Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Vulnrichment
Vulnrichmentadded 2026/03/11 6:2 p.m.1 views

CVE-2026-31872 Parse Server has a protected fields bypass via dot-notation in query and sort

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.6 and 8.6.32, the protectedFields class-level permission CLP can be bypassed using dot-notation in query WHERE clauses and sort parameters. An attacker can use dot-notation...

8.7CVSS5.8AI score0.00049EPSS
Exploits0References3
Cvelist
Cvelistadded 2025/03/26 5:18 p.m.8 views

CVE-2025-30352 Directus `search` query parameter allows enumeration of non permitted fields

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0-alpha.4 and prior to version 11.5.0, the search query parameter allows users with access to a collection to filter items based on fields they do not have permission to view. This allows the...

5.3CVSS0.00144EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/03/26 5:18 p.m.4 views

CVE-2025-30352 Directus `search` query parameter allows enumeration of non permitted fields

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0-alpha.4 and prior to version 11.5.0, the search query parameter allows users with access to a collection to filter items based on fields they do not have permission to view. This allows the...

5.3CVSS5.6AI score0.00144EPSS
Exploits0References2
CVE
CVEadded 2025/03/26 5:18 p.m.84 views

CVE-2025-30352

CVE-2025-30352 affects Directus real-time API/dashboard. Versions 9.0.0-alpha.4 through 11.5.0 are vulnerable due to the search query parameter not checking view permissions when constructing WHERE clauses, allowing enumeration of contents in fields the user should not see. The underlying issue i...

5.3CVSS7.7AI score0.00144EPSS
Exploits0References2Affected Software1
CNNVD
CNNVDadded 2025/03/26 12:0 a.m.3 views

Directus 信息泄露漏洞

Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. An information disclosure vulnerability exists in Directus versions prior to 9.0.0-alpha.4 through 11.5.0, which stems from the search parameter that can lead to unauthorized...

5.3CVSS5.9AI score0.00144EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2023/10/02 12:0 a.m.1 views

PT-2023-7010 · Phpipam · Phpipam

Name of the Vulnerable Software and Affected Versions: phpipam versions prior to 1.5.2 Description: The issue allows attackers to enumerate arbitrary fields in the LDAP server and access sensitive data via a crafted POST request. This is possible due to a LDAP injection vulnerability via the dnam...

7.8CVSS7.5AI score0.0056EPSS
Exploits1References7
Rows per page
Query Builder