This page collects WhisperX intelligence signals tagged #API vulnerability. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical security vulnerability has been identified in the MyMascada WebAPI, where sensitive Akahu user access tokens are being directly exposed to the client browser. This exposure occurs because the `/api/BankConnections/akahu/exchange` endpoint returns the token in its HTTP response body, a direct violation of Aka...
A high-severity security incident has been flagged after an unauthorized user attempted to access sensitive system files. The threat actor exploited a directory traversal vulnerability in an API endpoint, a technique that can allow access to restricted directories and files. While the server blocked the attempt with a ...
A high-severity security incident has been logged, involving an unauthorized user attempting to access sensitive system files. The threat actor exploited a directory traversal vulnerability in a specific API endpoint, a technique used to navigate outside the intended directory structure to reach protected files. While ...
The YUDDHA platform's autonomous security system, KAVACH, has automatically generated and verified a critical patch for a zero-trust violation discovered in its `/api` endpoint. The vulnerability, classified as CRITICAL severity, directly targeted PII data. The patch was verified using the Mistral model and sandbox tes...
A critical API vulnerability in the SmartEM backend system exposes sensitive internal state and grants unauthorized write access, posing a direct threat to proprietary scientific research and system integrity. Multiple debug endpoints operate without any authentication or authorization controls, allowing both the discl...
A security disclosure filed on GitHub reveals that the Generations service API improperly exposes personally identifiable information through two endpoints: GET /v1/generations and GET /v1/generations/{id}. The affected responses include `user_id` (the UUID of the requesting user) and `ip_address` (the originating IP a...