed in a restricted, sandboxed environment, but the sandbox...

API Security in 2023: Major Insights from Postman’s State of the API Report

📣 Good news for all tech enthusiasts! The highly anticipated 2023 State of the API Report, conducted by Postman - one of the leading dev tools for building APIs, is now available. This comprehensive report, produced annually, is backed by an extensive survey and offers a deep dive into the...