7 matches found
CVE-2024-54151
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 11.0.0 and prior to version 11.3.0, when setting WEBSOCKETSGRAPHQLAUTH or WEBSOCKETSRESTAUTH to "public", an unauthenticated user is able to do any of the supported operations CRUD, subscriptions...
CVE-2024-54151 Directus allows unauthenticated access to WebSocket events and operations
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 11.0.0 and prior to version 11.3.0, when setting WEBSOCKETSGRAPHQLAUTH or WEBSOCKETSRESTAUTH to "public", an unauthenticated user is able to do any of the supported operations CRUD, subscriptions...
Directus allows unauthenticated access to WebSocket events and operations
Summary When setting WEBSOCKETSGRAPHQLAUTH or WEBSOCKETSRESTAUTH to "public", an unauthenticated user is able to do any of the supported operations CRUD, subscriptions with full admin privileges. Details Accountability for unauthenticated WebSocket requests is set to null, which used to be "publi...
GHSA-849R-QRWJ-8RV4 Directus allows unauthenticated access to WebSocket events and operations
Summary When setting WEBSOCKETSGRAPHQLAUTH or WEBSOCKETSRESTAUTH to "public", an unauthenticated user is able to do any of the supported operations CRUD, subscriptions with full admin privileges. Details Accountability for unauthenticated WebSocket requests is set to null, which used to be "publi...
Kieback&Peter DDC4000 安全漏洞
The Kieback&Peter DDC4000 is a building automation and control system from Kieback&Peter, a German company, that is used to manage and monitor various devices in a building. A security vulnerability exists in the Kieback&Peter DDC4000 that stems from the use of weak credentials that could allow a...
CVE-2023-45992
A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certa...
Cross site request forgery (csrf)
A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certa...