CVE-2026-42539 IRIS has an Excessive Data Exposure issue

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required for the client’s operation. Version 2.4.28 contains a patch...

CVE-2026-42539

CVE-2026-42539 affects the IRIS web collaborative platform. Versions prior to 2.4.28 expose sensitive data to users that is not required for operation. The root cause is an excessive data exposure in these older builds. Version 2.4.28 includes a patch to fix this. CVSS 3.1 metrics indicate a Medi...

CVE-2026-42539 IRIS has an Excessive Data Exposure issue

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required for the client’s operation. Version 2.4.28 contains a patch...

AndroScanner: Automated Backend Vulnerability Detection for Android Applications

Mobile applications rely on complex backends that introduce significant security risks, yet developers often lack the tools to assess these risks effectively. This paper presents AndroScanner, an automated pipeline for detecting vulnerabilities in Android application backends through combined...

CVE-2024-49827

IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to excessive data exposure, allowing attackers to access sensitive information without proper filtering...

CVE-2024-49827

IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to excessive data exposure, allowing attackers to access sensitive information without proper filtering...

CVE-2024-49827

CVE-2024-49827 affects IBM Concert Software version 1.0.0 through 1.1.0. The vulnerability is an excessive data exposure vulnerability that allows attackers to access sensitive information due to insufficient filtering. Public sources in the provided documents consistently describe the impact as ...

CVE-2024-49827 IBM Concert Software information disclosure

IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to excessive data exposure, allowing attackers to access sensitive information without proper filtering...

CVE-2024-49827 IBM Concert Software information disclosure

IBM Concert Software 1.0.0 through 1.1.0 is vulnerable to excessive data exposure, allowing attackers to access sensitive information without proper filtering...

CVE-2024-42325 Excessive information returned by user.get

Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc...

Imperva Unveils Latest API Security Enhancements

Imperva is continuing to evolve its API Security offering to help customers better protect their APIs, wherever they are, and to meet changing market requirements. Since launching API Security in March 2022, we continued investing in our API Security offering with the goal of simplifying the...

CVE-2022-34775

Tabit - Excessive data exposure. Another endpoint mapped by the tiny url, was one for reservation cancellation, containing the MongoDB ID of the reservation, and organization. This can be used to query the http://tgm-api.tabit.cloud/rsv/management/reservationId?organization=orgId API which return...

Authentication flaw

Tabit - Excessive data exposure. Another endpoint mapped by the tiny url, was one for reservation cancellation, containing the MongoDB ID of the reservation, and organization. This can be used to query the http://tgm-api.tabit.cloud/rsv/management/reservationId?organization=orgId API which return...

CVE-2022-34775

Tabit vulnerability (CVE-2022-34775) involves excessive data exposure via an API endpoint used for reservation cancellation. The endpoint query http://tgm-api.tabit.cloud/rsv/management/{reservationId}?organization={orgId} can return sensitive reservation data (name, email, phone, visit history, ...

CVE-2022-34775 Tabit - Excessive data exposure

Tabit - Excessive data exposure. Another endpoint mapped by the tiny url, was one for reservation cancellation, containing the MongoDB ID of the reservation, and organization. This can be used to query the http://tgm-api.tabit.cloud/rsv/management/reservationId?organization=orgId API which return...

VAmPI - Vulnerable REST API With OWASP Top 10 Vulnerabilities For Security Testing

The Vulnerable API Based on OpenAPI 3 VAmPI is a vulnerable API made with Flask and it includes vulnerabilities from the OWASP top 10 vulnerabilities for APIs. It was created as I wanted a vulnerable API to evaluate the efficiency of tools used to detect security issues in APIs. It includes a...