API - API Security Blog

Exploit for CVE-2023-35078

# CVE-2023-35078 ## shodan dorks You can use the following sho...Read More ...

July 30, 2023

2023 OWASP Top-10 Series: API1:2023 Broken Object Level Authorization

Welcome to the 2nd post in our weekly series on the new [2023 OWASP API Security Top-10]() list, with a particular focus on security practitioners. This post will focus on [API1:2023 Broken Object Lev ...

July 29, 2023

Exploit for CVE-2023-35078

# CVE-2023-35078 Exploit POC CVE-2023-35078 Remote Unauthenticat...Read More ...

July 29, 2023

Apple Sets New Rules for Developers to Prevent Fingerprinting and Data Misuse

[![Apple App Development](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)]() Apple has announced plans to require developers to subm ...

July 29, 2023

c security update

**CentOS Errata and Security Advisory** CESA-2023:3741 The c-ares C library defines asynchronous DNS (Domain Name System) requests and provides name resolving API. Security Fix(es): * c-ares: 0-byte U ...

July 29, 2023

CVSS3 - HIGH

CVSS2 - MEDIUM

Ivanti Warns of Another Endpoint Manager Mobile Vulnerability Under Active Attack

[![Endpoint Manager Mobile Vulnerability](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)]() Ivanti has disclosed yet another securi ...

July 29, 2023

Closing vulnerabilities in Decidim, a Ruby-based citizen participation platform

This blog post describes two security vulnerabilities in Decidim, a digital platform for citizen participation. Both vulnerabilities were addressed by the Decidim team with corresponding update releas ...

July 29, 2023

CVSS3 - HIGH

CVSS2 - MEDIUM

Denial of service from unlimited password lengths

### TL;DR This vulnerability affects all Kirby sites with user accounts (unless Kirby's API and Panel are disabled in the config). The real-world impact of this vulnerability is limited, however we st ...

July 28, 2023