Category - API Security Blog

Yelp: Unauthorized Reservation Cancellation Through IDOR Vulnerability

Vulnerability description not...Read More ...

January 31, 2025

curl: Exploitable Format String Vulnerability in curl_mfprintf Function

Vulnerability description not...Read More ...

January 31, 2025

Automattic: Open redirect via redirect_to parameter in tumblr.com

The Tumblr website was affected by an open redirect vulnerability that allowed an attacker to redirect users to a specified URL through the "redirect_to" parameter. This vulnerabilit ...

January 31, 2025

Doppler: WAF bypass and java script incomplete handling of Unicode characters might leads to dom-xss

Vulnerability description not...Read More ...

January 31, 2025

Node.js: Usage of unsafe random function in undici for choosing boundary

The vulnerability in the Undici library involves the use of an unsafe random function to choose the boundary for a multipart/form-data request. The use of Math.random() to generate this boundary can b ...

January 31, 2025

U.S. Dept Of Defense: Public google drive link Exposes Military Orders Containing PII (Name, SSN etc..) and Operational Details

A public Google Drive link was found to contain PDF files that exposed personally identifiable information (PII) of military personnel, including full names, social security numbers, home addresses, m ...

January 31, 2025

config-door.eu Cross Site Scripting vulnerability OBB-4019116

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified th ...

January 31, 2025

Yelp: Object Level access control leads to reading user’s full requests, sessions, and error messages

The summary is as follows: A vulnerability was discovered in the Yelp internal administration tool called "Tailored Mail" hosted on the subdomain https://proze.yelp.com/. The vulnera ...

January 31, 2025