API - API Security Blog

CVE-2023-2759

A hidden API exists in TapHome's core platform before version 2023.2 that allows an authenticated, low privileged user to change passwords of other users without any prior knowledge. The attacker may ...

July 17, 2023

CVSS3 - HIGH

CVSS2 - MEDIUM

Exploit for Vulnerability in Microsoft

A local privilege escalation (LPE) vulnerability in Windows was ...Read More ...

July 16, 2023

CVSS3 - HIGH

CVSS2 - MEDIUM

PPLcontrol – Controlling Windows PP(L)s

[![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhCVW_aQlUOUcJ-1hu-Lfmu37YQkP155xR1Ss1FG1cTgwtdJWkqYypXoK-FkNadmmmLxwp83-fyakvI7nOluK-G5gPLUZjUywtcH2NMFA4XKLbzYBZk04C7aZM-aqJfnhkooYR1_p ...

July 16, 2023

WormGPT: New AI Tool Allows Cybercriminals to Launch Sophisticated Cyber Attacks

[![WormGPT](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)]() With generative artificial intelligence (AI) becoming all the rage th ...

July 15, 2023

Microsoft Bug Allowed Hackers to Breach Over Two Dozen Organizations via Forged Azure AD Tokens

[![Microsoft](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)]() Microsoft on Friday said a validation error in its source code allo ...

July 15, 2023

CVE-2023-38350

PNP4Nagios through 81ebfc5 has stored XSS in the AJAX controller via the basket API and filters. This affects 0.6.26.Read More ...

July 15, 2023

CVE-2023-38337

rswag before 2.10.1 allows remote attackers to read arbitrary JSON and YAML files via directory traversal, because rswag-api can expose a file that is not the OpenAPI (or Swagger) specification file o ...

July 15, 2023

CVE-2023-32760

An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via API calls related to data feeds and data publication.Rea ...

July 14, 2023