MAL-2025-49307 Malicious code in sechub-openapi-typescript (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fa5b3dc481ba626b038be55ed5cb344e32dc983f53f2b83fc1b9f6293a3a493 The package sechub-openapi-typescript was found to contain malicious code. Source: ghsa-malware...

Malicious code in sechub-openapi-typescript (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3fa5b3dc481ba626b038be55ed5cb344e32dc983f53f2b83fc1b9f6293a3a493 The package sechub-openapi-typescript was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-37116

Malicious code in epic-openapi-codegen npm...

MAL-2025-49177 Malicious code in epic-openapi-codegen (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 72c376cbf488eb74d4d24b10cd6153640f94a3ceb831332dc1f0f056934c91ed The package epic-openapi-codegen was found to contain malicious code...

Malicious code in epic-openapi-codegen (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 72c376cbf488eb74d4d24b10cd6153640f94a3ceb831332dc1f0f056934c91ed The package epic-openapi-codegen was found to contain malicious code...

Fedora: Security Advisory (FEDORA-2025-42dd948b86)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 43 : openapi-python-client (2025-42dd948b86)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-42dd948b86 advisory. - Update upstream version 0.26.1 - Delete old patch for the fix of the CLI tests fix-test-cli-1309.patch - Update allow-typer-0.19.patch Tenable has extracte...

CVE-2025-62256

Liferay Portal 7.4.0 through 7.4.3.109, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not properly restrict access to OpenAPI in certain circumstances, which allows remote attackers...

GHSA-J82Q-C85J-XW4W Liferay Portal and DXP do not properly restrict access to OpenAPI

Liferay Portal 7.4.0 through 7.4.3.109, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not properly restrict access to OpenAPI in certain circumstances, which allows remote attackers...

Liferay Portal and DXP do not properly restrict access to OpenAPI

Liferay Portal 7.4.0 through 7.4.3.109, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not properly restrict access to OpenAPI in certain circumstances, which allows remote attackers...

Missing Authorization

Overview com.liferay:com.liferay.portal.vulcan.impl is a Liferay Portal Vulcan Implementation Affected versions of this package are vulnerable to Missing Authorization due to improper access control to OpenAPI. An attacker can retrieve sensitive OpenAPI YAML files by sending a specially crafted...

CVE-2025-62256

Liferay Portal 7.4.0 through 7.4.3.109, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not properly restrict access to OpenAPI in certain circumstances, which allows remote attackers...

CVE-2025-62256

Liferay Portal 7.4.0 through 7.4.3.109, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not properly restrict access to OpenAPI in certain circumstances, which allows remote attackers...

CVE-2025-62256

Connected documents describe DNS rebinding vulnerabilities affecting Liferay Portal 7.4.0–7.4.3.119 and various Liferay DXP versions (e.g., 2023.Q3.1–2023.Q4.10, 2024.Q1.1–2024.Q1.5, 7.4 GA through update 92). Problems allow remote attackers to redirect users to arbitrary URLs by abusing redirect...

CVE-2025-62256

Liferay Portal 7.4.0 through 7.4.3.109, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not properly restrict access to OpenAPI in certain circumstances, which allows remote attackers...

PT-2025-43515

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.3 GA through update 35 Liferay Portal versions 7.4.0 through 7.4.3.109 Liferay DXP versions 2023.Q3.1 through 2023.Q3.7 Liferay DXP versions 2023.Q4.0 through 2023.Q4.5 Liferay Portal 7.4 GA through update 92 older...

Security Bulletin: IBM Security QRadar Log Management AQL Plugin includes components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. These vulnerabilities have been addressed in the update. Vulnerability Details CVEID:CVE-2025-30153 DESCRIPTION: kin-openapi is a Go project for handling OpenAPI...

CVE-2025-11581

A security vulnerability has been detected in PowerJob up to 5.1.2. This vulnerability affects unknown code of the file /openApi/runJob of the component OpenAPIController. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit has been disclosed publicl...

GHSA-9WQ6-87HW-6MHC PowerJob OpenAPIController is missing authorization

A security vulnerability has been detected in PowerJob up to 5.1.2. This vulnerability affects unknown code of the file /openApi/runJob of the component OpenAPIController. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit has been disclosed publicl...

PowerJob OpenAPIController is missing authorization

A security vulnerability has been detected in PowerJob up to 5.1.2. This vulnerability affects unknown code of the file /openApi/runJob of the component OpenAPIController. Such manipulation leads to missing authorization. The attack can be launched remotely. The exploit has been disclosed publicl...