Category - API Security Blog

Automattic: Open redirect via redirect_to parameter in tumblr.com

The Tumblr website was affected by an open redirect vulnerability that allowed an attacker to redirect users to a specified URL through the "redirect_to" parameter. This vulnerabilit ...

January 31, 2025

Doppler: WAF bypass and java script incomplete handling of Unicode characters might leads to dom-xss

Vulnerability description not...Read More ...

January 31, 2025

curl: Exploitable Format String Vulnerability in curl_mfprintf Function

Vulnerability description not...Read More ...

January 31, 2025

Internet Bug Bounty: Apache Airflow: Sensitive Information Exposure in DAG Run Logs

The Apache Airflow platform was vulnerable to sensitive information exposure in DAG run logs. Passwords, secrets, and the Fernet key were logged in plain text, which could have resulted in the disclos ...

January 31, 2025

U.S. Dept Of Defense: XSS vulnerability found in javascript code of https://███.mil

The XSS vulnerability was found in the JavaScript code of the website https://███.mil. The parameter "code" was not sufficiently sanitized, allowing the injection of malicious ...

January 31, 2025

clm.es Open Redirect vulnerability OBB-4019013

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified th ...

January 31, 2025

U.S. Dept Of Defense: Public google drive link Exposes Military Orders Containing PII (Name, SSN etc..) and Operational Details

A public Google Drive link was found to contain PDF files that exposed personally identifiable information (PII) of military personnel, including full names, social security numbers, home addresses, m ...

January 31, 2025

curl: Hackers Attack Curl Vulnerability Accessing Sensitive Information

Vulnerability description not...Read More ...

January 31, 2025