api-security 8

• NoSQL Injection via Search Filter Object Leads to Hidden Rental Disclosure | SwiftSearch Hotels Jun 3, 2026
• GraphQL BOLA via Introspection & Insecure Resolver Access | Slate Quarry May 15, 2026
• JWT Secret Cracking & Privilege Escalation via Forged Tokens | Tally May 14, 2026
• XInclude Injection to Arbitrary File Read | Tanuki May 12, 2026
• IDOR via Sequential Order IDs | Cheesy Does It May 11, 2026
• IDOR in Order Access – Unauthorized Order Data Exposure | Hartwood May 11, 2026
• GraphQL Introspection and Sensitive Data Exposure | Ottergram May 9, 2026
• Predictable Token Enumeration – Gift Card Redemption Abuse | BugForge Lab May 3, 2026