API security — Wiki: What is ❓ Why ❓ For PenTest & Best Practice

### API security — Wiki: What is ❓ Why ❓ For PenTest & Best Practice **What does api mean?** For beginners, API refers to the Application Programming Interface designed for effortless commun ...

Continue Reading
Deserialization of Untrusted Data in Apache Dubbo

Apache Dubbo prior to 2.6.9 and 2.7.10 by default supports generic calls to arbitrary methods exposed by provider interfaces. These invocations are handled by the GenericFilter which will find the ser ...

Continue Reading
Security update for trivy (moderate)

An update that fixes two vulnerabilities is now available. Description: This update for trivy fixes the following issues: trivy was updated to version 0.28.0 (boo#1199760, CVE-2022-28946): * ...

Continue Reading
QRadar Community Edition 7.3.1.6 Server Side Request Forgery Vulnerability

QRadar Community Edition version 7.3.1.6 has an issue where the RssFeedItem class of the QRadar web application is used to fetch and parse RSS feeds. No validation is performed on the user-supplied RS ...

Continue Reading
QRadar Community Edition 7.3.1.6 Server Side Request Forgery

Post ContentRead More ...

Continue Reading
SALTO ProAccess SPACE 5.5 Traversal / File Write / XSS / Bypass Vulnerabilities

SALTO ProAccess SPACE versions 5.5 and below suffer from path traversal, arbitrary file write, persistent cross site scripting, privilege escalation, and clear text transmission of sensitive data vuln ...

Continue Reading
SALTO ProAccess SPACE 5.5 Traversal / File Write / XSS / Bypass

Post ContentRead More ...

Continue Reading
MyEtherWallet: Local Storage Custom Node Credentials Leak

## Summary Credentials for a custom node are stored in plain text inside Local Storage on the user's machine. If this node is configured in a certain way this could lead to the theft of any funds in a ...

Continue Reading

Back to Main

Subscribe for the latest news: