8 matches found
CVE-2026-44976
Frappe is a full-stack web application framework. Prior to version 16.17.4, any user can modify any field in any Onboarding Step record. This issue has been patched in version 16.17.4...
CVE-2025-52656
HCL MyXalytics: 6.6. is affected by Mass Assignment vulnerability. Mass Assignment occurs when user input is automatically bound to application objects without proper validation or access controls, potentially allowing unauthorized modification of sensitive fields...
CVE-2025-52656 HCL MyXalytics product is affected by Mass Assignment vulnerability
HCL MyXalytics: 6.6. is affected by Mass Assignment vulnerability. Mass Assignment occurs when user input is automatically bound to application objects without proper validation or access controls, potentially allowing unauthorized modification of sensitive fields...
CVE-2025-52656 HCL MyXalytics product is affected by Mass Assignment vulnerability
HCL MyXalytics: 6.6. is affected by Mass Assignment vulnerability. Mass Assignment occurs when user input is automatically bound to application objects without proper validation or access controls, potentially allowing unauthorized modification of sensitive fields...
CVE-2025-30352 Directus `search` query parameter allows enumeration of non permitted fields
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0-alpha.4 and prior to version 11.5.0, the search query parameter allows users with access to a collection to filter items based on fields they do not have permission to view. This allows the...
CVE-2025-30352 Directus `search` query parameter allows enumeration of non permitted fields
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0-alpha.4 and prior to version 11.5.0, the search query parameter allows users with access to a collection to filter items based on fields they do not have permission to view. This allows the...
Directus 信息泄露漏洞
Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. An information disclosure vulnerability exists in Directus versions prior to 9.0.0-alpha.4 through 11.5.0, which stems from the search parameter that can lead to unauthorized...
CVE-2025-24353
Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.2.0, when sharing an item, a typical user can specify an arbitrary role. It allows the user to use a higher-privileged role to see fields that otherwise the user should not be able to see. Instanc...