Zero Trust Is Revolutionizing API Security in Financial Services

Learn how a Zero Trust approach transforms API security in financial services by ensuring innovation, efficiency, and customer trust amid evolving cyberthreats...

FireTail Unveils Free Access for All to Cutting-Edge API Security Platform

McLean, United States of America, 26th June 2024, CyberNewsWire...

MAL-2024-4769 Malicious code in api-hypixel (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-4081 Malicious code in Be.Vlaanderen.Basisrеgisters.MuոicipalityRegistry.Api.Legacy (NuGet)

--- -= Per source details. Do not edit below this line.=-...

api.almapay.co Open Redirect vulnerability OBB-3936000

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2024-2032

A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel. This issue was fixed in version 0.55.5. The vulnerability arises due to insufficient handling of...

PYSEC-2024-105

A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel. This issue was fixed in version 0.55.5. The vulnerability arises due to insufficient handling of...

CVE-2024-34714 Hoppscotch Extension responds to calls made by origins not in the domain list

The Hoppscotch Browser Extension is a browser extension for Hoppscotch, a community-driven end-to-end open-source API development ecosystem. Due to an oversight during a change made to the extension in the commit d4e8e4830326f46ba17acd1307977ecd32a85b58, a critical check for the origin list was...

GHSA-XCP4-62VJ-CQ3R @valtimo/components exposes access token to form.io

Impact When opening a form in Valtimo, the access token JWT of the user is exposed to api.form.io via the the x-jwt-token header. An attacker can retrieve personal information from this token, or use it to execute requests to the Valtimo REST API on behalf of the logged-in user. This issue is...

PT-2024-25795 · Tenda · Tenda O3V2

Name of the Vulnerable Software and Affected Versions: Tenda O3V2 versions V1.0.0.10 through V1.0.0.12 Description: The issue is related to a Blind Command Injection via the dest parameter in the "/goform/getTraceroute" API endpoint. This allows attackers to execute arbitrary commands with root...

Best API Security Product: Wallarm wins 2024 Cybersecurity Excellence Award

We are thrilled to announce that Wallarm has clinched the sought-after 2024 Cybersecurity Excellence Award, under the category Best API Security Product. Our unwavering commitment to pioneering solutions that safeguard digital ecosystems, and fortify API security amidst the evolving cyber threat...

Healthcare Needs To Be Laser-Focused on API Security and Its Blind Spots

API-powered tools can enhance patient access to healthcare services, but these tools also introduce risk. Learn how to protect your organization...

Think Beyond the Perimeter: Secure Your APIs with East-West Visibility

...

Empowering Small Businesses in the Digital Age: A Must-Read Guide to Web Application & API Security

Small and medium-sized businesses have increasingly become reliant on web applications - whether they are developed or procured, to drive their operations, engage customers, and scale their businesses. The increasing reliance on online operations is underscored by 84% of businesses using digital...

Data Matters — The Value of Visibility in API Security

...

PT-2024-3134 · Tenda · Tenda Ac8

Name of the Vulnerable Software and Affected Versions: Tenda AC8 version 16.03.34.09 Description: The issue is related to a stack-based buffer overflow in the formSetRebootTimer function of the /goform/SetRebootTimer API endpoint. This can be exploited by manipulating the rebootTime argument,...

api.dareastream.com Cross Site Scripting vulnerability OBB-3917940

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

How to track and stop CVE-2024-3400: Palo Alto Networks API Exploit Causing Critical Infrastructure and Enterprise Epidemics

On Friday April 12, Palo Alto disclosed that some versions of PAN-OS are not only vulnerable to remote code execution, but that the vulnerability has been actively exploited to install backdoors on Palo Alto firewalls. A patch is expected to be available on April 14th. The advisory from Palo Alto...

API Cyberattacks: A Growing Threat for Organizations in Latin America

Learn about the growing threat of API cyberattacks and their effect on industries across Latin America...

CVE-2024-3283

A vulnerability in mintplex-labs/anything-llm allows users with manager roles to escalate their privileges to admin roles through a mass assignment issue. The '/admin/system-preferences' API endpoint improperly authorizes manager-level users to modify the 'multiusermode' system variable, enabling...