Lucene search
K

22 matches found

EUVD
EUVD
added 2026/04/20 9:30 a.m.5 views

EUVD-2026-23807

A flaw has been found in langgenius dify up to 1.13.3. This issue affects the function parseopenaipluginjsontotoolbundle of the file api/core/tools/utils/parser.py of the component ApiBasedToolSchemaParser. Executing a manipulation of the argument url can lead to server-side request forgery. The...

6.5CVSS5.3AI score0.00206EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/20 7:45 a.m.34 views

CVE-2026-6618 langgenius dify ApiBasedToolSchemaParser parser.py parse_openai_plugin_json_to_tool_bundle server-side request forgery

A flaw has been found in langgenius dify up to 1.13.3. This issue affects the function parseopenaipluginjsontotoolbundle of the file api/core/tools/utils/parser.py of the component ApiBasedToolSchemaParser. Executing a manipulation of the argument url can lead to server-side request forgery. The...

6.5CVSS0.00206EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/11/04 12:15 p.m.27 views

CVE-2024-51558 Brute Force Attack Vulnerability in Wave 2.0

This vulnerability exists in the Wave 2.0 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack against legitimate user OTP, MPIN or password, which could lead to gain...

9.3CVSS0.00547EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/04 12:24 p.m.30 views

CVE-2024-47656 User Enumeration vulnerability

This vulnerability exists in Shilpi Client Dashboard due to missing restrictions for incorrect login attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack on password, which could lead to gain unauthorized access to other user...

9.3CVSS0.00488EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/09/19 6:13 a.m.24 views

CVE-2024-47088 User Enumeration vulnerability

This vulnerability exists in Apex Softcell LD Geo due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack on login OTP, which could lead to gain unauthorized access to...

9.3CVSS0.00564EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/08/28 6:29 a.m.24 views

CVE-2021-22530 Improper account management vulnerability in NetIQ Advance Authentication

A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This issue impacts all NetIQ Advance Authenticati...

8.2CVSS0.00215EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/28 6:29 a.m.14 views

CVE-2021-22530 Improper account management vulnerability in NetIQ Advance Authentication

A vulnerability identified in NetIQ Advance Authentication that doesn't enforce account lockout when brute force attack is performed on API based login. This issue may lead to user account compromise if successful or may impact server performance. This issue impacts all NetIQ Advance Authenticati...

8.2CVSS6.9AI score0.00215EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/07 7:17 a.m.23 views

CVE-2024-42062 Apache CloudStack: User Key Exposure to Domain Admins

CloudStack account-users by default use username and password based authentication for API and UI access. Account-users can generate and register randomised API and secret keys and use them for the purpose of API-based automation and integrations. Due to an access permission validation issue that...

7.8AI score0.00946EPSS
Exploits0References3
Qualys Blog
Qualys Blog
added 2024/05/06 12:45 p.m.73 views

Introducing CyberSecurity Asset Management 3.0 with Expanded Discovery and Cyber Risk Assessment

Qualys is re-defining attack surface management with CyberSecurity Asset Management CSAM 3.0, expanding the most comprehensive attack surface coverage on the market to include patent-pending EASM discovery and scan, passive sensing for unmanaged/untrusted devices built in to the Qualys agent, and...

7.6AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/02/09 7:51 p.m.27 views

Announcing General Availability of Qualys TotalCloud

Qualys TotalCloud is a CNAPP solution based on Qualys Cloud Platform that provides multi-cloud vulnerability detection and misconfiguration response, and today we are pleased to announce that TotalCloud is now generally available. TotalCloud Home Page Unified View of Multi-Cloud Risk Posture...

0.2AI score
Exploits0
ThreatPost
ThreatPost
added 2022/02/01 8:59 p.m.24 views

The Account Takeover Cat-and-Mouse Game

In an analysis of more than 21 billion application transactions analyzed by the Cequence Security Threat Research Team between June and December of last year, API-based account login and registration transactions increased by 92 percent to more than 850 million. Highlighting the fact that attacke...

