Vulnerabilidades em directus

57 resultados
CVE-2022-24814HIGHCross-site Scripting in DirectusEPSS 1.0%CVE-2023-26492MEDIUMDirectus vulnerable to Server-Side Request Forgery On File ImportEPSS 1.0%CVE-2022-36031MEDIUMUnhandled exception on illegal filename_disk valueEPSS 0.8%CVE-2024-39895MEDIUMDirectus GraphQL Field Duplication Denial of Service (DoS)EPSS 0.8%CVE-2022-23080directus - SSRF which leads to internal port scanEPSS 0.8%CVE-2024-34708MEDIUMDirectus allows redacted data extraction on the API through "alias"EPSS 0.8%CVE-2024-27295HIGHDirectus MySQL accent insensitive email matchingEPSS 0.7%CVE-2023-45820MEDIUMDirectus crashes on invalid WebSocket messageEPSS 0.7%CVE-2022-22117MEDIUMDirectus - Stored Cross-Site Scripting (XSS) in Profile Avatar ImageEPSS 0.6%CVE-2022-22116MEDIUMDirectus - Stored Cross-Site Scripting (XSS) via SVG File UploadEPSS 0.6%CVE-2024-36128HIGHDirectus is soft-locked by providing a string value to random string utilEPSS 0.6%CVE-2024-45596HIGHDirectus's session is cached for OpenID and OAuth2 if `redirect` is not usedEPSS 0.6%CVE-2023-27481MEDIUMExtract password hashes through export querying in directusEPSS 0.6%CVE-2024-28239MEDIUMURL Redirection to Untrusted Site in OAuth2/OpenID in directusEPSS 0.6%CVE-2024-54151HIGHDirectus allows unauthenticated access to WebSocket events and operationsEPSS 0.6%CVE-2024-27296MEDIUMDirectus version number disclosureEPSS 0.6%CVE-2023-27474HIGHHTML Injection in Password Reset email to custom Reset URL in directusEPSS 0.5%CVE-2024-39896HIGHDirectus allows SSO User EnumerationEPSS 0.5%CVE-2025-30353HIGHDirectus's webhook trigger flows can leak sensitive dataEPSS 0.5%CVE-2025-53887MEDIUMDirectus's exact version number is exposed by the OpenAPI SpecEPSS 0.5%