Category - API Security Blog

IBM: Exposed Logs and Bearer Tokens on Test Endpoint

Exposed Logs and Bearer Tokens on Test Endpoint were reported to IBM, analyzed, and have been...Read More ...

January 27, 2025

Internet Bug Bounty: CVE-2024-49761: ReDoS vulnerability in REXML

CVE-2024-49761 was a ReDoS vulnerability in the REXML gem. The vulnerability was caused by the parsing of XML input with many digits between "&#" and "x...;&quot ...

January 27, 2025

AWS VDP: A potential risk in the aws-lambda-ecs-run-task which can be used to privilege escalation.

The aws-lambda-ecs-run-task application created a function with a role that had excessive permissions, including the AdministratorAccess policy. This allowed for potential privilege escalation by an.. ...

January 27, 2025

TikTok: Unauthorized Access to TikTok Account [Private Videos] via API Endpoint

The vulnerability on a TikTok endpoint that allowed unauthorized viewing of videos from private accounts was discovered and reported by @datph4m. The issue was subsequently...Read More ...

January 27, 2025

double.meanperiod.shop Cross Site Scripting vulnerability OBB-4012828

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified th ...

January 27, 2025

WordPress: Unauthenticated WordPress Database Repair DoS

Vulnerability description not...Read More ...

January 27, 2025

Mars: Insecure API Response Leads to Disclosure of Hashed Passwords

A security vulnerability was identified in the API of ████████. The endpoint ████████ was found to return sensitive user information, including hashed passwords, in its ...

January 27, 2025

Nextcloud: Blind SSRF Vulnerability in Appstore Release Upload Form

Vulnerability description not...Read More ...

January 27, 2025