@altipla/directus-sdk-utils (=0.7.2), @depup/directus (=11.16.1-depup.0) +6 more potentially affected by CVE-2026-35442 via directus (>=10.10.0 <=11.16.1)

directus NPM version =10.10.0, =15.0.0, =1.2.2, =1.0.0, =2.0.0 - directus-extension-blog-year-filter =1.0.0 Source cves: CVE-2026-35442 Source advisory: OSV:GHSA-38HG-WW64-RRWC...

@altipla/directus-sdk-utils (=0.7.2), @depup/directus (=11.16.1-depup.0) +6 more potentially affected by unknown CVE via directus (>=10.10.0 <=11.16.1)

directus NPM version =10.10.0, =15.0.0, =1.2.2, =1.0.0, =2.0.0 - directus-extension-blog-year-filter =1.0.0 Source cves: unknown CVE Source advisory: OSV:GHSA-6Q22-G298-GRJH...

@altipla/directus-sdk-utils (=0.7.2), @devix-tecnologia/utils-ts (=1.0.0) +5 more potentially affected by CVE-2026-35413 via directus (>=10.10.0 <=11.16.0)

directus NPM version =10.10.0, =15.0.0, =1.2.2, =1.0.0, =2.0.0 - directus-extension-blog-year-filter =1.0.0 Source cves: CVE-2026-35413 Source advisory: OSV:GHSA-WXWM-3FXV-MRVX...

@altipla/directus-sdk-utils (=0.7.2), @devix-tecnologia/utils-ts (=1.0.0) +5 more potentially affected by CVE-2026-35410 via directus (>=10.10.0 <=11.16.0)

directus NPM version =10.10.0, =15.0.0, =1.2.2, =1.0.0, =2.0.0 - directus-extension-blog-year-filter =1.0.0 Source cves: CVE-2026-35410 Source advisory: OSV:GHSA-CF45-HXWJ-4CFJ...

@altipla/directus-sdk-utils (=0.7.2), @depup/directus (=11.16.1-depup.0) +6 more potentially affected by CVE-2026-35408 via directus (>=10.10.0 <=11.16.1)

directus NPM version =10.10.0, =15.0.0, =1.2.2, =1.0.0, =2.0.0 - directus-extension-blog-year-filter =1.0.0 Source cves: CVE-2026-35408 Source advisory: OSV:GHSA-8M32-P958-JG99...

EUVD-2025-27596

Malicious code in bioql PyPI...

EUVD-2025-8232

Malicious code in bioql PyPI...

Embedded Malicious Code

Overview prebid.js is an open source software that is offered for free as a convenience. While it is designed to help companies address legal requirements associated with header bidding, we cannot and do not warrant that your use of Prebid.js will satisfy legal requirements. Affected versions of...

CVE-2025-59038 Prebid.js NPM package briefly compromised

Prebid.js is a free and open source library for publishers to quickly implement header bidding. NPM users of prebid 10.9.2 may have been briefly compromised by a malware campaign. The malicious code attempts to redirect crypto transactions on the site to the attackers' wallet. Version 10.10.0 fix...

PT-2025-36995

Name of the Vulnerable Software and Affected Versions: Prebid.js versions prior to 10.10.0 Prebid.js version 10.9.2 Description: Prebid.js is a free and open source library used by publishers to implement header bidding. NPM users of version 10.9.2 may have been compromised by a malware campaign...

PT-2025-34201 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 10.8.x through 10.8.3 Mattermost versions 10.5.x through 10.5.8 Mattermost versions 9.11.x through 9.11.17 Mattermost versions 10.9.x through 10.9.2 Mattermost versions 10.10.x through 10.10.0 Description: The Mattermost...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost that stems from an uncleaned Team Invitation ID, which could lead to the acquisition of a Team Invitation ID.The following versions are affected: 10.8.3 an...

PT-2025-12982 · Directus · Directus

Name of the Vulnerable Software and Affected Versions: Directus versions 10.10.0 through 11.4.x Description: The issue allows a suspended user to access the API using a token generated in session auth mode, despite their suspended status. This occurs due to a missing check in the verifySessionJWT...

MariaDB DoS Vulnerability (MDEV-32084)

MariaDB is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mariadb:mariadb"; if...

@directus/api (>=18.0.0 <=21.0.1) potentially affected by CVE-2024-46990 via directus (>=10.10.0 <=10.13.2)

directus NPM version =10.10.0, =18.0.0, =21.0.1 Source cves: CVE-2024-46990 Source advisory: OSV:GHSA-68G8-C275-XF2M...

CVE-2024-28239

Directus is a real-time API and App dashboard for managing SQL database content. The authentication API has a redirect parameter that can be exploited as an open redirect vulnerability as the user tries to log in via the API URL. There's a redirect that is done after successful login via the Auth...

Open redirect

Directus is a real-time API and App dashboard for managing SQL database content. The authentication API has a redirect parameter that can be exploited as an open redirect vulnerability as the user tries to log in via the API URL. There's a redirect that is done after successful login via the Auth...

PT-2024-22353 · Directus · Directus

Name of the Vulnerable Software and Affected Versions: Directus versions prior to 10.10.0 Description: The issue concerns the inclusion of session tokens in URLs, specifically when reaching the "/files" page, where a JWT is passed via GET request. This poses a security risk as URLs are often logg...

ownCloud < 10.10.0 Information Disclosure Vulnerability

ownCloud is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:owncloud:owncloud";...

ownCloud 安全漏洞

ownCloud is a suite of personal cloud storage solutions from US-based ownCloud, Inc. A security vulnerability exists in versions of ownCloud prior to 10.10.0 that stems from incorrectly deleting sensitive information prior to storage or transmission...