JSON-RPC – API Security Blog

API security — Wiki: What is ❓ Why ❓ For PenTest & Best Practice

### API security — Wiki: What is ❓ Why ❓ For PenTest & Best Practice **What does api mean?** For beginners, API refers to the Application Programming Interface designed for effortless commun ...

June 23, 2022

Deserialization of Untrusted Data in Apache Dubbo

Apache Dubbo prior to 2.6.9 and 2.7.10 by default supports generic calls to arbitrary methods exposed by provider interfaces. These invocations are handled by the GenericFilter which will find the ser ...

June 23, 2022

Security update for trivy (moderate)

An update that fixes two vulnerabilities is now available. Description: This update for trivy fixes the following issues: trivy was updated to version 0.28.0 (boo#1199760, CVE-2022-28946): * ...

June 21, 2022

QRadar Community Edition 7.3.1.6 Server Side Request Forgery Vulnerability

QRadar Community Edition version 7.3.1.6 has an issue where the RssFeedItem class of the QRadar web application is used to fetch and parse RSS feeds. No validation is performed on the user-supplied RS ...

May 30, 2022

QRadar Community Edition 7.3.1.6 Server Side Request Forgery

Post ContentRead More ...

May 30, 2022

SALTO ProAccess SPACE 5.5 Traversal / File Write / XSS / Bypass Vulnerabilities

SALTO ProAccess SPACE versions 5.5 and below suffer from path traversal, arbitrary file write, persistent cross site scripting, privilege escalation, and clear text transmission of sensitive data vuln ...

May 30, 2022

SALTO ProAccess SPACE 5.5 Traversal / File Write / XSS / Bypass

Post ContentRead More ...

May 30, 2022

MyEtherWallet: Local Storage Custom Node Credentials Leak

## Summary Credentials for a custom node are stored in plain text inside Local Storage on the user's machine. If this node is configured in a certain way this could lead to the theft of any funds in a ...

May 30, 2022