EUVD-2025-21407

Malicious code in bioql PyPI...

CVE-2025-53889

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.9.0, Directus Flows with a manual trigger are not validating whether the user triggering the Flow has permissions to the items provided as payload to the Flow...

GHSA-7CVF-PXGP-42FC Directus' insufficient permission checks can enable unauthenticated users to manually trigger Flows

Summary Directus Flows with a manual trigger are not validating whether the user triggering the Flow has permissions to the items provided as payload to the Flow. Depending on what the Flow is set up to do this can lead to the Flow executing potential tasks on the attacker's behalf without...

Directus' insufficient permission checks can enable unauthenticated users to manually trigger Flows

Summary Directus Flows with a manual trigger are not validating whether the user triggering the Flow has permissions to the items provided as payload to the Flow. Depending on what the Flow is set up to do this can lead to the Flow executing potential tasks on the attacker's behalf without...

CVE-2025-53889

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.9.0, Directus Flows with a manual trigger are not validating whether the user triggering the Flow has permissions to the items provided as payload to the Flow...

CVE-2025-53889 Directus missing permission checks for manual trigger Flows

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.9.0, Directus Flows with a manual trigger are not validating whether the user triggering the Flow has permissions to the items provided as payload to the Flow...

CVE-2025-53889

Summary: CVE-2025-53889 affects Directus up to 11.9.0 where manual trigger Flows do not validate whether the triggering user has read permissions for payload items, potentially allowing unauthorized actions. The issue is fixed in 11.9.0; a workaround is to add permission checks for read access to...

CVE-2025-53889 Directus missing permission checks for manual trigger Flows

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.9.0, Directus Flows with a manual trigger are not validating whether the user triggering the Flow has permissions to the items provided as payload to the Flow...

PT-2025-29529 · Directus · Directus

Name of the Vulnerable Software and Affected Versions: Directus versions 9.12.0 through 11.8.9 Description: Directus is a real-time API and App dashboard for managing SQL database content. Flows with a manual trigger do not validate whether the user triggering the Flow has permissions to the item...

PT-2023-18593 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions through 6.1.1 Description: The issue arises from WordPress's dependence on unpredictable client visits to execute wp-cron.php, which leads to security updates. The source code notes the scenario where a site may not receive...

Suspicious Powershell Downloader

Many campaigns are known to use Powershell downloaders. A remote attacker could convince users to manually trigger their execution. This would allow the malicious code to run and infect the target system...