Vulnerabilidades em directus
57 resultadosCVE-2024-46990MEDIUMSSRF Loopback IP filter bypass in directusEPSS 0.5%CVE-2024-34709MEDIUMDirectus Lacks Session Tokens InvalidationEPSS 0.4%CVE-2025-55746CRITICALDirectus allows unauthenticated file upload and file modification due to lacking input sanitizationEPSS 0.4%CVE-2024-39699MEDIUMDirectus has a Blind SSRF On File ImportEPSS 0.4%CVE-2023-38503MEDIUMDirectus has Incorrect Permission Checking for GraphQL SubscriptionsEPSS 0.4%CVE-2024-39701MEDIUMDirectus Incorrectly handles _in` filterEPSS 0.4%CVE-2025-53889MEDIUMDirectus missing permission checks for manual trigger FlowsEPSS 0.4%CVE-2025-53886MEDIUMDirectus doesn't redact tokens in Flow logsEPSS 0.4%CVE-2025-30350MEDIUMDirectus's S3 assets become unavailable after a burst of HEAD requestsEPSS 0.4%CVE-2025-30225MEDIUMDirectus's S3 assets become unavailable after a burst of malformed transformationsEPSS 0.4%CVE-2025-24353MEDIUMDirectus privilege escalation vulnerability using Share featureEPSS 0.4%CVE-2026-35441MEDIUMDirectus Affected by GraphQL Alias Amplification Denial-of-Service Due to Missing Query Cost/Complexity LimitsEPSS 0.4%CVE-2024-6533MEDIUMDirectus 10.13.0 - DOM-Based cross-site scripting (XSS) via layout_optionsEPSS 0.4%CVE-2026-26185MEDIUMDirectus Affected by User Enumeration via Password Reset Timing AttackEPSS 0.3%CVE-2026-35442HIGHDirectus: Authenticated Users Can Extract Concealed Fields via Aggregate QueriesEPSS 0.3%CVE-2026-35409HIGHDirectus has a SSRF Protection Bypass via IPv4-Mapped IPv6 Addresses in File ImportEPSS 0.3%CVE-2024-54128MEDIUMDirectus has an HTML Injection in CommentEPSS 0.3%CVE-2024-6534MEDIUMDirectus 10.13.0 - Insecure object reference via PATH presetsEPSS 0.3%CVE-2025-30352MEDIUMDirectus `search` query parameter allows enumeration of non permitted fieldsEPSS 0.3%CVE-2025-30351LOWSuspended Directus user can continue to use session token to access APIEPSS 0.3%