7.2AI score
Exploits0References6
Hacker One
Hacker One
added 2021/06/27 5:12 p.m.60 views

Elastic: [Swiftype] - Stored XSS via document field `url` triggers on `https://app.swiftype.com/engines/<engine>/document_types/<type>/documents/<id>`

Dear Team, I have found a stored XSS when create a document via API-based engine. The XSS payload stored in url field. To understand about document schema for API-based engine, please go to https://swiftype.com/documentation/site-search/guides/schema-designapi-based After indexed a document with...

6AI score
Exploits0
ThreatPost
ThreatPost
added 2021/03/25 5:11 p.m.43 views

Manufacturing's Cloud Migration Opens Door to Major Cyber-Risk

Web-facing applications continue to be one of the highest security risks present for organizations, with more than 40 percent of them actively leaking data in a way that can have a ripple affect across businesses and their partners, research has found. Moreover, manufacturing is particularly...

7.4AI score
Exploits0References7
Kitploit
Kitploit
added 2019/09/21 9:50 p.m.411 views

ScoutSuite - Multi-Cloud Security Auditing Tool

Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using the APIs exposed by cloud providers, Scout Suite gathers configuration data for manual inspection and highlights risk areas. Rather than going through dozens of...

6.6AI score
Exploits0References7
ThreatPost
ThreatPost
added 2019/07/11 12:0 p.m.134 views

Implementing Bug Bounty Programs: The Right and Wrong Approaches

While bug-bounty programs may seem like a cure-all solution for companies looking discover vulnerabilities in their systems more efficiently, the fact remains that a program could overwhelm a firm’s internal security team and cause other major headaches if implemented the wrong way. “You have to...

7.4AI score
Exploits0References4
CNVD
CNVD
added 2019/06/10 12:0 a.m.2 views

PHP Scripts Mall API Based Travel Booking Cross Site Scripting Vulnerability

PHP Scripts Mall API Based Travel Booking is an online travel booking system script by PHP Scripts Mall India. A cross-site scripting vulnerability exists in PHP Scripts Mall API Based Travel Booking version 3.4.7, which can be exploited by an attacker to execute client-side code...

6.1CVSS6.5AI score0.00876EPSS
Exploits1References1
NVD
NVD
added 2019/06/06 4:29 p.m.20 views

CVE-2019-7554

An issue was discovered in PHP Scripts Mall API Based Travel Booking 3.4.7. There is Reflected XSS via the flight-results.php d2 parameter...

6.1CVSS6.1AI score0.00876EPSS
Exploits1References2
Akamai Blog
Akamai Blog
added 2018/04/13 12:0 p.m.23 views

Part 2: The Dark Side of APIs

Ryan Barnett, Principal Security Researcher, Akamai Elad Shuster, Senior Security Researcher, Akamai During its research into Credential Abuse attack campaigns, Akamai's threat research team conducted an analysis of web logins to gain insights into how widespread the adoption of API-based logins ...

Exploits0
Kitploit
Kitploit
added 2017/08/26 10:26 p.m.67 views

AVPASS - Tool For Leaking And Bypassing Android Malware Detection System

AVPASS is a tool for leaking the detection model of Android malware detection systems i.e., antivirus software, and bypassing their detection logics by using the leaked information coupled with APK obfuscation techniques. AVPASS is not limited to detection features used by detection systems, and...

7AI score
Exploits0References2
Kitploit
Kitploit
added 2016/01/15 9:30 p.m.432 views

SimplyEmail - Email Recon Made Fast And Easy, With A Framework To Build On

What is the simple email recon tool? This tool was based off the work of theHarvester and kind of a port of the functionality. This was just an expansion of what was used to build theHarvester and will incorporate his work but allow users to easily build Modules for the Framework. Which I felt wa...

9.8AI score
Exploits0References1
Rows per page
Query Builder