Exposición de Directus
CMS15
score de exposición
15
sitios usan
0
en explotación
1
críticos
CVEs
57 resultadosCVE-2025-30351LOWSuspended Directus user can continue to use session token to access APIEPSS 0.3%CVE-2024-47822MEDIUMDirectus inserts access token from query string into logsEPSS 0.3%CVE-2023-28443MEDIUMdirectus vulnerable to Insertion of Sensitive Information into Log FileEPSS 0.3%CVE-2026-35412HIGHDirectus has a TUS Upload Authorization Bypass Allows Arbitrary File OverwriteEPSS 0.3%CVE-2025-64749MEDIUMDirectus Vulnerable to Information Leakage in Existing CollectionsEPSS 0.3%CVE-2026-35410MEDIUMDirectus has an Open Redirect via Parser Bypass in OAuth2/SAML Authentication FlowEPSS 0.3%CVE-2026-35411MEDIUMDirectus is an Open Redirect in Admin 2FA Setup PageEPSS 0.3%CVE-2024-28238LOWSession Token in URL in directusEPSS 0.2%CVE-2025-64748MEDIUMDirectus's conceal fields are searchable if read permissions enabledEPSS 0.2%CVE-2025-27089MEDIUMOverlapping policies allow update to non-allowed fields in directusEPSS 0.2%CVE-2025-64747MEDIUMDirectus Vulnerable to Stored Cross-site ScriptingEPSS 0.2%CVE-2026-39942HIGHDirectus has a Path Traversal and Broken Access Control in File Management APIEPSS 0.2%CVE-2026-22032MEDIUMDirectus has open redirect in SAMLEPSS 0.2%CVE-2026-39943MEDIUMDirectus exposes sensitive fields in revision historyEPSS 0.2%CVE-2025-53885MEDIUMDirectus doesn't redact sensitive user data when logging via event hooksEPSS 0.2%CVE-2026-35408HIGHDirectus is Missing Cross-Origin Opener PolicyEPSS 0.2%CVE-2025-64746MEDIUMDirectus has Improper Permission Handling on Deleted FieldsEPSS 0.2%
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →