CVE-2024-34714 Hoppscotch Extension responds to calls made by origins not in the domain list

The Hoppscotch Browser Extension is a browser extension for Hoppscotch, a community-driven end-to-end open-source API development ecosystem. Due to an oversight during a change made to the extension in the commit d4e8e4830326f46ba17acd1307977ecd32a85b58, a critical check for the origin list was...

GHSA-XCP4-62VJ-CQ3R @valtimo/components exposes access token to form.io

Impact When opening a form in Valtimo, the access token JWT of the user is exposed to api.form.io via the the x-jwt-token header. An attacker can retrieve personal information from this token, or use it to execute requests to the Valtimo REST API on behalf of the logged-in user. This issue is...

Best API Security Product: Wallarm wins 2024 Cybersecurity Excellence Award

We are thrilled to announce that Wallarm has clinched the sought-after 2024 Cybersecurity Excellence Award, under the category Best API Security Product. Our unwavering commitment to pioneering solutions that safeguard digital ecosystems, and fortify API security amidst the evolving cyber threat...

Healthcare Needs To Be Laser-Focused on API Security and Its Blind Spots

API-powered tools can enhance patient access to healthcare services, but these tools also introduce risk. Learn how to protect your organization...

Think Beyond the Perimeter: Secure Your APIs with East-West Visibility

...

Empowering Small Businesses in the Digital Age: A Must-Read Guide to Web Application & API Security

Small and medium-sized businesses have increasingly become reliant on web applications - whether they are developed or procured, to drive their operations, engage customers, and scale their businesses. The increasing reliance on online operations is underscored by 84% of businesses using digital...

Data Matters — The Value of Visibility in API Security

...

PT-2024-3134 · Tenda · Tenda Ac8

Name of the Vulnerable Software and Affected Versions: Tenda AC8 version 16.03.34.09 Description: The issue is related to a stack-based buffer overflow in the formSetRebootTimer function of the /goform/SetRebootTimer API endpoint. This can be exploited by manipulating the rebootTime argument,...

api.dareastream.com Cross Site Scripting vulnerability OBB-3917940

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

How to track and stop CVE-2024-3400: Palo Alto Networks API Exploit Causing Critical Infrastructure and Enterprise Epidemics

On Friday April 12, Palo Alto disclosed that some versions of PAN-OS are not only vulnerable to remote code execution, but that the vulnerability has been actively exploited to install backdoors on Palo Alto firewalls. A patch is expected to be available on April 14th. The advisory from Palo Alto...

API Cyberattacks: A Growing Threat for Organizations in Latin America

Learn about the growing threat of API cyberattacks and their effect on industries across Latin America...

CVE-2024-3283

A vulnerability in mintplex-labs/anything-llm allows users with manager roles to escalate their privileges to admin roles through a mass assignment issue. The '/admin/system-preferences' API endpoint improperly authorizes manager-level users to modify the 'multiusermode' system variable, enabling...

Why Payers Are Pivotal to API Security Across the Healthcare Ecosystem

...

Why Payers Are Pivotal to API Security Across the Healthcare Ecosystem

...

api.fossystem.com Improper Access Control vulnerability OBB-3907519

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

GHSA-CJ3C-5XPM-CX94 Kimai API returns timesheet entries a user should not be authorized to view

Summary The permission viewothertimesheet performs differently for the Kimai UI and the API, thus returning unexpected data through the API. Details When setting the viewothertimesheet permission to true, on the frontend, users can only see timesheet entries for teams they are a part of. When...

Spoutible Enhances Platform Security through Partnership with Wallarm

Spoutible, the rapidly growing social media platform known for its commitment to fostering a safe, inclusive, and respectful online community, has taken a significant step forward in its mission to ensure user safety, security and data integrity. Recognizing the critical importance of robust API...

APIs Drive the Majority of Internet Traffic and Cybercriminals are Taking Advantage

Application programming interfaces APIs are the connective tissue behind digital modernization, helping applications and databases exchange data more effectively. The State of API Security in 2024 Report from Imperva, a Thales company, found that the majority of internet traffic 71% in 2023 was A...

Understanding the OWASP API Security Top 10: Why BOLA is the Number One Risk for APIs

Understanding and addressing vulnerabilities is critical in cybersecurity, where APIs serve as the backbone for seamless data exchange. The OWASP API Security Top 10, revised in 2023, provides a comprehensive guide to the critical issues that organizations must tackle to ensure the robust securit...

Discover the 3 Trends Driving API Security Compliance

...