CVE-2022-34770

Tabit - sensitive information disclosure. Several APIs on the web system display, without authorization, sensitive information such as health statements, previous bills in a specific restaurant, alcohol consumption and smoking habits. Each of the described API’s, has in its URL one or more MongoD...

Authorization

Tabit - sensitive information disclosure. Several APIs on the web system display, without authorization, sensitive information such as health statements, previous bills in a specific restaurant, alcohol consumption and smoking habits. Each of the described API’s, has in its URL one or more MongoD...

CVE-2022-34775

Tabit vulnerability (CVE-2022-34775) involves excessive data exposure via an API endpoint used for reservation cancellation. The endpoint query http://tgm-api.tabit.cloud/rsv/management/{reservationId}?organization={orgId} can return sensitive reservation data (name, email, phone, visit history, ...

CVE-2022-34770

CVE-2022-34770 concerns Tabit exposure of sensitive information via multiple web APIs that reveal health statements, bills, alcohol consumption, and smoking habits without proper authorization. Affected components include endpoints that expose MongoDB IDs in their URLs and rely on tiny URLs like ...

crAPI - Completely Ridiculous API

c ompletely r idiculous API crAPI will help you to understand the ten most critical API security risks. crAPI is vulnerable by design, but you'll be able to safely run it to educate/train yourself. crAPI is modern, built on top of a microservices architecture. When time has come to buy your first...

Shopify: Cross-site scripting on api.collabs.shopify.com

Summary: Shopify collabs collabs.shopify.com is a new platform for content creators / influencers to discover and advertise the millions of brands of Shopify. The content creators can apply for different brands on this platform and get paid affiliate marketing. I discovered a cross-site scripting...

api.planetworkint.com Improper Access Control vulnerability OBB-2848366

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Wallarm at Black Hat USA 2022

Black Hat USA is celebrating its 25th anniversary, and Wallarm will be on hand for the festivities. If you’re headed to Vegas this year, we invite you to meet our crew and talk about API security. Tuesday 08/09 – Pre-Event Evening Party Join us on Tuesday 08/09 evening at the Emerging Technology...

CVE-2022-21186

The package @acrontum/filesystem-template before 0.0.2 are vulnerable to Arbitrary Command Injection due to the fetchRepo API missing sanitization of the href field of external input...

api.next.bilheteria.com.br Cross Site Scripting vulnerability OBB-2825587

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Research Shows the Annual Cost of API Security-related Breaches is Mind-blowing

Application Programming Interfaces APIs have emerged as useful tools that streamline business operations and enhance the digital experience for customers. As their use has become more widespread, they are a much more prominent part of the cyber threat landscape. API-related hacks and data breache...

Sql injection

OMICARD EDM’s API function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to access, modify, delete database or disrupt service...

Imperva Earns Three Cyber Defense Global InfoSec Awards for 2022

The Cyber Defense Awards in conjunction with Cyber Defense Magazine recently announced the winners of their prestigious annual Global Infosec Awards for 2022. We are proud to say that Imperva earned three Global Infosec Awards; as Most Innovative for Application Security, Cutting Edge for Cloud...

CVE-2022-36305

Affected software: Vesta Control Panel (VestaCP) version v1.0.0-5. The issue is a cross-site scripting (XSS) vulnerability in the body function of UploadHandler.php (path: /web/api/v1/upload/UploadHandler.php). Root cause: improper handling of input in the UploadHandler, enabling XSS. Impact: pot...

Wallarm extends AWS API security with the official Terraform module

Wallarm API Security solution is now available in AWS as an official Terraform module, with a full feature set including autoscaling groups, API Gateway connector, mirroring, and agentless out-of-band deployments. To address modern cloud-native threats, API security vendor Wallarm released extend...

Open-Source API Firewall Unveils New Feature: Default Deny Lists for Compromised API Tokens and Cookies

Discovering and securing any API is one of the most difficult challenges for developers. The API security landscape is constantly evolving, with new threats and vulnerabilities emerging at a rapid pace. Since commercial API security solutions can be expensive for some organizations especially...

10 Years Journey into API Security Vulnerabilities with Ivan, the CEO of Wallarm

Ivan Novikov, CEO at Wallarm, is an API security expert, bug hunter, security researcher, and blackhat speaker with 24 years of experience in the cybersecurity field. He spent decades in this industry and witnessed exploits as well as growth. Read ahead to understand Ivan’s API Security journey a...

OWASP Top-10 2022: Forecast Based on Statistics

For tech innovators and security experts, what OWASP Top-10 says or predicts is much attention-worthy as this globally recognized document guide about the hidden and damage-causing security threats. As the year 2022 has begun, the people willing to learn about the latest security trends and...

API Security: Best Practices for a Changing Attack Surface

API usage is skyrocketing. According to the latest State of the API Report, API requests increased by 56% last year to a total of 855 million, and Google says the growth isn’t expected to slow any time soon. APIs – short for application programming interfaces – are a critical component of how...

MAL-2022-3019 Malicious code in ffdc-api-security (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f0ae2f65c912b2a778ebfc3529511c45cd101efb4fe7d57112acd1ecb2804b78 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...