GHSA-8M32-P958-JG99 Directus: Missing Cross-Origin Opener Policy

Summary Directus's Single Sign-On SSO login pages lacked a Cross-Origin-Opener-Policy COOP HTTP response header. Without this header, a malicious cross-origin window that opens the Directus login page retains the ability to access and manipulate the window object of that page. An attacker can...

PT-2026-30325

Name of the Vulnerable Software and Affected Versions Directus versions prior to 11.17.0 Description Directus SSO login pages were missing the Cross-Origin-Opener-Policy COOP HTTP response header. This allowed a malicious cross-origin window to access and manipulate the window object of the...

Open Redirect

Overview litestar-vite is a Vite plugin for Litestar Affected versions of this package are vulnerable to Open Redirect due to missing same-origin validation on redirect targets. The InertiaBack redirect logic trusts the Referer header, and InertiaRedirect accepts a redirectto parameter without...

EUVD-2025-38317

The SourceCodester Leads Manager Tool v1.0 is vulnerable to Cross-Site Request Forgery CSRF attacks that allow unauthorized state-changing operations. The application lacks CSRF protection mechanisms such as anti-CSRF tokens or same-origin verification for critical endpoints...