5 matches found
EUVD-2025-21407
Malicious code in bioql PyPI...
CVE-2025-53889
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.9.0, Directus Flows with a manual trigger are not validating whether the user triggering the Flow has permissions to the items provided as payload to the Flow...
CVE-2025-53889 Directus missing permission checks for manual trigger Flows
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.9.0, Directus Flows with a manual trigger are not validating whether the user triggering the Flow has permissions to the items provided as payload to the Flow...
CVE-2025-53889
Summary: CVE-2025-53889 affects Directus up to 11.9.0 where manual trigger Flows do not validate whether the triggering user has read permissions for payload items, potentially allowing unauthorized actions. The issue is fixed in 11.9.0; a workaround is to add permission checks for read access to...
PT-2025-29529 · Directus · Directus
Name of the Vulnerable Software and Affected Versions: Directus versions 9.12.0 through 11.8.9 Description: Directus is a real-time API and App dashboard for managing SQL database content. Flows with a manual trigger do not validate whether the user triggering the Flow has permissions to the item...