EUVD-2024-0993

Malicious code in bioql PyPI...

EUVD-2025-0183

Malicious code in bioql PyPI...

EUVD-2024-3448

Malicious code in bioql PyPI...

ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1) +137 more potentially affected by CVE-2025-8419 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=26.2.5)

org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =0.1.0, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.0.1, =1.0.2 - com.kleegroup.accelerator:accelerator-security-keycloakmfa =1.0.1 and more Source cves: CVE-2025-8419 Source advisory:...

Improper Access Control

Directus is vulnerable to an improper access control vulnerability. The vulnerability is due to a flaw in the file update mechanism, which allows an attacker to modify existing files or upload arbitrary files without authentication, bypassing metadata tracking and evading visibility in the Direct...

@altipla/directus-sdk-utils (=0.7.2), @angular-devkit/build-angular (>=20.2.0 <=21.0.0-rc.1) +58 more potentially affected by CVE-2025-58751 via vite (>=7.1.0 <=7.1.4)

vite NPM version =7.1.0, =20.2.0, =20.2.0, =2.1.2-alpha.0, =0.0.0, =2.14.0, =5.0.0-beta.4, =30.0.0, =16.0.1, =1.0.0, =3.22.0, =9.0.0-next.68, =21.0.0-alpha.10, =21.0.0-alpha.10, =21.0.0-next.9 and more Source cves: CVE-2025-58751 Source advisory: OSV:GHSA-G4JQ-H2W9-997C...

@altipla/directus-sdk-utils (=0.7.2), @angular-devkit/build-angular (>=20.2.0 <=21.0.0-rc.1) +58 more potentially affected by CVE-2025-58752 via vite (>=7.1.0 <=7.1.4)

vite NPM version =7.1.0, =20.2.0, =20.2.0, =2.1.2-alpha.0, =0.0.0, =2.14.0, =5.0.0-beta.4, =30.0.0, =16.0.1, =1.0.0, =3.22.0, =9.0.0-next.68, =21.0.0-alpha.10, =21.0.0-alpha.10, =21.0.0-next.9 and more Source cves: CVE-2025-58752 Source advisory: SNYK:JS-VITE-12558116...

CVE-2025-55746

Directus is a real-time API and App dashboard for managing SQL database content. From 10.8.0 to before 11.9.3, a vulnerability exists in the file update mechanism which allows an unauthenticated actor to modify existing files with arbitrary contents without changes being applied to the files'...

GHSA-MV33-9F6J-PFMC Directus allows unauthenticated file upload and file modification due to lacking input sanitization

Summary A vulnerability exists in the file update mechanism which allows an unauthenticated actor to modify existing files with arbitrary contents without changes being applied to the files' database-resident metadata and / or upload new files, with arbitrary content and extensions, which won't...

External Control of File Name or Path

Overview @directus/api is a real-time API and App dashboard for managing SQL database content Affected versions of this package are vulnerable to External Control of File Name or Path via the write and join method, which used the fullPath method to create the absolute path. An attacker can upload...

CVE-2025-55746

Directus is a real-time API and App dashboard for managing SQL database content. From 10.8.0 to before 11.9.3, a vulnerability exists in the file update mechanism which allows an unauthenticated actor to modify existing files with arbitrary contents without changes being applied to the files'...

CVE-2025-55746 Directus allows unauthenticated file upload and file modification due to lacking input sanitization

Directus is a real-time API and App dashboard for managing SQL database content. From 10.8.0 to before 11.9.3, a vulnerability exists in the file update mechanism which allows an unauthenticated actor to modify existing files with arbitrary contents without changes being applied to the files'...

CVE-2025-55746 Directus allows unauthenticated file upload and file modification due to lacking input sanitization

Directus is a real-time API and App dashboard for managing SQL database content. From 10.8.0 to before 11.9.3, a vulnerability exists in the file update mechanism which allows an unauthenticated actor to modify existing files with arbitrary contents without changes being applied to the files'...

CVE-2025-55746 Directus allows unauthenticated file upload and file modification due to lacking input sanitization

Directus is a real-time API and App dashboard for managing SQL database content. From 10.8.0 to before 11.9.3, a vulnerability exists in the file update mechanism which allows an unauthenticated actor to modify existing files with arbitrary contents without changes being applied to the files'...

CVE-2025-55746

Directus vulnerability (CVE-2025-55746) affects Directus real-time API/dashboard. From 10.8.0 to before 11.9.3, an issue in the file update mechanism lets an unauthenticated actor modify existing files with arbitrary content and/or upload new files (with arbitrary extensions) without updating dat...

Directus 安全漏洞

Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. A security vulnerability exists in Directus versions prior to 10.8.0 through 11.9.3 that stems from a file update mechanism that allows unauthenticated participants to modify...

PT-2025-34141

Name of the Vulnerable Software and Affected Versions Directus versions 10.8.0 through 11.9.2 Description A flaw in the file update mechanism of the Directus API allows an unauthenticated actor to modify existing files with arbitrary content or upload new files with arbitrary content and...

@skuhnow/directus (>=9.8.0 <=9.14.4) potentially affected by CVE-2025-54369 via node-saml (=4.0.0-beta.2)

node-saml NPM version =4.0.0-beta.2 is affected by a known vulnerability. The following packages have a transitive dependency on node-saml and may be impacted: - @skuhnow/directus =9.8.0, =9.14.4 Source cves: CVE-2025-54369 Source advisory: SNYK:JS-NODESAML-10946571...

Information Disclosure

Directus is vulnerable to information disclosure. The vulnerability is due to improper handling of user data in the "Log to Console" operation within Directus Flows, which allows an attacker with admin privileges to log and access sensitive data of other users during create or update events...

Improper Access Control

Directus is vulnerable to Improper Access Control. The vulnerability is due to manual trigger Flows not validating user permissions for the payload items, which allows an attacker to execute unauthorized tasks or access restricted collections/items without proper authentication or access rights...