Category - API Security Blog

Doppler: WAF bypass and java script incomplete handling of Unicode characters might leads to dom-xss

Vulnerability description not...Read More ...

January 28, 2025

IBM: Exposed Logs and Bearer Tokens on Test Endpoint

Exposed Logs and Bearer Tokens on Test Endpoint were reported to IBM, analyzed, and have been...Read More ...

January 28, 2025

wurst-schneestopp.de Cross Site Scripting vulnerability OBB-4015722

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified th ...

January 28, 2025

U.S. Dept Of Defense: Public google drive link Exposes Military Orders Containing PII (Name, SSN etc..) and Operational Details

A public Google Drive link was found to contain PDF files that exposed personally identifiable information (PII) of military personnel, including full names, social security numbers, home addresses, m ...

January 28, 2025

curl: bypass of this Fixed #2437131 [ Inadequate Protocol Restriction Enforcement in curl ]

Vulnerability description not...Read More ...

January 28, 2025

Flickr: Information Disclosure: .dockerignore file is publicly accessible

Vulnerability description not...Read More ...

January 28, 2025

sheinthecle.com Cross Site Scripting vulnerability OBB-4012827

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified th ...

January 28, 2025

Internet Bug Bounty: [CVE-2024-47888] Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text

There is a possible ReDoS vulnerability in the plain_text_for_blockquote_node helper in Action Text. This vulnerability has been assigned the CVE identifier CVE-2024-47888. Carefully crafted text was ...

January 28, 2025