12 matches found
Why AI Bot Protection and Control Are Essential for Application Security
AI-driven automation is no longer emerging. It is already integrated and accepted as internet traffic. From AI assistants and crawlers to enterprise automation tools, websites are now routinely accessed by non-human actors operating at scale. Vulnerabilities or weaknesses in your application...
CVE-2026-35046
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, Tandoor Recipes allows authenticated users to inject arbitrary tags into recipe step instructions. The bleach.clean sanitizer explicitly whitelists the tag, causing the backend to...
Malicious code in ighack (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 889207a729f6b97c385d6c0afe217776d10331cdf7e5dd511f80e0d01e899842 Instagram hacking tool that besides abusing the Instagram API, also automatically uses user's credentials to follow hardcoded accounts. --- Category: MALICIOUS...
CVE-2025-15602
Snipe-IT versions prior to 8.3.7 contain sensitive user attributes related to account privileges that are insufficiently protected against mass assignment. An authenticated, low-privileged user can craft a malicious API request to modify restricted fields of another user account, including the...
Aggregated Rate Limiting Defends Against Large-Scale and DDoS Attacks
Discover how Akamai’s new aggregated rate limiting strengthens defenses against large-scale, distributed DDoS attacks, and API abuse with smarter detection...
CVE-2024-45170
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper or missing access control, low privileged users can use administrative functions of the C-MOR web interface. It was found out that different functions are only available to administrative users. However, acces...
SUSE CVE-2023-6866
TypedArrays can be fallible and lacked proper exception handling. This could lead to abuse in other APIs which expect TypedArrays to always succeed. This vulnerability affects Firefox 121...
Mozilla Firefox Security Vulnerability
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox prior to version 121, which stems from a lack of exception handling in TypedArray, leading to abuse of other APIs...
CVE-2022-40684
An authentication bypass using an alternate path or channel CWE-288 in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6, FortiProxy version 7.2.0 and version 7.0.0 through 7.0.6 and FortiSwitchManager version 7.2.0 and 7.0.0 allows an unauthenticated atttacker to perform...
Cisco Small Business 缓冲区错误漏洞
Cisco Small Business is a switch from Cisco USA. The Cisco Small Business router suffers from a buffer error vulnerability that originates from an authenticated, remote attacker utilizing its web-based management interface to insufficiently validate the user field in incoming HTTP packets. An...
DEBIAN-CVE-2017-5985
lxc-user-nic in Linux Containers LXC allows local users with a lxc-usernet allocation to create network interfaces on the host and choose the name of those interfaces by leveraging lack of netns ownership check...
CVE-2016-1403
CISCO IP 8800 phones with software 11.0.1 and earlier allow local users to gain privileges for OS command execution via crafted CLI commands, aka Bug ID CSCuz03005...