CVE-2025-11925 Incorrect Content-Type Header

Incorrect Content-Type header in one of the APIs text/html instead of application/json replies may potentially allow injection of HTML/JavaScript into reply.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

EUVD-2024-54890

Malicious code in bioql PyPI...

EUVD-2025-11897

Malicious code in bioql PyPI...

CVE-2025-43806

Batch Engine in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.7, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 does not properly check permission with import and export tasks, which allows remote authenticated users to access the exported data via...

KuppingerCole 2025: Why Thales is a Market Leader in API Security

APIs are the backbone of modern applications connecting critical microservices and enabling enterprises to turn data into context-aware business logic via AI across their digital services. As applications become more contextual, APIs expose the data, workflows, and model interactions attackers...

CVE-2025-8077

A vulnerability exists in NeuVector versions up to and including 5.4.5, where a fixed string is used as the default password for the built-in admin account. If this password is not changed immediately after deployment, any workload with network access within the cluster could use the default...

CVE-2025-21031

Improper access control in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to use the privileged APIs...

Navigating the API Security Landscape: Your Definitive API Security Buyer’s Guide for 2025

APIs power today’s digital economy—connecting customers, partners, and internal services at breakneck speed. But with that agility comes risk: in 2024 alone, API vulnerabilities cost organizations a staggering$2.5 billion in remediation, fines, and lost revenue. As APIs proliferate, traditional...

We Urgently Need Privilege Management in MCP: a Measurement of API Usage in MCP Ecosystems

The Model Context Protocol MCP has emerged as a widely adopted mechanism for connecting large language models to external tools and resources. While MCP promises seamless extensibility and rich integrations, it also introduces a substantially expanded attack surface: any plugin can inherit broad...

How to Create a Scan for Local File Inclusion

This whitepaper covers how to create a scan in Perl to identify different types of local file inclusion in web applications. Depending on the context of the environment and architecture, the content of the paper can be applied to APIs in addition to presenting how to correct or avoid local file...

Microsoft .NET Remote Code Execution Vulnerability

The Microsoft .NET Framework is Microsoft's new development platform after Windows DNA, which runs in a system virtual machine and provides new functionality and development tools for Application Programming Interfaces APIs. A remote code execution vulnerability exists in Microsoft .NET, which ca...

CVE-2020-26073

A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to application...

Apex Softcell LD DP Back Office 安全漏洞

Apex Softcell LD DP Back Office is an application from Apex Softcell. Apex Softcell LD DP Back Office has a security vulnerability that stems from improper implementation of the OTP authentication mechanism in certain API endpoints...

authentik 安全漏洞

authentik is an open source identity provisioning application from authentik Open Source. A security vulnerability exists in authentik versions prior to 2024.6.4 and prior to 2024.4.4 that stems from a user accessing multiple API endpoints without proper authentication/authorization...

Why (and How) APIs and Web Applications Are Under Siege

Read a summary of the latest SOTI report, which tackles the security risks in web applications and APIs, and the infrastructure that powers them...

Fortinet FortiAIOps 日志信息泄露漏洞

Fortinet FortiAIOps is a Fortinet networking solution that combines artificial intelligence and machine learning AI/ML from Fortinet. A log information disclosure vulnerability exists in Fortinet FortiAIOps version 2.0.0, which stems from an application that does not adequately protect sensitive...

Toshiba e-STUDIO Security Vulnerability

Toshiba e-STUDIO is a series of high-end office multifunction printers from Toshiba Japan. A security vulnerability exists in Toshiba e-STUDIO that originates from the possibility that certain APIs Application Programming Interfaces may send HTTP requests to the multifunction device without...

Toshiba e-STUDIO Security Vulnerability

Toshiba e-STUDIO is a series of high-end office multifunction printers from Toshiba, Japan. A security vulnerability exists in Toshiba e-STUDIO, which originates from an internal program within the multifunction device where certain APIs do not check for filename input, allowing arbitrary files t...

The vulnerability of the application programming interfaces of Google Chrome and Microsoft Edge allows a perpetrator to execute arbitrary code.

The vulnerability of the application programming interfaces of Google Chrome and Microsoft Edge relates to the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by loading a specially created malicious HTML page...

CVE-2024-32735

An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel Enterprise prior to v2.8.3. An unauthenticated remote attacker can access the PDNU REST APIs, which may result in compromise of the application...