CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

836 matches found

OSV•added 2025/11/13 9:13 p.m.•4 views

CVE-2025-64747 Directus Vulnerable to Stored Cross-site Scripting

Directus is a real-time API and App dashboard for managing SQL database content. A stored cross-site scripting XSS vulnerability exists in versions prior to 11.13.0 that allows users with upload files and edit item permissions to inject malicious JavaScript through the Block Editor interface...

5.5CVSS5.9AI score0.0021EPSS

Exploits1References4

CVE•added 2025/11/13 8:54 p.m.•15 views

CVE-2025-64746

Directus before 11.13.0 improperly cleans up field-level permissions when a field is deleted. A stale permission reference remains in the permissions table; if a new field with the same name is created, it inherits those outdated permissions, potentially granting access to data users should not r...

5.4CVSS6.9AI score0.00163EPSS

Exploits1References2Affected Software1

OSV•added 2025/11/13 8:54 p.m.•4 views

CVE-2025-64746 Directus has Improper Permission Handling on Deleted Fields

Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.13.0, Directus does not properly clean up field-level permissions when a field is deleted. When a field is removed from a collection, its reference in the permissions table remains intact. This...

4.6CVSS7.2AI score0.00163EPSS

Exploits1References4

Cvelist•added 2025/11/13 8:54 p.m.•8 views

CVE-2025-64746 Directus has Improper Permission Handling on Deleted Fields

4.6CVSS0.00163EPSS

Exploits1References2

Vulnrichment•added 2025/11/13 8:54 p.m.•4 views

CVE-2025-64746 Directus has Improper Permission Handling on Deleted Fields

4.6CVSS6.9AI score0.00163EPSS

Exploits1References2

Positive Technologies•added 2025/11/13 12:0 a.m.•5 views

PT-2025-46912

Name of the Vulnerable Software and Affected Versions Directus versions prior to 11.13.0 Description Directus is a real-time API and App dashboard for managing SQL database content. A stored cross-site scripting XSS issue exists that allows users with upload files and edit item permissions to...

5.5CVSS5.6AI score0.0021EPSS

Exploits1References11

CNNVD•added 2025/11/13 12:0 a.m.•3 views

Directus 安全漏洞

Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. A security vulnerability exists in Directus versions prior to 11.13.0 that stems from a REST API error message discrepancy that could lead to the disclosure of unauthorized...

4.3CVSS6.1AI score0.00302EPSS

Exploits1References3

Positive Technologies•added 2025/11/13 12:0 a.m.•4 views

PT-2025-46914

Name of the Vulnerable Software and Affected Versions Directus versions prior to 11.13.0 Description Directus allows authenticated users to search concealed or sensitive fields when they have read permissions. While the actual values are masked, successful matches can be detected through returned...

6.5CVSS5.8AI score0.00241EPSS

Exploits0References12

CNNVD•added 2025/11/13 12:0 a.m.•3 views

Directus 安全漏洞

Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. A security vulnerability exists in Directus versions prior to 11.13.0 that stems from field-level permissions not being properly cleared when deleting fields, which could lea...

5.4CVSS6.3AI score0.00163EPSS

Exploits1References3

CNNVD•added 2025/11/13 12:0 a.m.•2 views

Directus 安全漏洞

Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. A security vulnerability exists in Directus versions prior to 11.13.0 that stems from allowing authenticated users to search for sensitive fields, potentially leading to a...

6.5CVSS6.2AI score0.00241EPSS

Exploits0References3

Positive Technologies•added 2025/11/13 12:0 a.m.•6 views

PT-2025-46911

Name of the Vulnerable Software and Affected Versions Directus versions prior to 11.13.0 Description Directus does not properly remove field-level permissions when a field is deleted. When a field is removed from a collection, its reference in the permissions table is not cleared. This creates a...

4.6CVSS6.5AI score0.00163EPSS

Exploits1References9

CNNVD•added 2025/11/13 12:0 a.m.•3 views

Directus 跨站脚本漏洞

Directus is a real-time Api and application dashboard from Directus Open Source. It is used to manage Sql database content. A cross-site scripting vulnerability exists in Directus versions prior to 11.13.0, which stems from a stored cross-site scripting vulnerability in the Block Editor interface...

5.5CVSS5.3AI score0.0021EPSS

Exploits1References3

Positive Technologies•added 2025/11/13 12:0 a.m.•4 views

PT-2025-46915

Name of the Vulnerable Software and Affected Versions Directus versions prior to 11.13.0 Description Directus REST API exhibits differing error messages when accessing existing but unauthorized collections versus non-existent collections via the /items/collection API endpoint. This discrepancy...

4.3CVSS6.3AI score0.00302EPSS

Exploits1References9