All CosmicBytez Labs articles tagged #API Security, across news, security advisories, how-to guides, and projects.
A critical authentication bypass in Kopia, a cross-platform backup tool for Windows, macOS, and Linux, allows unauthenticated access to repository API endpoints when the server is started with the --without-password flag. Fixed in Kopia v0.23.0.
A critical CVSS 9.1 vulnerability in Crawl4AI before 0.8.7 allows attackers to write arbitrary files anywhere on the host filesystem via the Docker API's /screenshot and /pdf endpoints — patch immediately.
A critical authentication bypass in Flowise allows unauthenticated attackers to register accounts via an unprotected API endpoint and gain full platform...
A critical missing authorization vulnerability (CVSS 9.1) in Red Hat's migration-planner allows any authenticated user to send a DELETE request to...
A critical improper authentication vulnerability (CVSS 9.6) in Red Hat's migration-planner agent-API middleware allows authenticated agents to update...
A critical CVSS 9.8 vulnerability in M3WebServer hard-codes backend API keys in the production build. Attackers intercept them through verbose error handling…
A critical insecure direct object reference vulnerability allows authenticated users to pivot to any other user's profile by modifying an id parameter in...
A critical unauthenticated information disclosure vulnerability in the Gardyn smart garden platform exposes all registered user account information via a...
A CVSS 10.0 critical vulnerability in steam-trader 2.1.1 exposes Steam account credentials, identity secrets, and shared secrets to unauthenticated remote...
A critical unauthenticated information disclosure vulnerability in SiYuan, the personal knowledge management system, allows remote attackers to retrieve...
A critical path traversal vulnerability in SiYuan's /api/file/readDir interface allows unauthenticated remote attackers to traverse notebook directories...