CVE-2025-52663

A vulnerability was identified in certain UniFi Talk devices where internal debugging functionality remained unintentionally enabled. This issue could allow an attacker with access to the UniFi Talk management network to invoke internal debug operations through the device API. Affected Products:...

EUVD-2014-0402

Malware in sbrugna...

EUVD-2020-24790

Malware in sbrugna...

EUVD-2017-7582

Malware in sbrugna...

EUVD-2022-2093

Malicious code in bioql PyPI...

Improper Authentication

github.com/mattermost/mattermost-server is vulnerable to improper authentication. The vulnerability is due to the failure to negotiate a new token when accepting an invite, which allows an attacker who intercepts both the invite and password to send synchronization payloads to the original server...

CVE-2025-47933 Argo CD allows cross-site scripting on repositories page

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.13.8, 2.14.13, and 3.0.4, an attacker can perform arbitrary actions on behalf of the victim via the API. Due to the improper filtering of URL protocols in the repository page, an attacker can achieve...

CVE-2019-14277

Axway SecureTransport 5.x through 5.3 or 5.x through 5.5 with certain API configuration is vulnerable to unauthenticated blind XML injection and XXE in the resetPassword functionality via the REST API. This vulnerability can lead to local file disclosure, DoS, or URI invocation attacks i.e., SSRF...

CVE-2024-42194

An improper handling of insufficient permissions or privileges affects HCL BigFix Inventory. An attacker having access via a read-only account can possibly change certain configuration parameters by crafting a specific REST API call...

API-ATTACK-SYSTEM 安全漏洞

API-ATTACK-SYSTEM is an attack tool from the individual developers at Vypor. A security vulnerability exists in API-ATTACK-SYSTEM version v.1.0, which originated from a vulnerability that allows remote attackers to execute arbitrary code via the user GET parameter...

Information disclosure

Landscape's server-status page exposed sensitive system information. This data leak included GET requests which contain information to attack and leak further information from the Landscape API...

Smart Mobility has a Blindspot When it Comes to API Security

The emergence of smart mobility services and applications has led to a sharp increase in the use of APIs in the automotive industry. However, this increased reliance on APIs has also made them one of the most common attack vectors. According to Gartner, APIs account for 90% of the web application...

CVE-2021-46440

The CVE-2021-46440 issue affects Strapi (DOCUMENTATION plugin) prior to 3.6.9 and prior to 4.1.5. It stores passwords in a recoverable format, allowing an attacker who can access a victim’s HTTP request to retrieve the cookie, base64-decode it, and obtain a cleartext password. This enables access...

Top 3 Attack Trends in API Security – Podcast

In late July 2021, online retailers got hit with a jaw-dropping 2,800 percent increase in attack takeovers. Dead-set on gift card fraud via “scrape for resale” and other types of fraud, the attacks spiraled up to the rate of 700,000 attacks per day. In a separate case – of a loan application frau...

Automatic API Attack Tool - Customizable API Attack Tool Takes An API Specification As An Input, Generates And Runs Attacks That Are Based On It As An Output

Imperva's customizable API attack tool takes an API specification as an input, and generates and runs attacks that are based on it as an output. The tool is able to parse an API specification and create fuzzing attack scenarios based on what is defined in the API specification. Each endpoint is...

CVE-2018-5799

In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATIONNAME= URI, aka SD-69139...

CVE-2016-8353

An issue was discovered in OSIsoft PI Web API 2015 R2 Version 1.5.1. There is a weakness in this product that may allow an attacker to access the PI system without the proper permissions...

Wordpress content injection vulnerability induced Super of 67,000 a site being black production use-vulnerability warning-the black bar safety net

! http://p7.qhimg.com/t0103be813526052f73.jpg From the latest WordPress vulnerability over 67,000 sites to be attacked If your website uses WordPress, and there is no timely update official last week released a patch, upgrade to v4. 7. 2 versions, then your site is likely to be this 4 a hacking...