CVE-2024-34708

Directus is a real-time API and App dashboard for managing SQL database content. A user with permission to view any collection using redacted hashed fields can get access the raw stored version using the alias functionality on the API. Normally, these redacted fields will return however if we...

EUVD-2024-1618

Malicious code in bioql PyPI...

Malicious code in commonweb-setup (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 0c019e3086bf1cec9b859c8fe048187fc7cf6dc866de93fbd0ff2182b3e4fc0a The OpenSSF Package Analysis project identified 'commonweb-setup' @ 10.11.0 npm as malicious. It is considered malicious because: - The package...

MAL-2025-6872 Malicious code in search-result (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6ddb1c5d5505a20da7fa64201ed64cc4b487447debb5dfac4a7d1398b93bcb1a The OpenSSF Package Analysis project identified 'search-result' @ 10.11.0 npm as malicious. It is considered malicious because: - The package...

PT-2024-26123 · Directus · Directus

Name of the Vulnerable Software and Affected Versions: Directus versions prior to 10.11.0 Description: The issue concerns session tokens that do not get properly invalidated when a user logs out. Specifically, the directus session is destroyed, and the cookie is deleted, but if the cookie value i...