2640 matches found
CVE-2025-53889 Directus missing permission checks for manual trigger Flows
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.9.0, Directus Flows with a manual trigger are not validating whether the user triggering the Flow has permissions to the items provided as payload to the Flow...
CVE-2025-53889
Summary: CVE-2025-53889 affects Directus up to 11.9.0 where manual trigger Flows do not validate whether the triggering user has read permissions for payload items, potentially allowing unauthorized actions. The issue is fixed in 11.9.0; a workaround is to add permission checks for read access to...
CVE-2025-53889 Directus missing permission checks for manual trigger Flows
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.9.0, Directus Flows with a manual trigger are not validating whether the user triggering the Flow has permissions to the items provided as payload to the Flow...
Directus 授权问题漏洞
Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. An authorization issue vulnerability exists in Directus versions prior to 9.12.0 to 11.9.0 that stems from a manual trigger process that does not validate permissions, which...
PT-2025-29529 · Directus · Directus
Name of the Vulnerable Software and Affected Versions: Directus versions 9.12.0 through 11.8.9 Description: Directus is a real-time API and App dashboard for managing SQL database content. Flows with a manual trigger do not validate whether the user triggering the Flow has permissions to the item...
igc: fix PTM cycle trigger logic
...
CVE-2025-21466
Memory corruption while processing a private escape command in an event trigger...
CVE-2025-21466
Memory corruption while processing a private escape command in an event trigger...
CVE-2025-21466 Use After Free in Display
Memory corruption while processing a private escape command in an event trigger...
CVE-2025-21466
CVE-2025-21466 affects Qualcomm chipsets; memory corruption occurs during processing of a private escape command in an event trigger (root cause: improper handling within event-trigger processing). The impact is described as high for confidentiality, integrity, and availability, with a local atta...
The vulnerability of the formL2TPSetup() function (/goform/formL2TPSetup) of the Belkin F9K1122 Wi-Fi range extender software allows a intruder to trigger a service failure.
The vulnerability of the formL2TPSetup function /goform/formL2TPSetup of the Belkin F9K1122 Wi-Fi range extender software is caused by buffer overflow in the stack. Exploiting this vulnerability could allow an attacker to cause a service failure remotely...
CVE-2025-20323
In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a low-privileged user that does not hold the "admin" or "power" Splunk roles could turn off the scheduled search Bucket Copy Trigger within the Splunk Archiver application. This is because of missing access controls in the saved...
Security update for glib2
This update for glib2 fixes the following issues: Security issues: CVE-2025-4373: Fixed handling gssize parameters bsc1242844. CVE-2025-3360: Fixed integer overflow and buffer underread when parsing a very long and invalid ISO 8601 timestamp with gdatetimenewfromiso8601 bsc1240897 Non security...
The vulnerability of the hugetlb.c component in the Linux operating system’s kernel allows a hacker to trigger a service failure.
The vulnerability of the hugetlb.c component in the Linux operating system’s kernel is related to the insufficient use of the assert function. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the tracing/trigger component in the Linux operating system’s kernel allows a hacker to cause a service failure.
The vulnerability of the Linux operating system’s kernel component, “tracing/trigger”, is related to improper handling of exceptional states. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the request processing function in TOTOLINK A702R router microprogramming software allows a intruder to trigger a service failure.
The vulnerability of the request processing function in TOTOLINK A702R router microprogramming systems lies in the issue of the operation exceeding the buffer boundaries in memory when processing the submit-url parameter. Exploiting this vulnerability allows a malicious actor to cause service...
AZL-64337 CVE-2024-11584 affecting package cloud-init for versions less than 24.3.1-2
cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the "/run/cloud-init/hook-hotplug-cmd" FIFO. An unprivileged user could trigger hotplug-hook commands...
cloud-init 安全漏洞
cloud-init is an industry-standard multi-distribution method for cross-platform cloud instance initialization open-sourced by Canonical. A security vulnerability exists in cloud-init version 25.1.2 and earlier, which stems from the default SocketMode permission of 0666 for...
SPA: Towards More Stealth and Persistent Backdoor Attacks in Federated Learning
Federated Learning FL has emerged as a leading paradigm for privacy-preserving distributed machine learning, yet the distributed nature of FL introduces unique security challenges, notably the threat of backdoor attacks. Existing backdoor strategies predominantly rely on end-to-end label...
The vulnerability of the IBM Verify Identity Access Digital Credentials access control system lies in the absence of a reference to an active, allocated resource. This allows attackers to trigger a service failure.
The vulnerability of the IBM Verify Identity Access Digital Credentials access control system lies in the absence of a reference to an active, allocated resource. Exploiting this vulnerability could allow a malicious actor, operating remotely, to trigger a service failure using a specially create...