CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15 matches found

EUVD•added 2025/11/14 9:45 p.m.•1 views

EUVD-2025-177203

Directus is Vulnerable to Stored Cross-site Scripting...

5.5CVSS5.8AI score0.00036EPSS

Exploits1References3

EUVD•added 2025/11/14 9:45 p.m.•2 views

EUVD-2025-175379

Directus has Improper Permission Handling on Deleted Fields...

4.6CVSS6.4AI score0.00041EPSS

Exploits1References3

RedhatCVE•added 2025/11/14 8:59 p.m.•3 views

CVE-2025-64746

Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.13.0, Directus does not properly clean up field-level permissions when a field is deleted. When a field is removed from a collection, its reference in the permissions table remains intact. This...

5.4CVSS7.3AI score0.00041EPSS

Exploits1References1

EUVD•added 2025/11/13 11:7 p.m.•1 views

EUVD-2025-177199

Directus Vulnerable to Information Leakage in Existing Collections...

4.3CVSS6.3AI score0.00046EPSS

Exploits1References2

NVD•added 2025/11/13 10:15 p.m.•3 views

CVE-2025-64749

Directus is a real-time API and App dashboard for managing SQL database content. An observable difference in error messaging was found in the Directus REST API in versions of Directus prior to version 11.13.0. The /items/collection API returns different error messages for two cases: when a user...

4.3CVSS0.00046EPSS

Exploits1References2

NVD•added 2025/11/13 10:15 p.m.•1 views

CVE-2025-64748

Directus is a real-time API and App dashboard for managing SQL database content. A vulnerability in versions prior to 11.13.0 allows authenticated users to search concealed/sensitive fields when they have read permissions. While actual values remain masked , successful matches can be detected...

6.5CVSS0.00044EPSS

Exploits0References2

NVD•added 2025/11/13 10:15 p.m.•1 views

CVE-2025-64747

Directus is a real-time API and App dashboard for managing SQL database content. A stored cross-site scripting XSS vulnerability exists in versions prior to 11.13.0 that allows users with upload files and edit item permissions to inject malicious JavaScript through the Block Editor interface...

5.5CVSS0.00036EPSS

Exploits1References2

OSV•added 2025/11/13 9:34 p.m.•2 views

CVE-2025-64749 Directus Vulnerable to Information Leakage in Existing Collections

4.3CVSS7.1AI score0.00046EPSS

Exploits1References4

OSV•added 2025/11/13 9:29 p.m.•1 views

CVE-2025-64748 Directus's conceal fields are searchable if read permissions enabled

6.5CVSS7AI score0.00044EPSS

Exploits0References4

Vulnrichment•added 2025/11/13 9:13 p.m.•2 views

CVE-2025-64747 Directus Vulnerable to Stored Cross-site Scripting

5.5CVSS5.5AI score0.00036EPSS

Exploits1References2

CVE•added 2025/11/13 8:54 p.m.•7 views

CVE-2025-64746

Directus before 11.13.0 improperly cleans up field-level permissions when a field is deleted. A stale permission reference remains in the permissions table; if a new field with the same name is created, it inherits those outdated permissions, potentially granting access to data users should not r...

5.4CVSS6.9AI score0.00041EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2025/11/13 8:54 p.m.•4 views

CVE-2025-64746 Directus has Improper Permission Handling on Deleted Fields

4.6CVSS6.9AI score0.00041EPSS

Exploits1References2

Positive Technologies•added 2025/11/13 12:0 a.m.•2 views

PT-2025-46915

Name of the Vulnerable Software and Affected Versions Directus versions prior to 11.13.0 Description Directus REST API exhibits differing error messages when accessing existing but unauthorized collections versus non-existent collections via the /items/collection API endpoint. This discrepancy...

4.3CVSS6.3AI score0.00046EPSS

Exploits1References9

CNNVD•added 2025/11/13 12:0 a.m.•1 views

Directus 安全漏洞

Directus is a real-time Api and application dashboard open-sourced by Directus. It is used to manage Sql database content. A security vulnerability exists in Directus versions prior to 11.13.0 that stems from allowing authenticated users to search for sensitive fields, potentially leading to a...

6.5CVSS6.2AI score0.00044EPSS

Exploits0References3

Positive Technologies•added 2025/11/13 12:0 a.m.•2 views

PT-2025-46912

Name of the Vulnerable Software and Affected Versions Directus versions prior to 11.13.0 Description Directus is a real-time API and App dashboard for managing SQL database content. A stored cross-site scripting XSS issue exists that allows users with upload files and edit item permissions to...

5.5CVSS5.6AI score0.00036EPSS

Exploits1References11

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by