Lucene search
K

60 matches found

OSV
OSV
added 2025/11/13 9:29 p.m.4 views

CVE-2025-64748 Directus's conceal fields are searchable if read permissions enabled

Directus is a real-time API and App dashboard for managing SQL database content. A vulnerability in versions prior to 11.13.0 allows authenticated users to search concealed/sensitive fields when they have read permissions. While actual values remain masked , successful matches can be detected...

6.5CVSS7AI score0.0027EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/11/13 12:0 a.m.4 views

Directus 安全漏洞

Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. A security vulnerability exists in Directus versions prior to 11.13.0 that stems from allowing authenticated users to search for sensitive fields, potentially leading to a...

6.5CVSS6.2AI score0.0027EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/08 1:7 a.m.6 views

EUVD-2025-38346

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions 8.9.0 and below contain a time-based blind SQL Injection vulnerability. This vulnerability allows an authenticated attacker to infer data from the database by measuring response times,...

8.8CVSS7.2AI score0.00335EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/08 1:7 a.m.4 views

CVE-2025-64492 SuiteCRM is Vulnerable to Authenticated Time Based Blind SQL Injection

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions 8.9.0 and below contain a time-based blind SQL Injection vulnerability. This vulnerability allows an authenticated attacker to infer data from the database by measuring response times,...

8.8CVSS7.3AI score0.00335EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-39585

Malicious code in bioql PyPI...

4.3CVSS6.5AI score0.00266EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-52745

Malicious code in bioql PyPI...

6.5CVSS6.3AI score0.0121EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-6321

Malicious code in bioql PyPI...

4.3CVSS4.9AI score0.00581EPSS
Exploits0References3
CVE
CVE
added 2025/10/02 12:0 a.m.16 views

CVE-2025-56162

CVE-2025-56162 — YOSHOP 2.0 suffers an unauthenticated SQL injection in the goodsIds parameter of the /api/goods/listByIds endpoint. The getListByIds function concatenates user input into orderRaw('field(goods_id, ...)'), enabling: (a) enumeration/modification of DB data, including potential admi...

6.5CVSS9AI score0.00459EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-31088

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 the user...

6.5CVSS6.6AI score0.0121EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/07/10 6:38 p.m.3 views

CVE-2025-53709 Access control issues impacting secure-upload service

Secure-upload is a data submission service that validates single-use tokens when accepting submissions to channels. The service only installed on a small number of environments. Under specific circumstances, privileged users of secure-upload could have selected email templates not necessarily...

5.4CVSS6.6AI score0.00166EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:58 p.m.8 views

CVE-2022-24189

The usertoken authorization header on the Ourphoto App version 1.4.1 /apiv1/ end-points is not implemented properly. Removing the value causes all requests to succeed, bypassing authorization and session management. The impact of this vulnerability allows an attacker POST api calls with other use...

6.5CVSS6.6AI score0.00507EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/05/12 12:0 a.m.9 views

EulerOS 2.0 SP10 : rsync (EulerOS-SA-2025-1536)

According to the versions of the rsync package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link destination sent from th...

7.5CVSS7.6AI score0.04575EPSS
Exploits1References3
NVD
NVD
added 2025/05/07 3:15 a.m.31 views

CVE-2025-3924

The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized access of data via its publicly exposed reset-password endpoint. The plugin looks up the 'validemail' value based solely on a supplied username parameter, without verifying that the requester is associated...

5.3CVSS0.00317EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/03/26 6:44 p.m.10 views

Directus `search` query parameter allows enumeration of non permitted fields

Summary The search query parameter allows users with access to a collection to filter items based on fields they do not have permission to view. This allows the enumeration of unknown field contents. Details The searchable columns numbers & strings are not checked against permissions when injecti...

5.3CVSS7AI score0.00345EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2025/03/26 12:0 a.m.4 views

PT-2025-12983 · Directus · Directus

Name of the Vulnerable Software and Affected Versions: Directus versions 9.0.0-alpha.4 through 11.5.0 Description: The issue allows users with access to a collection to filter items based on fields they do not have permission to view using the search query parameter. This enables the enumeration ...

5.3CVSS6.3AI score0.00345EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2025/01/24 12:0 a.m.11 views

CBL Mariner 2.0 Security Update: rsync (CVE-2024-12086)

The version of rsync installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-12086 advisory. - A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the...

6.8CVSS8.1AI score0.01761EPSS
Exploits1References2
Amazon
Amazon
added 2025/01/17 12:0 a.m.13 views

Important: rsync

Issue Overview: A flaw was found in the rsync daemon which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length s2length to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data...

7.5CVSS7.3AI score0.09353EPSS
Exploits4
CVE
CVE
added 2024/12/26 9:41 p.m.56 views

CVE-2024-53850

The CVE-2024-53850 entry maps to the Addressing GLPI plugin vulnerability. The connected PT-2024-9988 advisory specifies affected versions 3.0.0 through 3.0.3 and attributes the issue to a poor security check that allows an unauthenticated attacker to determine whether data exists by name in GLPI...

8.2CVSS7.2AI score0.00502EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/26 9:41 p.m.18 views

CVE-2024-53850 The Addressing GLPI plugin allows data enumeration through uncontrolled object instantiation

The Addressing GLPI plugin enables you to create IP reports for visualize IP addresses used and free on a given network.. Starting with 3.0.0 and before 3.0.3, a poor security check allows an unauthenticated attacker to determine whether data exists by name in GLPI...

8.2CVSS0.00502EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/26 9:41 p.m.9 views

CVE-2024-53850 The Addressing GLPI plugin allows data enumeration through uncontrolled object instantiation

The Addressing GLPI plugin enables you to create IP reports for visualize IP addresses used and free on a given network.. Starting with 3.0.0 and before 3.0.3, a poor security check allows an unauthenticated attacker to determine whether data exists by name in GLPI...

8.2CVSS7.3AI score0.00502EPSS
Exploits0References2
Rows per page
Query Builder