Tag

API Vulnerability

3 briefs RSS

Paperclip Unauthenticated API Access Vulnerability

Paperclip application suffers from multiple unauthenticated API access vulnerabilities allowing attackers to access sensitive data, gather reconnaissance, and potentially bypass authentication.

paperclip authentication-bypass api-vulnerability

2r 3t Apr 17, 2026

high advisory

WWBN AVideo Unauthenticated decryptString Vulnerability

2 rules 1 TTP

WWBN AVideo, up to version 26.0, contains an improper authentication vulnerability (CVE-2026-33512) in the API plugin's `decryptString` action, allowing unauthenticated users to decrypt publicly accessible ciphertext and potentially recover protected tokens/metadata.

cve-2026-33512 avideo improper-authentication api-vulnerability

2r 1t Mar 24, 2026

critical advisory

OpenMage LTS Weak API Session ID Vulnerability Leads to Session Hijacking

2 rules 1 TTP 1 IOC

OpenMage LTS version 20.16.0 and earlier has a critical vulnerability in the XML-RPC/SOAP API session ID generation, which uses a predictable MD5 hash of time-derived inputs, allowing attackers to brute-force and hijack active API sessions for data exfiltration, order fraud, and supply chain manipulation.

magento-lts session hijacking API vulnerability brute-force attack

2r 1t 1i Jan 9, 2024