A remote unprivileged attacker can modify and access configuration settings on the EventCam App due to the absence of API authentication. The lack of authentication in the API allows the attacker to p ...
Continue Reading
June 23, 2023
This post delves into a very impactful JWT Authentication Bypass vulnerability ([CVE-2023-30845]()) found in [ESP-v2](), an open-source service proxy that provides API management capabilities using Go ...
Continue Reading
June 23, 2023
Learn about the security capabilities of GraphQL and gRPC, how they perform authentication/authorization, and how they compare to REST. In addition, discover common attack vectors for both API framewo ...
Continue Reading
June 23, 2023
The ramifications of a Reddit breach which occurred [back in February]() are now being felt, with [the attackers threatening to leak the stolen data](). The February attack, billed as a "sophisticated ...
Continue Reading
June 23, 2023
Attackers with access to the "documentconverterws" API were able to inject serialized Java objects, that were not properly checked during deserialization. Access to this API endpoint is restricted to ...
Continue Reading
June 23, 2023
So, youâve finished your research. You developed a machine learning (ML) model, tested, and validated it and youâre now ready to start development, and then push the model to production. The ...
Continue Reading
June 23, 2023
A vulnerability exists that allows a malicious validator to trick the Vega network into re-processing past Ethereum events from Vegaâs Ethereum bridge. For example, a deposit to the collateral br ...
Continue Reading
June 23, 2023
### Impact Tags from pages not viewable to the current user are leaked by the tags API. This information can also be exploited to infer the document reference of non-viewable pages. ### Patches This v ...
Continue Reading
June 23, 2023
Back to Main
