Lucene search
K

7 matches found

NVD
NVD
added 2024/12/09 9:15 p.m.21 views

CVE-2024-54151

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 11.0.0 and prior to version 11.3.0, when setting WEBSOCKETSGRAPHQLAUTH or WEBSOCKETSRESTAUTH to "public", an unauthenticated user is able to do any of the supported operations CRUD, subscriptions...

7.5CVSS0.00577EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/12/09 8:57 p.m.19 views

CVE-2024-54151 Directus allows unauthenticated access to WebSocket events and operations

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 11.0.0 and prior to version 11.3.0, when setting WEBSOCKETSGRAPHQLAUTH or WEBSOCKETSRESTAUTH to "public", an unauthenticated user is able to do any of the supported operations CRUD, subscriptions...

7.5CVSS7.8AI score0.00577EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2024/12/09 8:40 p.m.32 views

Directus allows unauthenticated access to WebSocket events and operations

Summary When setting WEBSOCKETSGRAPHQLAUTH or WEBSOCKETSRESTAUTH to "public", an unauthenticated user is able to do any of the supported operations CRUD, subscriptions with full admin privileges. Details Accountability for unauthenticated WebSocket requests is set to null, which used to be "publi...

7.5CVSS6.9AI score0.00577EPSS
Exploits1References4Affected Software2
OSV
OSV
added 2024/12/09 8:40 p.m.15 views

GHSA-849R-QRWJ-8RV4 Directus allows unauthenticated access to WebSocket events and operations

Summary When setting WEBSOCKETSGRAPHQLAUTH or WEBSOCKETSRESTAUTH to "public", an unauthenticated user is able to do any of the supported operations CRUD, subscriptions with full admin privileges. Details Accountability for unauthenticated WebSocket requests is set to null, which used to be "publi...

7.5CVSS7.5AI score0.00577EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/10/22 12:0 a.m.3 views

Kieback&Peter DDC4000 安全漏洞

The Kieback&Peter DDC4000 is a building automation and control system from Kieback&Peter, a German company, that is used to manage and monitor various devices in a building. A security vulnerability exists in the Kieback&Peter DDC4000 that stems from the use of weak credentials that could allow a...

9.8CVSS7AI score0.0043EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/10/19 7:15 p.m.5 views

CVE-2023-45992

A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certa...

9.6CVSS5.9AI score0.00586EPSS
Exploits1References6
Prion
Prion
added 2023/10/19 7:15 p.m.24 views

Cross site request forgery (csrf)

A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certa...

6.8CVSS9.1AI score0.00586EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder