Category - API Security Blog

TikTok: Unauthorized Access to TikTok Account [Private Videos] via API Endpoint

The vulnerability on a TikTok endpoint that allowed unauthorized viewing of videos from private accounts was discovered and reported by @datph4m. The issue was subsequently...Read More ...

January 27, 2025

AWS VDP: Information Disclosure Due To exposed .env file (Directory Listing) at ████████

Vulnerability description not...Read More ...

January 27, 2025

Cosmos: Heap-Buffer-Overread in contains_whitespace when calling parser_validate after supplying a maliciously crafted buffer to parser_parse

A heap-buffer-overread vulnerability was discovered in the contains_whitespace function when calling parser_validate after supplying a maliciously crafted buffer to parser_parse. The vulnerability was ...

January 27, 2025

U.S. Dept Of Defense: Public google drive link Exposes Military Orders Containing PII (Name, SSN etc..) and Operational Details

A public Google Drive link was found to contain PDF files that exposed personally identifiable information (PII) of military personnel, including full names, social security numbers, home addresses, m ...

January 27, 2025

Doppler: WAF bypass and java script incomplete handling of Unicode characters might leads to dom-xss

Vulnerability description not...Read More ...

January 27, 2025

Mars: Insecure API Response Leads to Disclosure of Hashed Passwords

A security vulnerability was identified in the API of ████████. The endpoint ████████ was found to return sensitive user information, including hashed passwords, in its ...

January 27, 2025

AWS VDP: CVE-2020-5902

Vulnerability description not...Read More ...

January 27, 2025

XVIDEOS: Stored XSS via SMTP Error Message

A Stored Cross-Site Scripting (XSS) vulnerability was identified on the /account/email page for www.xvideos.com. The vulnerability arose from the improper handling of SMTP error messages, which were p ...

January 27, 2025