Category - API Security Blog

WordPress: Unauthenticated WordPress Database Repair DoS

Vulnerability description not...Read More ...

January 28, 2025

IBM: POST based Cross-Site Scripting on IBM research endpoint

The POST-based Cross-Site Scripting vulnerability on the IBM research endpoint was reported, analyzed, and remediated. The vulnerability was discovered by an external...Read More ...

January 28, 2025

curl: bypass of this Fixed #2437131 [ Inadequate Protocol Restriction Enforcement in curl ]

Vulnerability description not...Read More ...

January 28, 2025

sheinthecle.com Cross Site Scripting vulnerability OBB-4012827

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified th ...

January 28, 2025

Yelp: Object Level access control leads to reading user’s full requests, sessions, and error messages

The vulnerability allowed unauthenticated attackers to read the internal admin's full sessions, HTTP requests data, and other internal information through the error logging endpoint. The vulnerab ...

January 28, 2025

curl: When curl uses Schannel as TLS backend, it fails to enforce TLS 1.3 cipher suite selections correctly

Vulnerability description not...Read More ...

January 28, 2025

Flickr: Information Disclosure: .dockerignore file is publicly accessible

Vulnerability description not...Read More ...

January 28, 2025

Cosmos: Heap-Buffer-Overread in contains_whitespace when calling parser_validate after supplying a maliciously crafted buffer to parser_parse

A heap-buffer-overread vulnerability was discovered in the contains_whitespace function when calling parser_validate after supplying a maliciously crafted buffer to parser_parse. The vulnerability was ...

January 28, 2025