Category - API Security Blog

U.S. Dept Of Defense: Unauthorized Access Exposing Sensitive Data

The identified page allowed unauthorized access to a user's profile management functionality without requiring authentication. Sensitive user details, such as name, email address, and EDIPI, were ...

January 28, 2025

Internet Bug Bounty: Secrets not masked in UI when sensitive variables are set via Airflow cli

A vulnerability was discovered in Apache Airflow where sensitive variables set using the Airflow CLI were not properly masked in the UI, specifically in the Audit logs page. This issue was addressed i ...

January 28, 2025

WordPress: Unauthenticated WordPress Database Repair DoS

Vulnerability description not...Read More ...

January 28, 2025

double.meanperiod.shop Cross Site Scripting vulnerability OBB-4012828

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified th ...

January 28, 2025

TikTok: Unauthorized Access to TikTok Account [Private Videos] via API Endpoint

The vulnerability on a TikTok endpoint that allowed unauthorized viewing of videos from private accounts was discovered and reported by @datph4m. The issue was subsequently...Read More ...

January 28, 2025

curl: bypass of this Fixed #2437131 [ Inadequate Protocol Restriction Enforcement in curl ]

Vulnerability description not...Read More ...

January 28, 2025

XVIDEOS: Lack of Rate Limiting on Account Creation Endpoint

The account creation process of www.xvideos.red was found to lack proper rate limiting mechanisms on the /account/signinform/premium_tour_login endpoint. This security flaw allowed for automated creat ...

January 28, 2025

Nextcloud: Blind SSRF Vulnerability in Appstore Release Upload Form

Vulnerability description not...Read More ...

January 28, 2025