CVE-2025-64749 Directus Vulnerable to Information Leakage in Existing Collections

Directus is a real-time API and App dashboard for managing SQL database content. An observable difference in error messaging was found in the Directus REST API in versions of Directus prior to version 11.13.0. The /items/collection API returns different error messages for two cases: when a user...

IDOR allows to create new collection or modify a existing one

Description A normal user can create a new collection with the provided book ids or add new books to an existing collection, whose operations should be only executed by the administrator. \ \ This is possible due to an missing administrative role check in the /api/collection/update-for-series API...