966 matches found
Introducing the Wallarm 2024 API ThreatStatsTM Report
The Wallarm Security Research team is pleased to share the latest version of our API ThreatStats report. This report serves as a key resource for API, Application security practitioners. It emphasizes the need for a proactive stance in API security, advocating for continuous monitoring, regular...
Route-Detect - Find Authentication (Authn) And Authorization (Authz) Security Bugs In Web Application Routes
Find authentication authn and authorization authz security bugs in web application routes: Web application HTTP route authn and authz bugs are some of the most common security issues found today. These industry standard resources highlight the severity of the issue: 2021 OWASP Top 10 1 - Broken...
What Is API Detection and Response?
...
API Security: Best Practices for API Activity Data Acquisition
...
Any authenticated user may obtain private message details from other users on the same instance
Summary Users can report private messages, even when they're neither sender nor recipient of the message. The API response to creating a private message report contains the private message itself, which means any user can just iterate over message ids to loudly obtain all private messages of an...
GHSA-R64R-5H43-26QV Any authenticated user may obtain private message details from other users on the same instance
Summary Users can report private messages, even when they're neither sender nor recipient of the message. The API response to creating a private message report contains the private message itself, which means any user can just iterate over message ids to loudly obtain all private messages of an...
Qualys WAS Unveils New Features in an Upgraded User Interface
Qualys Web Application Scanning WAS has been at the forefront of web application and API security innovation, and today, were excited to announce a significant leap - the launch of our New User Interface UI. From improved performance and reliability to cutting-edge technology adoption and enhance...
changedetection.io API endpoint is not secured with API token
Summary API endpoint /api/v1/watch//history can be accessed by any unauthorized user. Details WatchHistory resource does not have @auth.checktoken annotation, which means it can be accessed without providing x-api-key header...
GHSA-HCVP-2CC7-JRWR changedetection.io API endpoint is not secured with API token
Summary API endpoint /api/v1/watch//history can be accessed by any unauthorized user. Details WatchHistory resource does not have @auth.checktoken annotation, which means it can be accessed without providing x-api-key header...
CVE-2024-23687
CVE-2024-23687 affects the FOLIO module-data-export-spring. The issue arises from hard-coded credentials in the module, allowing unauthenticated access to critical APIs and enabling modification of user data, configurations (including single sign-on), and fees/fines. Affected versions are before ...
CVE-2024-23329 changedetection.io API endpoint is not secured with API token
changedetection.io is an open source tool designed to monitor websites for content changes. In affected versions the API endpoint /api/v1/watch//history can be accessed by any unauthorized user. As a result any unauthorized user can check one's watch history. However, because unauthorized party...
api.servicetrade.com Cross Site Scripting vulnerability OBB-3838239
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Cross site request forgery (csrf)
pyLoad is a free and open-source Download Manager written in pure Python. The pyload API allows any API call to be made using GET requests. Since the session cookie is not set to SameSite: strict, this opens the library up to severe attack possibilities via a Cross-Site Request Forgery CSRF attac...
CVE-2024-22416
Affected software: pyLoad (Python-based download manager). Vulnerability: CSRF in the pyload API where GET requests can be used without SameSite cookie protection, allowing any API call by an unauthenticated user. This has been addressed in release 0.5.0b3.dev78, and all users are advised to upgr...
CVE-2024-22406 Blind SQL-injection in DAL aggregations in Shopware
Shopware is an open headless commerce platform. The Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the “aggregations...
api.presseportal.de Cross Site Scripting vulnerability OBB-3831900
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Wallarm Named a Leader in GigaOm Radar for API Security
I am thrilled to share that Wallarm, has been named a leader in the GigaOm Radar for API Security! We would like to share insights from the recent GigaOm 2023 API Security Radar report, particularly shining a spotlight on our Advanced API Security solution. The growing importance of APIs and API...
api.sms.army Cross Site Scripting vulnerability OBB-3829347
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Addressing the Rising Threat of API Leaks
In the realm of cybersecurity, the metaphor of "Leaky Buckets" has become an increasingly prevalent concern, particularly in the context of API security. This term encapsulates the hidden vulnerabilities and exposures in API infrastructures that many organizations struggle to identify and address...
The Do’s and Don’ts of Modern API Security
...