API Security - CVE CyberSecurity Database News

CVE-2023-32193 - Unauthenticated Cross-Site Scripting Vulnerability in Norman's Public API Endpoint: Exploit Details and Mitigation Techniques

Oct 16, 2024 CSRF XSS API API Security SQL

CVE-2023-32193 - Unauthenticated Cross-Site Scripting Vulnerability in Norman's Public API Endpoint: Exploit Details and Mitigation Techniques

A critical vulnerability, designated as CVE-2023-32193, has been identified in Norman's public API endpoint, which can be exploited by an attacker to trigger

CVE-2024-3656: Keycloak's Admin REST API Allows Low-Privilege Users to Access Administrative Functionalities, Resulting in Potential Data Breaches and System Compromise

Oct 9, 2024 API API Security Exploit

CVE-2024-3656: Keycloak's Admin REST API Allows Low-Privilege Users to Access Administrative Functionalities, Resulting in Potential Data Breaches and System Compromise

A security vulnerability (CVE-2024-3656) was recently discovered within Keycloak, an open-source Identity and Access Management (IAM) solution. This vulnerability allows low-privilege users to access certain

Nov 28, 2022 API API Security Exploit Sz-fujia Ourphoto

CVE-2022-24189: User Token Authorization Bypass in Ourphoto App v1.4.1 Allows Unauthorized Access to Sensitive User Data

An improper implementation of the user_token authorization header on the Ourphoto App version 1.4.1 /apiv1/* end-points has been discovered, leaving users exposed

Apr 12, 2022 Windows Microsoft API API Security SQL

CVE-2022-24765 Git for Windows is a fork of Git containing Windows-specific patches. It's vulnerable to LUKS hard disk encryption key compromise.

GIT_DIR` in the Windows registry, which will then be picked up by Git operations. This vulnerability has been patched in Git for Windows v2.