6 matches found
Duplicate Advisory: Nest has a Fastify URL Encoding Middleware Bypass
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r4wm-x892-vjmx. This link is maintained to preserve external references. Original Description A NestJS application using @nestjs/platform-fastify can allow bypass of authentication/authorization middleware when...
GHSA-7Q64-3RG2-H9PF Duplicate Advisory: Nest has a Fastify URL Encoding Middleware Bypass
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-r4wm-x892-vjmx. This link is maintained to preserve external references. Original Description A NestJS application using @nestjs/platform-fastify can allow bypass of authentication/authorization middleware when...
CVE-2026-2293
A NestJS application using @nestjs/platform-fastify can allow bypass of authentication/authorization middleware when Fastify path-normalization options are enabled. This issue affects nest.Js: 11.1.13...
CVE-2025-64748
Directus is a real-time API and App dashboard for managing SQL database content. A vulnerability in versions prior to 11.13.0 allows authenticated users to search concealed/sensitive fields when they have read permissions. While actual values remain masked , successful matches can be detected...
PT-2025-46911
Name of the Vulnerable Software and Affected Versions Directus versions prior to 11.13.0 Description Directus does not properly remove field-level permissions when a field is deleted. When a field is removed from a collection, its reference in the permissions table is not cleared. This creates a...
EUVD-2025-36625
Cross-Site Request Forgery CSRF vulnerability in blubrry PowerPress Podcasting powerpress allows Cross Site Request Forgery.This issue affects PowerPress Podcasting: from n/a through = 11.13.12...