Category - API Security Blog

Internet Bug Bounty: netrc and redirect credential leak

The netrc file in curl could lead to the unintentional leakage of a password to a different host when following HTTP redirects, if the netrc file had an entry matching the redirect target hostname but ...

January 28, 2025

Flickr: Information Disclosure: .dockerignore file is publicly accessible

Vulnerability description not...Read More ...

January 28, 2025

AWS VDP: Information Disclosure Due To exposed .env file (Directory Listing) at ████████

Vulnerability description not...Read More ...

January 28, 2025

U.S. Dept Of Defense: Unauthorized Access Exposing Sensitive Data

The identified page allowed unauthorized access to a user's profile management functionality without requiring authentication. Sensitive user details, such as name, email address, and EDIPI, were ...

January 28, 2025

U.S. Dept Of Defense: Public google drive link Exposes Military Orders Containing PII (Name, SSN etc..) and Operational Details

A public Google Drive link was found to contain PDF files that exposed personally identifiable information (PII) of military personnel, including full names, social security numbers, home addresses, m ...

January 28, 2025

espaimacia.cat Cross Site Scripting vulnerability OBB-4015297

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified th ...

January 28, 2025

curl: bypass of this Fixed #2437131 [ Inadequate Protocol Restriction Enforcement in curl ]

Vulnerability description not...Read More ...

January 28, 2025

U.S. Dept Of Defense: XSS vulnerability found in javascript code of https://███.mil

The XSS vulnerability was found in the JavaScript code of the website https://███.mil. The parameter "code" was not sufficiently sanitized, allowing the injection of malicious ...

January 28, 2025