Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Packet Storm News
Packet Storm Newsadded 2025/07/07 12:0 a.m.2 views

Layered, Overlapping, and Inconsistent: a Large-Scale Analysis of the Multiple Privacy Policies and Controls of U.S. Banks

Whitepaper called Layered, Overlapping, And Inconsistent: A Large-Scale Analysis Of The Multiple Privacy Policies And Controls Of U.S. Banks...

7AI score
Exploits0
OSV
OSVadded 2025/02/19 5:46 p.m.1 views

GHSA-99VM-5V2H-H6R6 Directus allows updates to non-allowed fields due to overlapping policies

Summary If there are two overlapping policies for the update action that allow access to different fields, instead of correctly checking access permissions against the item they apply for the user is allowed to update the superset of fields allowed by any of the policies. E.g. have one policy...

5.4CVSS5.9AI score0.0022EPSS
Exploits0References5
Github Security Blog
Github Security Blogadded 2025/02/19 5:46 p.m.15 views

Directus allows updates to non-allowed fields due to overlapping policies

Summary If there are two overlapping policies for the update action that allow access to different fields, instead of correctly checking access permissions against the item they apply for the user is allowed to update the superset of fields allowed by any of the policies. E.g. have one policy...

5.4CVSS6.9AI score0.0022EPSS
Exploits0References5Affected Software2
Vulnrichment
Vulnrichmentadded 2025/02/19 4:42 p.m.8 views

CVE-2025-27089 Overlapping policies allow update to non-allowed fields in directus

Directus is a real-time API and App dashboard for managing SQL database content. In affected versions if there are two overlapping policies for the update action that allow access to different fields, instead of correctly checking access permissions against the item they apply for the user is...

5.4CVSS5.8AI score0.0022EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/02/19 4:42 p.m.23 views

CVE-2025-27089 Overlapping policies allow update to non-allowed fields in directus

Directus is a real-time API and App dashboard for managing SQL database content. In affected versions if there are two overlapping policies for the update action that allow access to different fields, instead of correctly checking access permissions against the item they apply for the user is...

5.4CVSS0.0022EPSS
Exploits0References2
CNNVD
CNNVDadded 2025/02/19 12:0 a.m.1 views

Directus 安全漏洞

Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. A security vulnerability exists in Directus versions prior to 11.1.2, which stems from the fact that if an update operation has two overlapping policies that allow access to...

5.4CVSS6.4AI score0.0022EPSS
Exploits0References2
Rows per page
Query Builder