PT-2024-10392

Name of the Vulnerable Software and Affected Versions Edimax AC1200 Wi-Fi 5 Dual-Band router BR-6476AC version 1.06 Description The issue is related to command injection problems in /bin/goahead, which can be triggered through API endpoints such as "/goform/tracerouteDiagnosis",...

PT-2024-5517 · Microsoft · Visual Studio Code

Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui affected versions not specified Description: The LoLLMS WebUI system for launching and managing large language models is susceptible to a denial of service DoS attack due to uncontrolled resource consumption. Attackers c...

OpenJDK: arbitrary Java code execution in Nashorn (8314284)

Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or...

2024 Predictions for Cybersecurity: The Rise of AI Brings New Challenges

The emergence of generative AI has put new resources in the hands of both attackers and defenders, and in 2024, Imperva believes the technology will have an even greater impact. Understanding how attackers are leveraging the technology will be critical for organizations seeking to keep...

Online Retailers: Five Threats Targeting Your Business This Holiday Shopping Season

As the holiday season approaches, a palpable sense of joy and anticipation fills the air. Twinkling lights adorn homes, the aroma of freshly baked cookies wafts through the kitchen, and the sound of laughter and carolers melodies resonate on frosty evenings. Its a time when families come together...

Mastering API Security: Learn the 3 Key Principles at Kong API Summit 2023

In an era where APIs Application Programming Interfaces are the lifeblood of digital interactions, the need for robust API security has never been more critical. According to Gartner research, a staggering 90% of web-enabled applications are predicted to harbor vulnerabilities related to APIs. To...

Cyberattacks Targeting E-commerce Applications

Cyber attacks on e-commerce applications are a common trend in 2023 as e-commerce businesses become more omnichannel, they build and deploy increasingly more API interfaces, with threat actors constantly exploring more ways to exploit vulnerabilities. This is why regular testing and ongoing...

Private APIs at Risk: Q1-2023 API ThreatStats™ Report

According to a Mar-2022 API survey by Gartner, 98% of organizations use or are planning to use internal APIs – up from 88% in 2019. And 90% of organizations use or are planning to use private APIs provided by partners – up from 68% in 2019. Obviously, there’s a big blind spot in your API security...

CVE-2023-20183

Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these...

CVE-2023-20184

Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these...

CVE-2023-20182

Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these...

CVE-2023-20183

Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these...

CVE-2023-20184

Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these...

PT-2023-2775 · Cisco · Cisco Dna Center

Name of the Vulnerable Software and Affected Versions: Cisco DNA Center Software affected versions not specified Description: The issue is related to multiple vulnerabilities in the API of Cisco DNA Center Software. These vulnerabilities could allow an authenticated, remote attacker to read...

Predictions for 2023 from Latest API Threat Research | API Security Newsletter

March has arrived and is roaring like a very confused lion, at least in the northern hemisphere. And much like in the wild, brood production is increasing. Weve already seen some fruits of that labor, such as the Q4-2022 and 2022 Year-End ThreatStats™ Report, and some very tasty product upgrades...

2022 Year-End API ThreatStats™ Report

In 2022, the Wallarm Threat Research team went through almost 350,000 reports to find 650 API-specific vulnerabilities, and tracked 115 published exploits impacting these vulnerabilities – all of which could negatively impact your business risk posture. The 2022 Year-End API ThreatStats™ Report...

Q4-2022 API ThreatStats™ Report

We’re pleased to present the latest quarterly review and analysis of API vulnerabilities and exploits. This time, we’re going to split our discussion into two parts: today this quarterly review, and soon hereafter our year-in-review report. The Q4-2022 ThreatStats™ Report...

CVE-2022-48289

The bundle management module lacks authentication and control mechanisms in some APIs. Successful exploitation of this vulnerability may affect data confidentiality...

Automotive Industry Exposed to Have Major API Vulnerabilities

By Habiba Rashid The impacted automotive giants include BMW, Toyota, Ford, Honda, Mercedes-Benz and many more. This is a post from HackRead.com Read the original post: Automotive Industry Exposed to Have Major API Vulnerabilities...

Millions of Vehicles at Risk: API Vulnerabilities Uncovered in 16 Major Car Brands

Multiple bugs affecting millions of vehicles from 16 different manufacturers could be abused to unlock, start, and track cars, plus impact the privacy of car owners. The security vulnerabilities were found in the automotive APIs powering Acura, BMW, Ferrari, Ford, Genesis, Honda, Hyundai, Infinit...