Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Positive Technologies
Positive Technologiesadded 2026/04/30 12:0 a.m.2 views

PT-2026-36200

Name of the Vulnerable Software and Affected Versions IBM Langflow OSS versions 1.0.0 through 1.8.4 Description An issue exists where any user can provide a flow id to read transaction logs and vertex build data belonging to other users. Additionally, this allows for the deletion of persisted...

6.5CVSS5.8AI score0.00052EPSS
Exploits0References6
Github Security Blog
Github Security Blogadded 2026/04/04 6:12 a.m.12 views

Directus: Sensitive fields exposed in revision history

Summary Directus stores revision records in directusrevisions whenever items are created or updated. Due to the revision snapshot code not consistently calling the prepareDelta sanitization pipeline, sensitive fields including user tokens, two-factor authentication secrets, external auth...

6.5CVSS5.9AI score0.00032EPSS
Exploits0References4Affected Software1
Snyk
Snykadded 2026/04/04 6:12 a.m.0 views

Cleartext Storage of Sensitive Information

Overview directus is a Directus is a real-time API and App dashboard for managing SQL database content. Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in the process that stores revision records and logs flow operation payloads, where sensitive fiel...

7.1CVSS5.9AI score0.00032EPSS
Exploits0References2
OSV
OSVadded 2026/04/04 6:12 a.m.1 views

GHSA-MVV8-V4JJ-G47J Directus: Sensitive fields exposed in revision history

Summary Directus stores revision records in directusrevisions whenever items are created or updated. Due to the revision snapshot code not consistently calling the prepareDelta sanitization pipeline, sensitive fields including user tokens, two-factor authentication secrets, external auth...

6.5CVSS5.8AI score0.00032EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2025/07/15 3:28 p.m.6 views

Directus tokens are not redacted in flow logs, exposing session credentials to all admin

Summary When using Directus Flows with the WebHook trigger, all incoming request details are logged including security sensitive data like access and refresh tokens in cookies. Impact Malicious admins with access to the logs can hijack the user sessions within the token expiration time of them...

4.5CVSS6.3AI score0.0031EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichmentadded 2025/07/14 11:35 p.m.2 views

CVE-2025-53886 Directus doesn't redact tokens in Flow logs

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, when using Directus Flows with the WebHook trigger all incoming request details are logged including security sensitive data like access and refresh tokens in...

4.5CVSS7.7AI score0.0031EPSS
Exploits0References4
Kitploit
Kitploitadded 2019/09/30 12:0 p.m.145 views

Terraform AWS Secure Baseline - Terraform Module To Set Up Your AWS Account With The Secure Baseline Configuration Based On CIS Amazon Web Services Foundations

Terraform Module Registry A terraform module to set up your AWS account with the reasonably secure configuration baseline. Most configurations are based on CIS Amazon Web Services Foundations v1.2.0. See Benchmark Compliance to check which items in CIS benchmark are covered. Starting from v0.10.0...

7AI score
Exploits0References11
Rows per page
Query Builder