735 matches found
api3.leadgid.ru Cross Site Scripting vulnerability OBB-3869625
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Top 4 Essential Strategies for Securing APIs To Block Compromised Tokens
Government bodies are clamping down heavily on institutions and organizations that handle sensitive customer data. For APIs, tokens are used to authenticate users. We live in an era dominated by cloud-native and cloud-first solutions that rely on these services to provide dynamic data storage...
CVE-2024-27287
ESPHome’s CVE-2024-27287 affects the dashboard’s edit API in ESPHome 2023.12.9 up to 2024.2.1 (prior to 2024.2.2). A remote, authenticated user can inject arbitrary JavaScript via the /edit endpoint by posting to /edit?configuration=[file], storing unsanitized data in a page served with Content-T...
BIT-TENSORFLOW-2021-37638 Null pointer dereference in `RaggedTensorToTensor` in TensorFlow
TensorFlow is an end-to-end open source platform for machine learning. Sending invalid argument for rowpartitiontypes of tf.rawops.RaggedTensorToTensor API results in a null pointer dereference and undefined behavior. The implementation accesses the first element of a user supplied list of values...
Why it Pays to Have a Comprehensive API Security Strategy
In an era dominated by digital connectivity and rapid technological advancements, Application Programming Interfaces APIs play a pivotal role in facilitating seamless communication and data exchange between diverse software applications. As API usage continues to grow, so does the need for robust...
api4d.unoallavolta.com Cross Site Scripting vulnerability OBB-3862094
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Improving Security with Wallarm’s NIST CSF 2.0 Dashboard
Ensuring the security of web applications and APIs is more critical than ever. With threats becoming increasingly prevalent and sophisticated, organizations need to employ comprehensive security measures to protect their digital assets. The NIST Cybersecurity Framework CSF 2.0 stands at the...
Latest Research Reveals Rise in API Attacks in 2023, Putting Businesses at Risk in 2024
The State of API Security in 2024 Report highlights how APIs and their increased usage are significantly changing the threat landscape. In 2023, the number of API-targeted attacks rose significantly. Attacks targeting the business logic of APIs constituted 27% of attacks in 2023, a growth of 10%...
api.multibux.org Cross Site Scripting vulnerability OBB-3856508
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Pixelfed doesn't check OAuth Scopes in API routes, giving elevated permissions
Summary When processing requests authorization was improperly and insufficiently checked, allowing attackers to access far more functionality than users intended, including to the administrative and moderator functionality of the Pixelfed server. This vulnerability affects every version of Pixelf...
Data Matters — Is Your API Security Data Rich or Data Poor?
Taking a data-rich approach to security is the most effective way to stay a step ahead of today’s quickly evolving API threats...
Introducing the Wallarm 2024 API ThreatStatsTM Report
The Wallarm Security Research team is pleased to share the latest version of our API ThreatStats report. This report serves as a key resource for API, Application security practitioners. It emphasizes the need for a proactive stance in API security, advocating for continuous monitoring, regular...
Route-Detect - Find Authentication (Authn) And Authorization (Authz) Security Bugs In Web Application Routes
Find authentication authn and authorization authz security bugs in web application routes: Web application HTTP route authn and authz bugs are some of the most common security issues found today. These industry standard resources highlight the severity of the issue: 2021 OWASP Top 10 1 - Broken...
API Security: Best Practices for API Activity Data Acquisition
...
What Is API Detection and Response?
...
GHSA-R64R-5H43-26QV Any authenticated user may obtain private message details from other users on the same instance
Summary Users can report private messages, even when they're neither sender nor recipient of the message. The API response to creating a private message report contains the private message itself, which means any user can just iterate over message ids to loudly obtain all private messages of an...
Any authenticated user may obtain private message details from other users on the same instance
Summary Users can report private messages, even when they're neither sender nor recipient of the message. The API response to creating a private message report contains the private message itself, which means any user can just iterate over message ids to loudly obtain all private messages of an...
Qualys WAS Unveils New Features in an Upgraded User Interface
Qualys Web Application Scanning WAS has been at the forefront of web application and API security innovation, and today, were excited to announce a significant leap - the launch of our New User Interface UI. From improved performance and reliability to cutting-edge technology adoption and enhance...
GHSA-HCVP-2CC7-JRWR changedetection.io API endpoint is not secured with API token
Summary API endpoint /api/v1/watch//history can be accessed by any unauthorized user. Details WatchHistory resource does not have @auth.checktoken annotation, which means it can be accessed without providing x-api-key header...
changedetection.io API endpoint is not secured with API token
Summary API endpoint /api/v1/watch//history can be accessed by any unauthorized user. Details WatchHistory resource does not have @auth.checktoken annotation, which means it can be accessed without providing x-api-key header...