25 matches found
DRUPAL-CONTRIB-2026-065
The Canvas AI submodule allows you to upload image files via a custom API to use within the AI web chat. These file uploads are insufficiently validated before being written to Drupal's temporary directory. In some cases, this may lead to cross-site scripting XSS...
PT-2026-55223
Name of the Vulnerable Software and Affected Versions Drupal Canvas versions 0.0.0 through 1.4.2 Drupal Canvas versions 1.5.0 through 1.5.2 Drupal Canvas versions 1.6.0 through 1.6.1 Drupal Canvas versions 1.7.0 through 1.7.1 Description An issue exists where the Canvas module allows Cross-Site...
PT-2026-55222
Name of the Vulnerable Software and Affected Versions Drupal Canvas versions 0.0.0 through 1.4.2 Drupal Canvas versions 1.5.0 through 1.5.2 Drupal Canvas versions 1.6.0 through 1.6.1 Drupal Canvas versions 1.7.0 through 1.7.1 Description An issue exists in the Canvas AI submodule where image file...
Server-Side Request Forgery (SSRF)
Parse Server is vulnerable to Server-Side Request ForgerySSRF. The vulnerability is due to allowing clients to supply a custom apiURL parameter in the Instagram authentication adapter, which allows an attacker to redirect authentication requests to malicious endpoints and potentially bypass...
EUVD-2019-15256
Malware in sbrugna...
EUVD-2025-28555
Malicious code in bioql PyPI...
CVE-2025-54049
Incorrect Privilege Assignment vulnerability in miniOrange Custom API for WP custom-api-for-wp allows Privilege Escalation.This issue affects Custom API for WP: from n/a through = 4.2.2...
CVE-2025-54048
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in miniOrange Custom API for WP custom-api-for-wp allows SQL Injection.This issue affects Custom API for WP: from n/a through = 4.2.2...
CVE-2025-54048
CVE-2025-54048: WordPress plugin Custom API for WP
CVE-2025-54048 WordPress Custom API for WP <= 4.2.2 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in miniOrange Custom API for WP allows SQL Injection. This issue affects Custom API for WP: from n/a through 4.2.2...
CVE-2025-54049 WordPress Custom API for WP <= 4.2.2 - Privilege Escalation Vulnerability
Incorrect Privilege Assignment vulnerability in miniOrange Custom API for WP allows Privilege Escalation. This issue affects Custom API for WP: from n/a through 4.2.2...
CVE-2025-54049
CVE-2025-54049 describes an Incorrect Privilege Assignment vulnerability in the WordPress plugin Custom API for WP . Affected versions are listed as pre-n/a through 4.2.2 . The vulnerability permits Privilege Escalation within the plugin. Multiple sources (NVD, Red Hat, CVE lists, Patchstack, and...
PT-2025-34013 · WordPress · Miniorange Custom Api For Wp
Name of the Vulnerable Software and Affected Versions: miniOrange Custom API for WP versions through 4.2.2 Description: The software contains an improper neutralization of special elements used in an SQL command, leading to a SQL injection issue. This allows for SQL injection attacks...
WordPress plugin Custom API for WP SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2025-34014
Name of the Vulnerable Software and Affected Versions: miniOrange Custom API for WP versions through 4.2.2 Description: An incorrect privilege assignment issue in miniOrange Custom API for WP allows privilege escalation. Recommendations: Update miniOrange Custom API for WP to a version later than...
WordPress plugin Custom API for WP 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress plugin REST API | Custom API Generator For Cross Platform And Import Export In WP 安全漏洞
WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin REST API | Custom API Generator For Cross Platform And Impo...
Custom API Generator for Cross Platform and Import Export in WP 2.0.3 Privilege Escalation
WordPress REST API | Custom API Generator For Cross Platform And Import Export In WP plugin versions 1.0.0 through 2.0.3 are susceptible to a privilege escalation vulnerability due to a missing capability check on the processhandler...
CVE-2021-43051
The Spotfire Server component of TIBCO Software Inc.'s TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows malicious custom API clients with network access to execute internal API operations outside of the scope of thos...
Improper Access Control in agentejo/cockpit
✍️ Description A local file inclusion vulnerability allows attackers to bypass the need for API Keys when querying private custom API endpoints 🕵️♂️ Proof of Concept 1. On the server create a custom API endpoint in /var/www/html/config/api/custom.php as follows: param'test'; if !$test return...