| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-39545 | WordPress REST API Authentication plugin <= 3.6.3 - Settings Change Vulnerability | miniOrange | WordPress REST API Authentication | Medium | 5.4 | 2025-04-16 12:44:39 | Deep Dive |
| CVE-2024-58036 | Net::Dropbox::API 1.9 and earlier for Perl uses insecure rand() function for cryptographic functions | NORBU | Net::Dropbox::API | - | - | 2025-04-05 16:06:54 | Deep Dive |
| CVE-2024-57868 | Web::API 2.8 and earlier for Perl uses insecure rand() function for cryptographic functions | LEV | Web::API | - | - | 2025-04-05 15:35:06 | Deep Dive |
| CVE-2025-31485 | GraphQL grant on a property might be cached with different objects | api-platform | core | High | 7.5 | 2025-04-03 19:31:46 | Deep Dive |
| CVE-2025-31481 | GraphQL query operations security can be bypassed | api-platform | core | High | 7.5 | 2025-04-03 19:20:23 | Deep Dive |
| CVE-2023-47639 | API Platform Core can leak exceptions message that may contain sensitive information | api-platform | core | Medium | 5.3 | 2025-04-03 16:46:14 | Deep Dive |
| CVE-2025-31890 | WordPress Simple Map No Api plugin <= 1.9 - Cross Site Scripting (XSS) vulnerability | Mashi | Simple Map No Api | Medium | 6.5 | 2025-04-01 14:52:20 | Deep Dive |
| CVE-2025-31855 | WordPress SMM API plugin <= 6.0.31 - Cross Site Scripting (XSS) vulnerability | softnwords | SMM API | Medium | 6.5 | 2025-04-01 14:52:03 | Deep Dive |
| CVE-2025-31814 | WordPress OwnerRez Plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability | OwnerRez | OwnerRez API | Medium | 4.3 | 2025-04-01 14:51:42 | Deep Dive |
| CVE-2025-30798 | WordPress Better WishList API plugin <= 1.1.4 - Cross Site Scripting (XSS) Vulnerability | rickonline_nl | Better WishList API | High | 7.1 | 2025-04-01 05:31:37 | Deep Dive |
| CVE-2025-23204 | GraphQl securityAfterResolver not called | api-platform | core | Medium | 4.4 | 2025-03-24 15:53:19 | Deep Dive |
| CVE-2025-1311 | WooCommerce Multivendor Marketplace – REST API <= 1.6.2 - Authenticated (Subscriber+) SQL Injection | wclovers | WCFM – Multivendor Marketplace REST API for WooCommerce | Medium | 6.5 | 2025-03-22 06:41:12 | Deep Dive |
| CVE-2025-30143 | Akamai ASE 安全漏洞 | Akamai | App & API Protector | Medium | 5.4 | 2025-03-17 00:00:00 | Deep Dive |
| CVE-2025-28886 | WordPress REST API TO MiniProgram plugin <= 5.1.2 - Cross Site Request Forgery (CSRF) vulnerability | xjb | REST API TO MiniProgram | Medium | 4.3 | 2025-03-11 21:00:46 | Deep Dive |
| CVE-2025-27913 | Passbolt 安全漏洞 | Passbolt | API | 高危 | - | 2025-03-10 00:00:00 | Deep Dive |
| CVE-2024-13857 | WPGet API <= 2.2.10 - Authenticated (Administrator+) Server-Side Request Forgery | davidanderson | WPGet API – Connect to any external REST API | Medium | 5.5 | 2025-03-07 09:21:15 | Deep Dive |
| CVE-2025-1319 | Site Mailer <= 1.2.3 - Unauthenticated Stored Cross-Site Scripting | elemntor | Site Mailer – SMTP Replacement, Email API Deliverability & Email Log | High | 7.2 | 2025-02-28 12:44:05 | Deep Dive |
| CVE-2024-5848 | Reflected Cross-Site Scripting (XSS) in Multiple WSO2 Products Due to Improper Input Validation | WSO2 | WSO2 API Manager | Medium | 6.1 | 2025-02-27 07:08:07 | Deep Dive |
| CVE-2024-2321 | Incorrect Authorization in Multiple WSO2 Products Allows API Access via Refresh Token | WSO2 | WSO2 API Manager | Medium | 5.6 | 2025-02-27 04:08:34 | Deep Dive |
| CVE-2025-0352 | Rapid Response Monitoring My Security Account App Authorization Bypass Through User-Controlled Key | Rapid Response Monitoring | My Security Account App API | High | 7.5 | 2025-02-20 19:15:27 | Deep Dive |