API - API Security Blog

Exploit for Vulnerability in Metabase

# CVE-2023-38646 - Metabase Pre-auth RCE Metabase open source b...Read More ...

August 02, 2023

CVSS3 - CRITICAL

CVSS2 - HIGH

Protect Every API Anywhere with API Security

Post ContentRead More ...

August 02, 2023

Beware of BOLA (IDOR) Vulnerabilities in Web Apps and APIs

## Introduction In a recent advisory, the Cybersecurity and Infrastructure Security Agency (CISA) [warned]() vendors, designers, developers, and end-user organizations of web applications about the da ...

August 02, 2023

CVE-2023-23476

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will b ...

August 02, 2023

CVE-2023-35082 – MobileIron Core Unauthenticated API Access Vulnerability

## Overview ![CVE-2023-35082 - MobileIron Core Unauthenticated API Access Vulnerability](https://blog.rapid7.com/content/images/2023/08/GettyImages-1185282377-2-2-1.jpg) While investigating [CVE-2023- ...

August 02, 2023

(RHSA-2023:4437) Moderate: Red Hat OpenShift Data Foundation 4.13.1 security and bug fix update

Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation. Red Hat OpenShift Data Foundation is a highly scalable, productio ...

August 02, 2023

CVSS3 - HIGH

CVSS2 - MEDIUM

CVE-2023-26448

Custom log-in and log-out locations are used-defined as jslob but were not checked to contain malicious protocol handlers. Malicious script code can be executed within the victims context. This can le ...

August 02, 2023

CVE-2023-26450

The "OX Count" web service did not specify a media-type when processing responses by external resources. Malicious script code can be executed within the victims context. This can lead to session hija ...

August 02, 2023