BestHub
Sign in
Tagged articles
4 articles
Page 1 of 1
Black & White Path
Black & White Path
Jun 11, 2026 · Information Security

ServiceNow Confirms API Flaw Exposed Customer Data via Unauthorized Access, Already Exploited in the Wild

ServiceNow disclosed that a misconfigured Scripted REST API endpoint (/api/now/related_list_edit/create) allowed unauthenticated queries to sensitive tables, was actively exploited in early June 2026, affecting hosted customers on the Australia release and older versions, prompting an emergency patch and detailed detection and response guidance.

API vulnerabilityITSMServiceNow
0 likes · 9 min read
ServiceNow Confirms API Flaw Exposed Customer Data via Unauthorized Access, Already Exploited in the Wild
Old Zhang's AI Learning
Old Zhang's AI Learning
May 11, 2026 · Information Security

Critical CVE-2026-7482 'Bleeding Llama' in Ollama: Why You Must Upgrade Now

Ollama versions before 0.17.1 suffer a CVSS 9.1 heap out‑of‑bounds read vulnerability (CVE‑2026‑7482) that lets attackers upload malicious GGUF files, read server memory—including env vars and API keys—and exfiltrate data, affecting over 300,000 publicly exposed servers, so immediate upgrade and hardening are essential.

API vulnerabilityBleeding LlamaCVE-2026-7482
0 likes · 5 min read
Critical CVE-2026-7482 'Bleeding Llama' in Ollama: Why You Must Upgrade Now
Programmer DD
Programmer DD
Jun 3, 2023 · Information Security

How a Simple API Parameter Leak Exposed Thousands of Student Records

This article details the discovery and exploitation of an API‑based information leakage in a university system, showing how default passwords, missing parameters, and directory depth allowed an attacker to retrieve thousands of student records, and concludes with lessons for security testing.

API vulnerabilitydata exposureinformation leakage
0 likes · 10 min read
How a Simple API Parameter Leak Exposed Thousands of Student Records