Learn about the security capabilities of GraphQL and gRPC, how they perform authentication/authorization, and how they compare to REST. In addition, discover common attack vectors for both API framewo ...
Continue Reading23 июня, 2023
The ramifications of a Reddit breach which occurred [back in February]() are now being felt, with [the attackers threatening to leak the stolen data](). The February attack, billed as a "sophisticated ...
Continue Reading23 июня, 2023
Attackers with access to the "documentconverterws" API were able to inject serialized Java objects, that were not properly checked during deserialization. Access to this API endpoint is restricted to ...
Continue Reading23 июня, 2023
So, youâve finished your research. You developed a machine learning (ML) model, tested, and validated it and youâre now ready to start development, and then push the model to production. The ...
Continue Reading23 июня, 2023
A vulnerability exists that allows a malicious validator to trick the Vega network into re-processing past Ethereum events from Vegaâs Ethereum bridge. For example, a deposit to the collateral br ...
Continue Reading23 июня, 2023
### Impact Tags from pages not viewable to the current user are leaked by the tags API. This information can also be exploited to infer the document reference of non-viewable pages. ### Patches This v ...
Continue Reading23 июня, 2023
### Impact Tags from pages not viewable to the current user are leaked by the tags API. This information can also be exploited to infer the document reference of non-viewable pages. ### Patches This v ...
Continue Reading23 июня, 2023
### Impact Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). For instance, the following URL execute an `alter` on the browser: `/xwiki/bin/view/Main/?view ...
Continue Reading23 июня, 2023
Back to Main