API - API Security Blog

CVE-2023-30394

MoveIT v1.1.11 was discovered to contain a cross-site scripting (XSS) vulenrability via the API authentication function.Read More ...

May 11, 2023

CVE-2023-2443

Rockwell Automation ThinManager product allows the use of medium strength ciphers. Â If the client requests an insecure cipher, a malicious actor could potentially decrypt traffic sent between the c ...

May 11, 2023

Command Injection

net.opentsdb:opentsdb is vulnerable to Command Injection. Insufficient validation of parameters passed to the legacy HTTP query API allows crafted OS commands to bypass validation, allowing malicious ...

May 11, 2023

CVSS3 - CRITICAL

Pentaho Business Server Authentication Bypass / SSTI / Code Execution

Post ContentRead More ...

May 11, 2023

CVSS3 - CRITICAL

New APT Group Red Stinger Targets Military and Critical Infrastructure in Eastern Europe

[![Red Stinger](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAQAAAC1HAwCAAAAC0lEQVR42mP8Xw8AAoMBgDTD2qgAAAAASUVORK5CYII=)]() A previously undetected advanced persistent threat (APT) actor du ...

May 11, 2023

Rockwell Automation ThinManager

## 1. EXECUTIVE SUMMARY * **CVSS v3 7.5** * **ATTENTION:** Exploitable remotely/low attack complexity * **Vendor:** Rockwell Automation * **Equipment:** ThinManager * **Vulnerabilities:** In ...

May 11, 2023

Siemens SIMATIC Cloud Connect 7

## 1. EXECUTIVE SUMMARY * **CVSS v3 7.2 ** * **ATTENTION:** Exploitable remotely/low attack complexity * **Vendor:** Siemens * **Equipment:** SIMATIC Cloud Connect 7 * **Vulnerabilities:** I ...

May 11, 2023

CVSS3 - HIGH

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 1, 2023 to May 7, 2023)

Last week, there were 58 vulnerabilities disclosed in 43 WordPress Plugins and 3 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 27 Vulnerabi ...

May 11, 2023

CVSS3 - CRITICAL