2 matches found
CVE-2025-64748
Directus is a real-time API and App dashboard for managing SQL database content. A vulnerability in versions prior to 11.13.0 allows authenticated users to search concealed/sensitive fields when they have read permissions. While actual values remain masked , successful matches can be detected...
PT-2025-46911
Name of the Vulnerable Software and Affected Versions Directus versions prior to 11.13.0 Description Directus does not properly remove field-level permissions when a field is deleted. When a field is removed from a collection, its reference in the permissions table is not cleared. This creates a...