Category - API Security Blog

Nextcloud: Blind SSRF Vulnerability in Appstore Release Upload Form

Vulnerability description not...Read More ...

January 28, 2025

Doppler: WAF bypass and java script incomplete handling of Unicode characters might leads to dom-xss

Vulnerability description not...Read More ...

January 28, 2025

wurst-schneestopp.de Cross Site Scripting vulnerability OBB-4015722

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified th ...

January 28, 2025

Yelp: Object Level access control leads to reading user’s full requests, sessions, and error messages

The vulnerability allowed unauthenticated attackers to read the internal admin's full sessions, HTTP requests data, and other internal information through the error logging endpoint. The vulnerab ...

January 28, 2025

Flickr: Information Disclosure: .dockerignore file is publicly accessible

Vulnerability description not...Read More ...

January 28, 2025

WordPress: Unauthenticated WordPress Database Repair DoS

Vulnerability description not...Read More ...

January 28, 2025

Cosmos: Heap-Buffer-Overread in contains_whitespace when calling parser_validate after supplying a maliciously crafted buffer to parser_parse

A heap-buffer-overread vulnerability was discovered in the contains_whitespace function when calling parser_validate after supplying a maliciously crafted buffer to parser_parse. The vulnerability was ...

January 28, 2025

Internet Bug Bounty: CVE-2024-41990: Potential denial-of-service in django.utils.html.urlize()

CVE-2024-41990: Potential denial-of-service in django.utils.html.urlize() A vulnerability was reported in the Django web framework's urlize() function, which could lead to a denial-of-service att ...

January 28, 2025