Nezha has cross-site GET request that can trigger stored cron commands on a victim's agents

Summary The dashboard exposes the cron manual-trigger action as an authenticated GET /api/v1/cron/:id/manual endpoint. Dashboard JWTs are sent in the nz-jwt cookie and configured with SameSite=Lax, which browsers include on top-level cross-site GET navigations. Because this state-changing GET...

GHSA-8QHJ-4F8C-J8QG Nezha has cross-site GET request that can trigger stored cron commands on a victim's agents

Summary The dashboard exposes the cron manual-trigger action as an authenticated GET /api/v1/cron/:id/manual endpoint. Dashboard JWTs are sent in the nz-jwt cookie and configured with SameSite=Lax, which browsers include on top-level cross-site GET navigations. Because this state-changing GET...

PT-2026-48481

Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions 1.0.0 through 2.0.13 Description A cross-site request forgery CSRF issue exists where a cross-site GET request can trigger stored cron commands on a victim's agents. The dashboard exposes a manual-trigger action via t...

EUVD-2025-21407

Malicious code in bioql PyPI...

CVE-2025-53889

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.9.0, Directus Flows with a manual trigger are not validating whether the user triggering the Flow has permissions to the items provided as payload to the Flow...

Directus' insufficient permission checks can enable unauthenticated users to manually trigger Flows

Summary Directus Flows with a manual trigger are not validating whether the user triggering the Flow has permissions to the items provided as payload to the Flow. Depending on what the Flow is set up to do this can lead to the Flow executing potential tasks on the attacker's behalf without...

GHSA-7CVF-PXGP-42FC Directus' insufficient permission checks can enable unauthenticated users to manually trigger Flows

Summary Directus Flows with a manual trigger are not validating whether the user triggering the Flow has permissions to the items provided as payload to the Flow. Depending on what the Flow is set up to do this can lead to the Flow executing potential tasks on the attacker's behalf without...

CVE-2025-53889

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.9.0, Directus Flows with a manual trigger are not validating whether the user triggering the Flow has permissions to the items provided as payload to the Flow...

CVE-2025-53889 Directus missing permission checks for manual trigger Flows

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.9.0, Directus Flows with a manual trigger are not validating whether the user triggering the Flow has permissions to the items provided as payload to the Flow...

CVE-2025-53889 Directus missing permission checks for manual trigger Flows

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.9.0, Directus Flows with a manual trigger are not validating whether the user triggering the Flow has permissions to the items provided as payload to the Flow...

CVE-2025-53889

Summary: CVE-2025-53889 affects Directus up to 11.9.0 where manual trigger Flows do not validate whether the triggering user has read permissions for payload items, potentially allowing unauthorized actions. The issue is fixed in 11.9.0; a workaround is to add permission checks for read access to...

PT-2025-29529 · Directus · Directus

Name of the Vulnerable Software and Affected Versions: Directus versions 9.12.0 through 11.8.9 Description: Directus is a real-time API and App dashboard for managing SQL database content. Flows with a manual trigger do not validate whether the user triggering the Flow has permissions to the item...

PT-2023-18593 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions through 6.1.1 Description: The issue arises from WordPress's dependence on unpredictable client visits to execute wp-cron.php, which leads to security updates. The source code notes the scenario where a site may not receive...

Suspicious Powershell Downloader

Many campaigns are known to use Powershell downloaders. A remote attacker could convince users to manually trigger their execution. This would allow the malicious code to run and infect the target system...