API - API Security Blog

CVE-2024-46549

An issue in the TP-Link MQTT Broker and API gateway of TP-Link Kasa KP125M v1.0.3 allows attackers to establish connections by impersonating devices owned by other...Read More ...

September 30, 2024

CVE-2024-47064 Computer Vision Annotation Tool (CVAT) contains a reflected XSS via request endpoints

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. If an attacker can trick a logged-in CVAT user into visiting a maliciously-constructed URL ...

September 30, 2024

CVE-2024-47064 Computer Vision Annotation Tool (CVAT) contains a reflected XSS via request endpoints

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. If an attacker can trick a logged-in CVAT user into visiting a maliciously-constructed URL ...

September 30, 2024

CVE-2024-47530 Scout contains an Open Redirect on Login via `next`

Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open ...

September 30, 2024

CVE-2024-47530 Scout contains an Open Redirect on Login via `next`

Scout is a web-based visualizer for VCF-files. Open redirect vulnerability allows performing phishing attacks on users by redirecting them to malicious page. /login API endpoint is vulnerable to open ...

September 30, 2024

VegaBird Yaazhini 2.0.2 DLL Hijacking

September 30, 2024

VegaBird Vooki 5.2.9 DLL Hijacking

September 30, 2024

CVE-2024-47063 Computer Vision Annotation Tool (CVAT) contains a stored XSS via the quality report data endpoint

Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. If a malicious CVAT user with permissions to either create a task, or edit an existing tas ...

September 30, 2024