Lucene search
K

28 matches found

Vulnrichment
Vulnrichment
added 2025/07/14 11:40 p.m.3 views

CVE-2025-53887 Directus's exact version number is exposed by the OpenAPI Spec

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, the exact Directus version number is incorrectly being used as OpenAPI Spec version this means that it is being exposed by the /server/specs/oas endpoint without...

5.3CVSS6.9AI score0.00452EPSS
Exploits0References4
OSV
OSV
added 2025/07/14 11:40 p.m.5 views

CVE-2025-53887 Directus's exact version number is exposed by the OpenAPI Spec

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, the exact Directus version number is incorrectly being used as OpenAPI Spec version this means that it is being exposed by the /server/specs/oas endpoint without...

5.3CVSS7.1AI score0.00452EPSS
Exploits0References6
CVE
CVE
added 2025/07/14 11:40 p.m.32 views

CVE-2025-53887

Summary: Directus prior to 11.9.0 exposes the exact running version via the OpenAPI spec at /server/specs/oas, enabling targeted lookups for known vulnerabilities in Directus core and dependencies. This information disclosure is fixed in 11.9.0. What’s affected: Directus real-time API and app das...

5.3CVSS7AI score0.00452EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/01/31 3:1 a.m.3 views

MAL-2025-715 Malicious code in smartling-openapi-spec (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 21a5bc79af548e1ec5706ef28aa4991242b628e7fb312ee2141f58d6aa46d16b Any computer that has this package installed or running should be considered...

7AI score
Exploits0References1
OSV
OSV
added 2024/06/15 12:0 a.m.8 views

OPENSUSE-SU-2024:11247-1 python36-openapi-spec-validator-0.2.9-1.5 on GA media

These are all security issues fixed in the python36-openapi-spec-validator-0.2.9-1.5 package on the GA media of openSUSE Tumbleweed...

9.8CVSS9.6AI score0.06031EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/05/27 4:11 p.m.125 views

CVE-2024-35219 OpenAPI Generator Online - Arbitrary File Read/Delete

OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...

8.3CVSS8.1AI score0.03592EPSS
Exploits0References3
NVD
NVD
added 2023/04/26 9:15 p.m.49 views

CVE-2023-30845

ESPv2 is a service proxy that provides API management capabilities using Google Service Infrastructure. ESPv2 2.20.0 through 2.42.0 contains an authentication bypass vulnerability. API clients can craft a malicious X-HTTP-Method-Override header value to bypass JWT authentication in specific cases...

9.8CVSS8.9AI score0.00649EPSS
Exploits0References4
Prion
Prion
added 2023/04/26 9:15 p.m.32 views

Authentication flaw

ESPv2 is a service proxy that provides API management capabilities using Google Service Infrastructure. ESPv2 2.20.0 through 2.42.0 contains an authentication bypass vulnerability. API clients can craft a malicious X-HTTP-Method-Override header value to bypass JWT authentication in specific cases...

7.5CVSS9.5AI score0.00649EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder