Server-Side Request Forgery (SSRF)

Parse Server is vulnerable to Server-Side Request ForgerySSRF. The vulnerability is due to allowing clients to supply a custom apiURL parameter in the Instagram authentication adapter, which allows an attacker to redirect authentication requests to malicious endpoints and potentially bypass...

EUVD-2019-15256

Malware in sbrugna...

EUVD-2025-28555

Malicious code in bioql PyPI...

CVE-2025-54049

Incorrect Privilege Assignment vulnerability in miniOrange Custom API for WP custom-api-for-wp allows Privilege Escalation.This issue affects Custom API for WP: from n/a through = 4.2.2...

CVE-2025-54048

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in miniOrange Custom API for WP custom-api-for-wp allows SQL Injection.This issue affects Custom API for WP: from n/a through = 4.2.2...

CVE-2025-54048 WordPress Custom API for WP <= 4.2.2 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in miniOrange Custom API for WP allows SQL Injection. This issue affects Custom API for WP: from n/a through 4.2.2...

CVE-2025-54048

CVE-2025-54048: WordPress plugin Custom API for WP

CVE-2025-54049 WordPress Custom API for WP <= 4.2.2 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in miniOrange Custom API for WP allows Privilege Escalation. This issue affects Custom API for WP: from n/a through 4.2.2...

CVE-2025-54049

CVE-2025-54049 describes an Incorrect Privilege Assignment vulnerability in the WordPress plugin Custom API for WP . Affected versions are listed as pre-n/a through 4.2.2 . The vulnerability permits Privilege Escalation within the plugin. Multiple sources (NVD, Red Hat, CVE lists, Patchstack, and...

WordPress plugin Custom API for WP 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress plugin Custom API for WP SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2025-34013 · WordPress · Miniorange Custom Api For Wp

Name of the Vulnerable Software and Affected Versions: miniOrange Custom API for WP versions through 4.2.2 Description: The software contains an improper neutralization of special elements used in an SQL command, leading to a SQL injection issue. This allows for SQL injection attacks...

PT-2025-34014

Name of the Vulnerable Software and Affected Versions: miniOrange Custom API for WP versions through 4.2.2 Description: An incorrect privilege assignment issue in miniOrange Custom API for WP allows privilege escalation. Recommendations: Update miniOrange Custom API for WP to a version later than...

WordPress plugin REST API | Custom API Generator For Cross Platform And Import Export In WP 安全漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin REST API | Custom API Generator For Cross Platform And Impo...

Custom API Generator for Cross Platform and Import Export in WP 2.0.3 Privilege Escalation

WordPress REST API | Custom API Generator For Cross Platform And Import Export In WP plugin versions 1.0.0 through 2.0.3 are susceptible to a privilege escalation vulnerability due to a missing capability check on the processhandler...

CVE-2021-43051

The Spotfire Server component of TIBCO Software Inc.'s TIBCO Spotfire Server, TIBCO Spotfire Server, and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows malicious custom API clients with network access to execute internal API operations outside of the scope of thos...

Improper Access Control in agentejo/cockpit

✍️ Description A local file inclusion vulnerability allows attackers to bypass the need for API Keys when querying private custom API endpoints 🕵️‍♂️ Proof of Concept 1. On the server create a custom API endpoint in /var/www/html/config/api/custom.php as follows: param'test'; if !$test return...

CVE-2019-5681

NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the custom NVIDIA API used in the mount system service where user data could be overridden, which may lead to code execution, denial of service, or information disclosure...

reVou twitter clne Beta 2.0 XSS / SQL Injection Vulnerability

Exploit for php platform in category web applications ============================================================= reVou twitter clne Beta 2.0 XSS / SQL Injection Vulnerability ============================================================= Title:reVou twitter clne Beta 2.0 sqli and Xss...

ReVou Twitter Clone 2.0 Beta - SQL Injection Cross-Site Scripting

ReVou Twitter Clone 2.0 Beta - SQL Injection Cross-Site Scripting Title:reVou twitter clne Beta 2.0 sqli and Xss vulnerability Author: Sid3^effects Published: 2010-06-06 price:$99 email:[email protected] vendor: Revou url : http://www.revou.com/demo/home ooooo .oooooo. oooooo oooooo oooo 888' d8...