28 matches found
CVE-2025-53887 Directus's exact version number is exposed by the OpenAPI Spec
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, the exact Directus version number is incorrectly being used as OpenAPI Spec version this means that it is being exposed by the /server/specs/oas endpoint without...
CVE-2025-53887 Directus's exact version number is exposed by the OpenAPI Spec
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, the exact Directus version number is incorrectly being used as OpenAPI Spec version this means that it is being exposed by the /server/specs/oas endpoint without...
CVE-2025-53887
Summary: Directus prior to 11.9.0 exposes the exact running version via the OpenAPI spec at /server/specs/oas, enabling targeted lookups for known vulnerabilities in Directus core and dependencies. This information disclosure is fixed in 11.9.0. What’s affected: Directus real-time API and app das...
MAL-2025-715 Malicious code in smartling-openapi-spec (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 21a5bc79af548e1ec5706ef28aa4991242b628e7fb312ee2141f58d6aa46d16b Any computer that has this package installed or running should be considered...
OPENSUSE-SU-2024:11247-1 python36-openapi-spec-validator-0.2.9-1.5 on GA media
These are all security issues fixed in the python36-openapi-spec-validator-0.2.9-1.5 package on the GA media of openSUSE Tumbleweed...
CVE-2024-35219 OpenAPI Generator Online - Arbitrary File Read/Delete
OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...
CVE-2023-30845
ESPv2 is a service proxy that provides API management capabilities using Google Service Infrastructure. ESPv2 2.20.0 through 2.42.0 contains an authentication bypass vulnerability. API clients can craft a malicious X-HTTP-Method-Override header value to bypass JWT authentication in specific cases...
Authentication flaw
ESPv2 is a service proxy that provides API management capabilities using Google Service Infrastructure. ESPv2 2.20.0 through 2.42.0 contains an authentication bypass vulnerability. API clients can craft a malicious X-HTTP-Method-Override header value to bypass JWT authentication in specific cases...