Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
monospace directus vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-45820
Directus is a real-time API and App dashboard for managing SQL database content. In affected versions any Directus installation that has websockets enabled can be crashed if the websocket server receives an invalid frame. A malicious user could leverage this bug to crash Directus...
Monospace Directus
NA
CVE-2023-38503
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 10.3.0 and prior to version 10.5.0, the permission filters (i.e. `user_created IS $CURRENT_USER`) are not properly checked when using GraphQL subscription resulting in unauthorize...
Monospace Directus
NA
CVE-2020-19850
An issue found in Directus API v.2.2.0 allows a remote malicious user to cause a denial of service via a great amount of HTTP requests.
Monospace Directus 2.2.0
NA
CVE-2023-28443
Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 9.23.3, the `directus_refresh_token` is not redacted properly from the log outputs and can be used to impersonate users without their permission. This issue is patched in version 9.2...
Monospace Directus
NA
CVE-2023-27481
Directus is a real-time API and App dashboard for managing SQL database content. In versions before 9.16.0 users with read access to the `password` field in `directus_users` can extract the argon2 password hashes by brute forcing the export functionality combined with a `_starts_...
Monospace Directus
NA
CVE-2023-26492
Directus is a real-time API and App dashboard for managing SQL database content. Directus is vulnerable to Server-Side Request Forgery (SSRF) when importing a file from a remote web server (POST to `/files/import`). An attacker can bypass the security controls by performing a DNS...
Monospace Directus
NA
CVE-2022-26969
In Directus prior to 9.7.0, the default settings of CORS_ORIGIN and CORS_ENABLED are true.
Monospace Directus
NA
CVE-2022-36031
Directus is a free and open-source data platform for headless content management. The Directus process can be aborted by having an authorized user update the `filename_disk` value to a folder and accessing that file through the `/assets` endpoint. This vulnerability has been patc...
Monospace Directus
6.5
CVSSv2
CVE-2021-29641
Directus 8 prior to 8.8.2 allows remote authenticated users to execute arbitrary code because file-upload permissions include the ability to upload a .php file to the main upload directory and/or upload a .php file and a .htaccess file to a subdirectory. Exploitation succeeds onl...
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started