MAL-2025-28187 Malicious code in okta-sdk-golang-openapi (npm)

The package okta-sdk-golang-openapi was found to contain malicious code...

MAL-2025-22081 Malicious code in h1-cli-ext-root-openapi-generator (npm)

The package h1-cli-ext-root-openapi-generator was found to contain malicious code...

Malicious code in h1-cli-ext-root-openapi-generator (npm)

The package h1-cli-ext-root-openapi-generator was found to contain malicious code...

h1-cli-device-browser (>=1.0.1-alpha.0 <=1.0.1-alpha.1), h1-cli-device-node (>=1.0.1-alpha.0 <=1.0.1-alpha.1) potentially affected by unknown CVE via h1-cli-ext-root-openapi-generator (=1.0.1-alpha.1)

h1-cli-ext-root-openapi-generator NPM version =1.0.1-alpha.1 is affected by a known vulnerability. The following packages have a transitive dependency on h1-cli-ext-root-openapi-generator and may be impacted: - h1-cli-device-browser =1.0.1-alpha.0, =1.0.1-alpha.0, =1.0.1-alpha.1 Source cves:...

MAL-2025-6466 Malicious code in bmlx-openapi-client (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Information Disclosure

Directus is vulnerable to information disclosure. The vulnerability is due to the exact Directus version number being exposed as the OpenAPI Spec version at the /server/specs/oas endpoint without authentication, which allows an attacker to identify the running version and target known...

CVE-2025-53887

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, the exact Directus version number is incorrectly being used as OpenAPI Spec version this means that it is being exposed by the /server/specs/oas endpoint without...

GHSA-RMJH-CF9Q-PV7Q Directus' exact version number is exposed by the OpenAPI Spec

Summary The exact Directus version number is incorrectly being used as OpenAPI Spec version this means that it is being exposed by the /server/specs/oas endpoint without authentication. Impact With the exact version information a malicious attacker can look for known vulnerabilities in Directus...

Directus' exact version number is exposed by the OpenAPI Spec

Summary The exact Directus version number is incorrectly being used as OpenAPI Spec version this means that it is being exposed by the /server/specs/oas endpoint without authentication. Impact With the exact version information a malicious attacker can look for known vulnerabilities in Directus...

CVE-2025-53887

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, the exact Directus version number is incorrectly being used as OpenAPI Spec version this means that it is being exposed by the /server/specs/oas endpoint without...

CVE-2025-53887 Directus's exact version number is exposed by the OpenAPI Spec

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, the exact Directus version number is incorrectly being used as OpenAPI Spec version this means that it is being exposed by the /server/specs/oas endpoint without...

CVE-2025-53887 Directus's exact version number is exposed by the OpenAPI Spec

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, the exact Directus version number is incorrectly being used as OpenAPI Spec version this means that it is being exposed by the /server/specs/oas endpoint without...

CVE-2025-53887

Summary: Directus prior to 11.9.0 exposes the exact running version via the OpenAPI spec at /server/specs/oas, enabling targeted lookups for known vulnerabilities in Directus core and dependencies. This information disclosure is fixed in 11.9.0. What’s affected: Directus real-time API and app das...

CVE-2025-53887 Directus's exact version number is exposed by the OpenAPI Spec

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, the exact Directus version number is incorrectly being used as OpenAPI Spec version this means that it is being exposed by the /server/specs/oas endpoint without...

CVE-2025-52918

Yealink RPS before 2025-05-26 does not prevent OpenAPI access by frozen enterprise accounts, allowing unauthorized access to deactivated interfaces...

CVE-2025-52918

Yealink RPS before 2025-05-26 does not prevent OpenAPI access by frozen enterprise accounts, allowing unauthorized access to deactivated interfaces...

PT-2025-26529 · Yealink · Yealink Ymcs

Name of the Vulnerable Software and Affected Versions: Yealink YMCS versions prior to 2025-05-26 Description: The issue allows unauthorized access to deactivated interfaces due to the lack of prevention of OpenAPI access by frozen enterprise accounts. Recommendations: For Yealink YMCS versions...

CVE-2025-52918

Yealink RPS before 2025-05-26 does not prevent OpenAPI access by frozen enterprise accounts, allowing unauthorized access to deactivated interfaces...

CVE-2025-52918

Yealink RPS before 2025-05-26 does not prevent OpenAPI access by frozen enterprise accounts, allowing unauthorized access to deactivated interfaces...

CVE-2025-52918

CVE-2025-52918 affects Yealink RPS (Redirect and Provisioning Service). Before 2025-05-26, OpenAPI access is not blocked for frozen enterprise accounts, allowing unauthorized access to deactivated interfaces. CVSS v3.1 base score 5.0 (medium); impact limited to confidentiality. The available docu...