Category - API Security Blog

marathishaadi.com Cross Site Scripting vulnerability OBB-4030702

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified th ...

February 27, 2025

XVIDEOS: API Data Leakage Vulnerability Report – `xvcams.com`

Vulnerability description not...Read More ...

February 27, 2025

mike.it-loops.com Cross Site Scripting vulnerability OBB-4027573

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified th ...

February 27, 2025

valuenews.com Open Redirect vulnerability OBB-4027453

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified th ...

February 27, 2025

AWS VDP: Non-Production API Endpoints for the Datazone Service Fail to Log to CloudTrail Resulting in Silent Permission Enumeration

The vulnerability found in the Datazone service allows an adversary to enumerate permissions of compromised credentials without logging to CloudTrail. Forty-four non-production endpoints were identifi ...

February 27, 2025

Hemi VDP: Linkedin Broken Link Hijacking on https://hemi.xyz/about

The LinkedIn account link for a team member on the https://hemi.xyz/about page pointed to a non-existent LinkedIn...Read More ...

February 27, 2025

Hemi VDP: Broken X (Twitter) link on hemi.xyz/about

Vulnerability description not...Read More ...

February 27, 2025

marathishaadi.com Cross Site Scripting vulnerability OBB-4030702

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified th ...

February 27, 2025