Category - API Security Blog

CVE-2022-26905

Microsoft Edge (Chromium-based) Spoofing Vulnerability.Read More ...

01 июня, 2022

maven:3.5 security update

maven-shared-utils [3.2.1-0.2] - Fix commandline injection vulnerability - Resolves: CVE-2022-29599Read More ...

01 июня, 2022

maven:3.6 security update

maven-shared-utils [3.2.1-0.4] - Build with OpenJDK 8Read More ...

01 июня, 2022

befriendsonline.net Cross Site Scripting vulnerability OBB-2635055

Following the coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147]()** standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. not ...

01 июня, 2022

CVE-2022-1887

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...

01 июня, 2022

CVE-2021-36901

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...

01 июня, 2022

CVE-2022-31000

solidus_backend is the admin interface for the Solidus e-commerce framework. Versions prior to 3.1.6, 3.0.6, and 2.11.16 contain a cross-site request forgery (CSRF) vulnerability. The vulnerability al ...

01 июня, 2022

Weak private key generation in SSH.NET

During an **X25519** key exchange, the clients private is generated with [**System.Random**](https://docs.microsoft.com/en-us/dotnet/api/system.random): ```cs var rnd = new Random(); _privateKey = n ...

01 июня, 2022