PT-2026-38819

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0....

EUVD-2025-209530

Fudo Enterprise in versions from 5.5.0 through 5.6.2 allows low privileged users to access certain administrator-only resources via improperly protected API endpoints. This includes sensitive information such as system logs and parts of system configuration settings. This vulnerability has been...

Why API Security Is No Longer an AppSec Problem – And What Security Leaders Must Do Instead

APIs are one of the most important technologies in digital business ecosystems. And yet, the responsibility for their security often falls to AppSec teams – and that’s a problem. This organizational mismatch creates systemic risk: business teams assume APIs are “secured,” while attackers exploit...

📄 Ivanti 11.10 MobileIron Vulnerability Scanner

This PHP-based scanner detects unauthenticated access vulnerabilities in Ivanti EPMM / MobileIron products. The issue allows attackers to retrieve sensitive user information via exposed API endpoints. Version 11.10 is affected...

CVE-2025-47319

Information disclosure while exposing internal TA-to-TA communication APIs to HLOS...

CVE-2025-12807 FactoryTalk® DataMosaix™ Private Cloud SQL Injection

A security issue was discovered in DataMosaix Private Cloud, allowing users with low privilege to perform sensitive database operations through exposed API endpoints...

New Docker Malware Strain Spotted Blocking Rivals on Exposed APIs

Akamai finds new Docker malware blocking rivals on exposed APIs, replacing cryptominers with tools that hint at early botnet development...

CLSA-2025-1752655009 java-1.8.0-openjdk: Fix of 7 CVEs

CVE-2024-20952: remote data access or modification in sandboxed clients - CVE-2024-20932: modify or access sensitive data in sandboxed client environments - CVE-2024-20918: remote data access or modification in sandboxed clients - CVE-2024-20926: remote data access in sandboxed clients -...

Beyond Traditional Threats: The Rise of AI-Driven API Vulnerabilities

AI has had dramatic impacts on almost every facet of every industry. API security is no exception. Up until recently, defending APIs meant guarding against well-understood threats. But as AI proliferates, automated adversaries, AI-crafted exploits, and business logic abuse have complicated matter...

Automatically discover and secure your APIs with Wiz Dynamic Scanner

Wiz enhances its Dynamic Scanner to detect publicly exposed, unauthenticated APIs...

Undetectable Linux Malware Targeting Docker Servers With Exposed APIs

Cybersecurity researchers today uncovered a completely undetectable Linux malware that exploits undocumented techniques to stay under the radar and targets publicly accessible Docker servers hosted with popular cloud platforms, including AWS, Azure, and Alibaba Cloud. Docker is a popular...

UBUNTU-CVE-2017-10118

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: JCE. Supported versions that are affected are Java SE: 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network acces...