This week Cisco Systems Inc. posted a critical security advisory addressing a vulnerability in the REST API of its Elastic Services Controller (ESC).

This Cisco IOS XE REST API vulnerability could lead to attackers obtaining the token-id of an authenticated user.

A common API vulnerability is with the use of illegitimate tokens to gain access to endpoints. Authentication systems themselves may be compromised, or expose an API key accidentally.

Cisco is warning that the vManage software that ships with its SD-WAN has an authentication vulnerability in its REST API. The critical-rated vulnerability, CVE-2023-20214, has a CVSS score of 9.1 ...

Cybersecurity firm Salt Labs discovered a GraphQL API authorization vulnerability in a large B2B financial technology platform. It would give attackers the ability to submit unauthorized ...

For example, a large service provider could have a million Cisco devices deployed, with a need to be able to rapidly identify when and where firmware should be updated for a security vulnerability.

The new vulnerability (CVE-2022-0218, CVSS score 8.3) was found by Wordfence researcher Chloe Chamberland, and was caused by a faulty configuration in the REST-API routes used to update the ...

A WordPress core maintainer said the company delayed disclosing the vulnerability, technically an unauthenticated privilege escalation vulnerability that existed in a REST API endpoint, to ...