Directus@* Security Vulnerabilities and Issues — Directus@* CVE List

Lucene search

MonospaceDirectus*

8 matches found

CVE•added 2025/03/26 6:15 p.m.•82 views

CVE-2025-30353

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.5.0, when a Flow with the "Webhook" trigger and the "Data of Last Operation" response body encounters a ValidationError thrown by a failed condition operation, the API...

8.6CVSS7.6AI score0.00067EPSS

CVE•added 2025/03/26 6:15 p.m.•80 views

CVE-2025-30351

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 10.10.0 and prior to version 11.5.0, a suspended user can use the token generated in session auth mode to access the API despite their status. This happens because there is a check missing in verify...

4.3CVSS7.7AI score0.00099EPSS

CVE•added 2025/03/26 6:15 p.m.•76 views

CVE-2025-30352

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0-alpha.4 and prior to version 11.5.0, the search query parameter allows users with access to a collection to filter items based on fields they do not have permission to view. This allows the en...

5.3CVSS7.7AI score0.00048EPSS

CVE•added 2025/02/19 5:15 p.m.•68 views

CVE-2025-27089

Directus is a real-time API and App dashboard for managing SQL database content. In affected versions if there are two overlapping policies for the update action that allow access to different fields, instead of correctly checking access permissions against the item they apply for the user is allow...

5.4CVSS5.8AI score0.00046EPSS

CVE•added 2025/07/15 12:15 a.m.•12 views

CVE-2025-53889

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.9.0, Directus Flows with a manual trigger are not validating whether the user triggering the Flow has permissions to the items provided as payload to the Flow. Dependi...

6.5CVSS7.1AI score0.00079EPSS

CVE•added 2025/07/15 12:15 a.m.•11 views

CVE-2025-53885

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, when using Directus Flows to handle CRUD events for users it is possible to log the incoming data to console using the "Log to Console" operation and a template st...

4.2CVSS7AI score0.00017EPSS

CVE•added 2025/07/15 12:15 a.m.•10 views

CVE-2025-53886

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, when using Directus Flows with the WebHook trigger all incoming request details are logged including security sensitive data like access and refresh tokens in cook...

4.5CVSS7AI score0.0004EPSS

CVE•added 2025/07/15 12:15 a.m.•10 views

CVE-2025-53887

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, the exact Directus version number is incorrectly being used as OpenAPI Spec version this means that it is being exposed by the /server/specs/oas endpoint without a...

5.3CVSS7AI score0.0009EPSS