Sensitive Information Disclosure

Directus is vulnerable to information disclosure. The vulnerability is due to improper error handling due to sensitive data being exposed in API responses when a ValidationError is triggered in flows using the "Webhook" trigger and "Data of Last Operation" response body...

CVE-2025-30353

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.5.0, when a Flow with the "Webhook" trigger and the "Data of Last Operation" response body encounters a ValidationError thrown by a failed condition operation, the A...

Directus's webhook trigger flows can leak sensitive data

Describe the Bug In Directus, when a Flow with the "Webhook" trigger and the "Data of Last Operation" response body encounters a ValidationError thrown by a failed condition operation, the API response includes sensitive data. This includes environmental variables, sensitive API keys, user...

CVE-2025-30353

Directus vulnerability (CVE-2025-30353): In Directus, flows using the Webhook trigger with the Data of Last Operation response can disclose sensitive data when a ValidationError occurs. Affected versions are 9.12.0 up to, but not including, 11.5.0. The exposure includes environment variables, API...

CVE-2019-20455

Gateways/Gateway.php in Heartland & Global Payments PHP SDK before 2.0.0 does not enforce SSL certificate validations...

Apple iPhone Configuration Web Utility Directory Traversal Vulnerability

This host has Apple iPhone Configuration Web Utility installed and is prone to directory traversal vulnerability. OpenVAS Vulnerability Test $Id: gbappleiphoneconfwebutltydirtrvslvuln.nasl 5370 2017-02-20 15:24:26Z cfi $ Apple iPhone Configuration Web Utility Directory Traversal Vulnerability...