api-testing 4

• XML External Entity (XXE) via Deck Import Feature | Tanuki May 6, 2026
• SQL Injection – UNION-Based Credential Extraction via Profile API | Ottergram May 2, 2026
• Broken Access Control – Role Manipulation via User Registration | Tanuki Apr 28, 2026
• Command Injection – Remote Code Execution via rollOptions Parameter | Diceforge Apr 26, 2026