Monospace

Directus

44 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.2

CVE-2025-53885

  • EPSS 0.02%
  • Veröffentlicht 14.07.2025 23:18:57
  • Zuletzt bearbeitet 16.07.2025 14:18:18

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, when using Directus Flows to handle CRUD events for users it is possible to log the incoming data to console using...

7.5

CVE-2025-30353

Exploit
  • EPSS 0.15%
  • Veröffentlicht 26.03.2025 17:26:51
  • Zuletzt bearbeitet 26.08.2025 01:47:43

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.5.0, when a Flow with the "Webhook" trigger and the "Data of Last Operation" response body encounters a ValidationErro...

5.3

CVE-2025-30352

  • EPSS 0.1%
  • Veröffentlicht 26.03.2025 17:18:39
  • Zuletzt bearbeitet 26.08.2025 01:41:50

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0-alpha.4 and prior to version 11.5.0, the `search` query parameter allows users with access to a collection to filter items based on fields they...

4.3

CVE-2025-30351

Exploit
  • EPSS 0.23%
  • Veröffentlicht 26.03.2025 17:13:42
  • Zuletzt bearbeitet 26.08.2025 01:36:01

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 10.10.0 and prior to version 11.5.0, a suspended user can use the token generated in session auth mode to access the API despite their status. This h...

5.3

CVE-2025-30350

Exploit
  • EPSS 0.2%
  • Veröffentlicht 26.03.2025 16:49:48
  • Zuletzt bearbeitet 18.11.2025 17:44:38

Directus is a real-time API and App dashboard for managing SQL database content. The `@directus/storage-driver-s3` package starting in version 9.22.0 and prior to version 12.0.1, corresponding to Directus starting in version 9.22.0 and prior to 11.5....

5.3

CVE-2025-30225

Exploit
  • EPSS 0.18%
  • Veröffentlicht 26.03.2025 16:27:14
  • Zuletzt bearbeitet 18.11.2025 17:44:59

Directus is a real-time API and App dashboard for managing SQL database content. The `@directus/storage-driver-s3` package starting in version 9.22.0 and prior to version 12.0.1, corresponding to Directus starting in version 9.22.0 and prior to 11.5....

4.3

CVE-2025-27089

  • EPSS 0.09%
  • Veröffentlicht 19.02.2025 17:15:15
  • Zuletzt bearbeitet 27.02.2025 20:18:12

Directus is a real-time API and App dashboard for managing SQL database content. In affected versions if there are two overlapping policies for the `update` action that allow access to different fields, instead of correctly checking access permission...

4.3

CVE-2025-24353

Exploit
  • EPSS 0.27%
  • Veröffentlicht 23.01.2025 18:15:33
  • Zuletzt bearbeitet 18.11.2025 21:43:43

Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.2.0, when sharing an item, a typical user can specify an arbitrary role. It allows the user to use a higher-privileged role to see fields that otherw...

7.5

CVE-2024-54151

Exploit
  • EPSS 0.39%
  • Veröffentlicht 09.12.2024 21:15:08
  • Zuletzt bearbeitet 18.11.2025 21:39:33

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 11.0.0 and prior to version 11.3.0, when setting `WEBSOCKETS_GRAPHQL_AUTH` or `WEBSOCKETS_REST_AUTH` to "public", an unauthenticated user is able to ...

4.6

CVE-2024-54128

Exploit
  • EPSS 0.23%
  • Veröffentlicht 05.12.2024 17:15:15
  • Zuletzt bearbeitet 19.11.2025 14:47:35

Directus is a real-time API and App dashboard for managing SQL database content. The Comment feature has implemented a filter to prevent users from adding restricted characters, such as HTML tags. However, this filter operates on the client-side, whi...