735 matches found
The API Security Challenge in AI: Preventing Resource Exhaustion and Unauthorized Access
Agentic AI is transforming business. Organizations are increasingly integrating AI agents into core business systems and processes, using them as intermediaries between users and these internal systems. As a result, these organizations are improving efficiency, automating routine tasks, and drivi...
Unauthorized API Access
Directus is vulnerable to unauthorized API access by suspended users. The vulnerability is due to missing session validation due to the absence of a check in verifySessionJWT to confirm if a user is still active and authorized...
CVE-2025-30369
Zulip is an open-source team collaboration tool. The API for deleting an organization custom profile field is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefore, an administrator of any...
AI Agents and API Security: The Hidden Risks Lurking in Your Business Logic
Modern organizations are becoming increasingly reliant on agentic AI, and for good reason: AI agents can dramatically improve efficiency and automate mission-critical functions like customer support, sales, operations, and even security. However, this deep integration into business processes...
PT-2025-12117 · Unknown · Transformeroptimus/Superagi
Name of the Vulnerable Software and Affected Versions: transformeroptimus/superagi version v0.0.14 Description: An IDOR Insecure Direct Object Reference vulnerability exists, allowing attackers to view, edit, and delete other users' information without proper authorization. The application fails ...
Overcoming Security Challenges in Real-Time APIs
Speed is everything in the modern business world. Our attention spans are shorter than ever, consumers demand short and seamless interactions, and the slightest delay in service delivery can see organizations fall far behind their competitors. This is why real-time APIs are so important; they...
Introducing Akamai Managed Service for API Security
...
CVE-2025-24897 Misskey CSRF vulnerability due to insecure configuration of authentication cookie attributes
Misskey is an open source, federated social media platform. Starting in version 12.109.0 and prior to version 2025.2.0-alpha.0, due to a lack of CSRF protection and the lack of proper security attributes in the authentication cookies of Bull's dashboard, some of the APIs of bull-board may be...
CVE-2024-13416
CVE-2024-13416 affects the 2N OS platform. The issue arises when an authorized user uses the API to enable logging, which can disclose valid authentication tokens in the system log due to unfiltered token exposure. Impact is rated medium (CVSS 3.1: 4.3) with network access and low attack complexi...
CVE-2025-22963
Teedy through 1.11 allows CSRF for account takeover via POST /api/user/admin...
BIT-SUPERSET-2024-28148 Apache Superset: Incorrect datasource authorization on explore REST API
An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.This issue affects Apache Superset: before 3.1.2. Users are recommended to upgrade to version 3.1.2 or above, which fixes the issue...
Qualys TotalAppSec Delivers AI-powered Unified Application Risk Management for Modern Web Apps and APIs
" If you can’t measure it, you can’t manage it." - This adage rings truer than ever in the world of cybersecurity. Today, the modern attack surface has exploded, fueled by APIs that now drive 83% of all web traffic, powering critical integrations, microservices, and digital experiences. Security...
API Security Is At the Center of OpenAI vs. DeepSeek Allegations
With a high-stakes battle between OpenAI and its alleged Chinese rival, DeepSeek, API security was catapulted to priority number one in the AI community today. According to multiple reports, OpenAI and Microsoft have been investigating whether DeepSeek improperly used OpenAI’s API to train its ow...
CVE-2024-55925
In Xerox Workplace Suite, an API restricted to specific hosts can be bypassed by manipulating the Host header. If the server improperly validates or trusts the Host header without verifying the actual destination, an attacker can forge a value to gain unauthorized access. This exploit targets...
CVE-2024-55925 API Security bypass through header manipulation
In Xerox Workplace Suite, an API restricted to specific hosts can be bypassed by manipulating the Host header. If the server improperly validates or trusts the Host header without verifying the actual destination, an attacker can forge a value to gain unauthorized access. This exploit targets...
CVE-2024-55925
CVE-2024-55925 affects Xerox Workplace Suite. The issue is an API access bypass via manipulating the Host header, exploiting improper host validation that can allow forging a value to access restricted API endpoints. Documents confirm the vulnerability impacts Xerox Workplace Suite versions prior...
CVE-2024-55925 API Security bypass through header manipulation
In Xerox Workplace Suite, an API restricted to specific hosts can be bypassed by manipulating the Host header. If the server improperly validates or trusts the Host header without verifying the actual destination, an attacker can forge a value to gain unauthorized access. This exploit targets...
API Security’s Role in Responsible AI Deployment
By now, you will almost certainly be aware of the transformative impact artificial intelligence AI technologies are having on the world. What you may not be aware of, however, is the role Application Programming Interfaces APIs are playing in the AI revolution. The bottom line is that APIs are...
CVE-2024-34579
The evidence in Connected documents identifies Fuji Electric Alpha5 Smart (Alpha5 SMART) as affected by a stack-based buffer overflow in C5V file parsing. The root cause is failure to validate the length of user-supplied data prior to copying it to a stack-based buffer, enabling potential arbitra...
Akamai API Security Release 3.41
...