CVE-2024-13416

CVE-2024-13416 affects the 2N OS platform. The issue arises when an authorized user uses the API to enable logging, which can disclose valid authentication tokens in the system log due to unfiltered token exposure. Impact is rated medium (CVSS 3.1: 4.3) with network access and low attack complexi...

CVE-2025-22963

Teedy through 1.11 allows CSRF for account takeover via POST /api/user/admin...

CVE-2022-41878

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In versions prior to 5.3.2 or 4.10.19, keywords that are specified in the Parse Server option requestKeywordDenylist can be injected via Cloud Code Webhooks or Triggers. This will result in the...

CVE-2020-15202

In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the Shard API in TensorFlow expects the last argument to be a function taking two int64 i.e., long long arguments. However, there are several places in TensorFlow where a lambda taking int or int32 arguments is being used. In...

CVE-2024-49348 IBM Cloud Pak for Business Automation incorrect privilege assignment

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows restricting access to organizational data to valid contexts. The fact that tasks of type comment can be reassigned via API implicitly...

CVE-2024-1539 Missing Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 15.2 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible to disclose updates to issues to a banned group member using the API...

BIT-SUPERSET-2024-28148 Apache Superset: Incorrect datasource authorization on explore REST API

An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.This issue affects Apache Superset: before 3.1.2. Users are recommended to upgrade to version 3.1.2 or above, which fixes the issue...

CVE-2024-20255

A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. This vulnerability is due to insufficient CSRF protections for th...

CVE-2024-46890

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 3. The affected application does not properly validate input sent to specific endpoints of its web API. This could allow an authenticated remote attacker with high privileges on the application to execute arbitrary code...

Qualys TotalAppSec Delivers AI-powered Unified Application Risk Management for Modern Web Apps and APIs

" If you can’t measure it, you can’t manage it." - This adage rings truer than ever in the world of cybersecurity. Today, the modern attack surface has exploded, fueled by APIs that now drive 83% of all web traffic, powering critical integrations, microservices, and digital experiences. Security...

API Security Is At the Center of OpenAI vs. DeepSeek Allegations

With a high-stakes battle between OpenAI and its alleged Chinese rival, DeepSeek, API security was catapulted to priority number one in the AI community today. According to multiple reports, OpenAI and Microsoft have been investigating whether DeepSeek improperly used OpenAI’s API to train its ow...

Do We Really Need The OWASP NHI Top 10?

The Open Web Application Security Project has recently introduced a new Top 10 project - the Non-Human Identity NHI Top 10. For years, OWASP has provided security professionals and developers with essential guidance and actionable frameworks through its Top 10 projects, including the widely used...

CVE-2024-55925

In Xerox Workplace Suite, an API restricted to specific hosts can be bypassed by manipulating the Host header. If the server improperly validates or trusts the Host header without verifying the actual destination, an attacker can forge a value to gain unauthorized access. This exploit targets...

CVE-2024-55925

CVE-2024-55925 affects Xerox Workplace Suite. The issue is an API access bypass via manipulating the Host header, exploiting improper host validation that can allow forging a value to access restricted API endpoints. Documents confirm the vulnerability impacts Xerox Workplace Suite versions prior...

CVE-2024-55925 API Security bypass through header manipulation

In Xerox Workplace Suite, an API restricted to specific hosts can be bypassed by manipulating the Host header. If the server improperly validates or trusts the Host header without verifying the actual destination, an attacker can forge a value to gain unauthorized access. This exploit targets...

CVE-2024-55925 API Security bypass through header manipulation

In Xerox Workplace Suite, an API restricted to specific hosts can be bypassed by manipulating the Host header. If the server improperly validates or trusts the Host header without verifying the actual destination, an attacker can forge a value to gain unauthorized access. This exploit targets...

API Security’s Role in Responsible AI Deployment

By now, you will almost certainly be aware of the transformative impact artificial intelligence AI technologies are having on the world. What you may not be aware of, however, is the role Application Programming Interfaces APIs are playing in the AI revolution. The bottom line is that APIs are...

CVE-2024-34579

The evidence in Connected documents identifies Fuji Electric Alpha5 Smart (Alpha5 SMART) as affected by a stack-based buffer overflow in C5V file parsing. The root cause is failure to validate the length of user-supplied data prior to copying it to a stack-based buffer, enabling potential arbitra...

Akamai API Security Release 3.41

...

Effective API Throttling for Enhanced API Security

APIs are the backbone of modern digital ecosystems, but their misuse can expose systems to cyber threats. Effective API throttling not only optimizes performance but also acts as a critical defense mechanism against abuse, such as denial-of-service attacks. Discover how this powerful strategy...