<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"><channel><title>Revaizor Vulnerability Database</title><description>Updates to the Revaizor vulnerability database — new vulnerability profiles, detection techniques, and remediation guidance.</description><link>https://revaizor.com/</link><language>en-us</language><item><title>Insecure Direct Object References (IDOR)</title><link>https://revaizor.com/vulnerabilities/insecure-direct-object-references/</link><guid isPermaLink="true">https://revaizor.com/vulnerabilities/insecure-direct-object-references/</guid><description>Insecure Direct Object References allow attackers to access or modify resources belonging to other users by manipulating object identifiers such as database IDs, filenames, or keys in API requests.</description><pubDate>Mon, 15 Dec 2025 00:00:00 GMT</pubDate><category>high</category><category>access-control</category><category>CWE-639</category></item><item><title>Server-Side Request Forgery (SSRF)</title><link>https://revaizor.com/vulnerabilities/server-side-request-forgery/</link><guid isPermaLink="true">https://revaizor.com/vulnerabilities/server-side-request-forgery/</guid><description>Server-Side Request Forgery allows attackers to coerce a server into making HTTP requests to arbitrary destinations, enabling access to internal services, cloud metadata endpoints, and protected networks.</description><pubDate>Mon, 15 Dec 2025 00:00:00 GMT</pubDate><category>high</category><category>ssrf</category><category>CWE-918</category></item><item><title>Remote Code Execution (RCE)</title><link>https://revaizor.com/vulnerabilities/remote-code-execution/</link><guid isPermaLink="true">https://revaizor.com/vulnerabilities/remote-code-execution/</guid><description>Remote Code Execution enables attackers to execute arbitrary commands or code on a target server, representing the most severe class of vulnerability that leads to complete system compromise.</description><pubDate>Mon, 15 Dec 2025 00:00:00 GMT</pubDate><category>critical</category><category>injection</category><category>CWE-94</category></item><item><title>Privilege Escalation</title><link>https://revaizor.com/vulnerabilities/privilege-escalation/</link><guid isPermaLink="true">https://revaizor.com/vulnerabilities/privilege-escalation/</guid><description>Privilege Escalation vulnerabilities allow attackers to gain elevated access rights beyond their authorized level, moving from low-privilege users to administrators or from application access to system-level control.</description><pubDate>Mon, 15 Dec 2025 00:00:00 GMT</pubDate><category>high</category><category>access-control</category><category>CWE-269</category></item><item><title>Broken Authentication</title><link>https://revaizor.com/vulnerabilities/broken-authentication/</link><guid isPermaLink="true">https://revaizor.com/vulnerabilities/broken-authentication/</guid><description>Broken Authentication encompasses flaws in identity verification mechanisms that allow attackers to compromise passwords, session tokens, or authentication flows to impersonate legitimate users.</description><pubDate>Mon, 15 Dec 2025 00:00:00 GMT</pubDate><category>critical</category><category>broken-auth</category><category>CWE-287</category></item><item><title>Insecure Deserialization</title><link>https://revaizor.com/vulnerabilities/insecure-deserialization/</link><guid isPermaLink="true">https://revaizor.com/vulnerabilities/insecure-deserialization/</guid><description>Insecure Deserialization allows attackers to manipulate serialized objects to achieve remote code execution, privilege escalation, or data tampering by exploiting an application&apos;s trust in serialized data.</description><pubDate>Mon, 15 Dec 2025 00:00:00 GMT</pubDate><category>critical</category><category>deserialization</category><category>CWE-502</category></item><item><title>Path Traversal</title><link>https://revaizor.com/vulnerabilities/path-traversal/</link><guid isPermaLink="true">https://revaizor.com/vulnerabilities/path-traversal/</guid><description>Path Traversal vulnerabilities allow attackers to access files and directories outside the intended scope by manipulating file path references with directory traversal sequences like ../ in application requests.</description><pubDate>Mon, 15 Dec 2025 00:00:00 GMT</pubDate><category>high</category><category>access-control</category><category>CWE-22</category></item><item><title>SQL Injection</title><link>https://revaizor.com/vulnerabilities/sql-injection/</link><guid isPermaLink="true">https://revaizor.com/vulnerabilities/sql-injection/</guid><description>SQL Injection allows attackers to manipulate database queries by injecting malicious SQL code through unsanitized user input, leading to data theft, authentication bypass, and full database compromise.</description><pubDate>Mon, 15 Dec 2025 00:00:00 GMT</pubDate><category>critical</category><category>injection</category><category>CWE-89</category></item><item><title>Cross-Site Request Forgery (CSRF)</title><link>https://revaizor.com/vulnerabilities/cross-site-request-forgery/</link><guid isPermaLink="true">https://revaizor.com/vulnerabilities/cross-site-request-forgery/</guid><description>Cross-Site Request Forgery forces authenticated users to execute unintended actions on web applications by exploiting the browser&apos;s automatic inclusion of credentials in cross-origin requests.</description><pubDate>Mon, 15 Dec 2025 00:00:00 GMT</pubDate><category>medium</category><category>other</category><category>CWE-352</category></item><item><title>Cross-Site Scripting (XSS)</title><link>https://revaizor.com/vulnerabilities/cross-site-scripting/</link><guid isPermaLink="true">https://revaizor.com/vulnerabilities/cross-site-scripting/</guid><description>Cross-Site Scripting enables attackers to inject malicious scripts into web pages viewed by other users, leading to session hijacking, credential theft, and full account takeover.</description><pubDate>Mon, 15 Dec 2025 00:00:00 GMT</pubDate><category>high</category><category>xss</category><category>CWE-79</category></item><item><title>XML External Entity (XXE)</title><link>https://revaizor.com/vulnerabilities/xml-external-entity/</link><guid isPermaLink="true">https://revaizor.com/vulnerabilities/xml-external-entity/</guid><description>XML External Entity injection exploits misconfigured XML parsers to read local files, perform server-side request forgery, execute denial of service attacks, and in some cases achieve remote code execution.</description><pubDate>Mon, 15 Dec 2025 00:00:00 GMT</pubDate><category>high</category><category>xxe</category><category>CWE-611</category></item></channel></rss>