836 matches found
CVE-2026-7729
A security flaw has been discovered in pixelsock directus-mcp 1.0.0. This issue affects the function validateUrl of the file index.ts of the component MCP Interface. Performing a manipulation of the argument fileUrl results in server-side request forgery. The attack may be initiated remotely. The...
CVE-2026-39942
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, the PATCH /files/id endpoint accepts a user-controlled filenamedisk parameter. By setting this value to match the storage path of another user's file, an attacker can overwrite that file's content...
ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.c4-soft.springaddons:keycloak-grants-mapper (>=3.1.13-jdk1.8 <=3.1.14-jdk17) +219 more potentially affected by CVE-2026-9798 via org.keycloak:keycloak-services (>=10.0.0 <=9.0.3)
org.keycloak:keycloak-services MAVEN version =10.0.0, =0.1.0, =3.1.13-jdk1.8, =11.0.1, =1.2.6, =1.2.5, =0.1, =0.1, =1.0.1, =0.1, =1.0.1, =0.1, =1.2.0, =1.4.11 - com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak =24.3.0.0 -...
@11ty/eleventy (=3.0.0-alpha.16), @agiflowai/aicode-toolkit (>=0.6.0 <=1.1.0) +99 more potentially affected by CVE-2026-44646 via liquidjs (>=10.10.0 <=10.25.7)
liquidjs NPM version =10.10.0, =0.6.0, =0.1.0, =0.0.0, =0.5.5, =0.8.0, =1.0.1, =1.6.3, =3.11.0, =3.11.0, =3.11.0, =1.0.0, =1.0.0-beta.5 - @clairview/api =23.1.0 and more Source cves: CVE-2026-44646 Source advisory: OSV:GHSA-9X9P-QF8F-MVJG...
@altipla/directus-sdk-utils (=0.7.2), @better-auth/infra (>=0.1.7 <=0.1.8) +39 more potentially affected by CVE-2026-46490 via samlify (>=2.10.0 <=2.12.0)
samlify NPM version =2.10.0, =0.1.7, =1.6.0, =2.10.4, =1.0.0, =1.0.0, =11.16.1-depup.0, =27.1.0, =0.73.0, =0.0.0-chat-to-edit-20251124233201, =0.0.0-chat-to-edit-20251124233201, =0.75.0 and more Source cves: CVE-2026-46490 Source advisory: SNYK:JS-SAMLIFY-16796318...
ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1) +174 more potentially affected by CVE-2026-37978 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=26.6.1)
org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =0.1.0, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.11 - com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak =24.3.0.0 -...
ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1) +174 more potentially affected by CVE-2026-8922 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=26.6.2)
org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =0.1.0, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.11 - com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak =24.3.0.0 -...
ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1) +174 more potentially affected by CVE-2026-8830 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=26.6.2)
org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =0.1.0, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.11 - com.github.wnameless.spring.boot.up:spring-boot-up-embedded-keycloak =24.3.0.0 -...
CVE-2026-7729
A security flaw has been discovered in pixelsock directus-mcp 1.0.0. This issue affects the function validateUrl of the file index.ts of the component MCP Interface. Performing a manipulation of the argument fileUrl results in server-side request forgery. The attack may be initiated remotely. The...
CVE-2026-7729
CVE-2026-7729 affects pixelsock directus-mcp 1.0.0, specifically the MCP Interface’s index.ts validateUrl function. Manipulating the fileUrl argument can lead to server-side request forgery (SSRF). The vulnerability is exploitable remotely and, per the CVE metrics, has PROOF-OF-CONCEPT exploit ma...
CVE-2026-7729 pixelsock directus-mcp MCP index.ts validateUrl server-side request forgery
A security flaw has been discovered in pixelsock directus-mcp 1.0.0. This issue affects the function validateUrl of the file index.ts of the component MCP Interface. Performing a manipulation of the argument fileUrl results in server-side request forgery. The attack may be initiated remotely. The...
CVE-2026-7729
A security flaw has been discovered in pixelsock directus-mcp 1.0.0. This issue affects the function validateUrl of the file index.ts of the component MCP Interface. Performing a manipulation of the argument fileUrl results in server-side request forgery. The attack may be initiated remotely. The...
CVE-2026-7729 pixelsock directus-mcp MCP index.ts validateUrl server-side request forgery
A security flaw has been discovered in pixelsock directus-mcp 1.0.0. This issue affects the function validateUrl of the file index.ts of the component MCP Interface. Performing a manipulation of the argument fileUrl results in server-side request forgery. The attack may be initiated remotely. The...
EUVD-2026-26883
A security flaw has been discovered in pixelsock directus-mcp 1.0.0. This issue affects the function validateUrl of the file index.ts of the component MCP Interface. Performing a manipulation of the argument fileUrl results in server-side request forgery. The attack may be initiated remotely. The...
Directus MCP Server 代码问题漏洞
The Directus MCP Server is a model context protocol server developed by pixelsock’s individual developers, which connects AI with content management systems. Version 1.0.0 of the Directus MCP Server contains code vulnerabilities. These vulnerabilities stem from the function validateUrl in the MCP...
PT-2026-36758
Name of the Vulnerable Software and Affected Versions pixelsock directus-mcp version 1.0.0 Description A flaw in the MCP Interface component allows for server-side request forgery SSRF, a condition where an attacker can induce the server to make requests to an unintended location. This occurs...
CVE-2026-39943
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus stores revision records in directusrevisions whenever items are created or updated. Due to the revision snapshot code not consistently calling the prepareDelta sanitization pipeline,...
CVE-2026-39943
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus stores revision records in directusrevisions whenever items are created or updated. Due to the revision snapshot code not consistently calling the prepareDelta sanitization pipeline,...
CVE-2026-39943 Directus exposes sensitive fields in revision history
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus stores revision records in directusrevisions whenever items are created or updated. Due to the revision snapshot code not consistently calling the prepareDelta sanitization pipeline,...
EUVD-2026-20952
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus stores revision records in directusrevisions whenever items are created or updated. Due to the revision snapshot code not consistently calling the prepareDelta sanitization pipeline,...