Lucene search
+L

5 matches found

RedhatCVE
RedhatCVE
added 2025/07/16 11:44 p.m.10 views

CVE-2025-53886

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, when using Directus Flows with the WebHook trigger all incoming request details are logged including security sensitive data like access and refresh tokens in...

4.5CVSS7.8AI score0.00387EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2025/07/15 3:28 p.m.11 views

@altipla/directus-sdk-utils (=0.7.2), @bicou/directus-extension-imagga (>=1.6.3 <=1.6.6) +9 more potentially affected by CVE-2025-53886 via directus (>=10.10.0 <=11.8.0)

directus NPM version =10.10.0, =1.6.3, =11.16.1-depup.0, =15.0.0, =1.2.2, =1.0.0, =2.0.0 - directus-extension-blog-year-filter =1.0.0 - lease-directus-template =0.0.0 Source cves: CVE-2025-53886 Source advisory: OSV:GHSA-F24X-RM6G-3W5V...

4.5CVSS5.8AI score0.00387EPSS
Exploits0
NVD
NVD
added 2025/07/15 12:15 a.m.22 views

CVE-2025-53886

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, when using Directus Flows with the WebHook trigger all incoming request details are logged including security sensitive data like access and refresh tokens in...

4.5CVSS0.00387EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/07/14 11:35 p.m.3 views

CVE-2025-53886 Directus doesn't redact tokens in Flow logs

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, when using Directus Flows with the WebHook trigger all incoming request details are logged including security sensitive data like access and refresh tokens in...

4.5CVSS7.7AI score0.00387EPSS
Exploits0References4
CVE
CVE
added 2025/07/14 11:35 p.m.118 views

CVE-2025-53886

Directus vulnerability CVE-2025-53886 affects Directus with Flows using the WebHook trigger prior to version 11.9.0. The issue logs all incoming request details, including sensitive data such as access and refresh tokens stored in cookies, enabling a user with log access (malicious admins) to hij...

4.5CVSS7AI score0.00387EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder