| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-39943 | Directus exposes sensitive fields in revision history | directus | directus | Medium | 6.5 | 2026-04-09 16:12:10 | Deep Dive |
| CVE-2026-39942 | Directus has a Path Traversal and Broken Access Control in File Management API | directus | directus | High | 8.5 | 2026-04-09 16:07:54 | Deep Dive |
| CVE-2026-35442 | Directus: Authenticated Users Can Extract Concealed Fields via Aggregate Queries | directus | directus | High | 8.1 | 2026-04-06 21:36:58 | Deep Dive |
| CVE-2026-35441 | Directus Affected by GraphQL Alias Amplification Denial-of-Service Due to Missing Query Cost/Complexity Limits | directus | directus | Medium | 6.5 | 2026-04-06 21:36:08 | Deep Dive |
| CVE-2026-35413 | Directus GraphQL Schema SDL Disclosure Setting | directus | directus | Medium | 5.3 | 2026-04-06 21:34:33 | Deep Dive |
| CVE-2026-35412 | Directus has a TUS Upload Authorization Bypass Allows Arbitrary File Overwrite | directus | directus | High | 7.1 | 2026-04-06 21:33:45 | Deep Dive |
| CVE-2026-35411 | Directus is an Open Redirect in Admin 2FA Setup Page | directus | directus | Medium | 4.3 | 2026-04-06 21:33:07 | Deep Dive |
| CVE-2026-35410 | Directus has an Open Redirect via Parser Bypass in OAuth2/SAML Authentication Flow | directus | directus | Medium | 6.1 | 2026-04-06 21:32:14 | Deep Dive |
| CVE-2026-35409 | Directus has a SSRF Protection Bypass via IPv4-Mapped IPv6 Addresses in File Import | directus | directus | High | 7.7 | 2026-04-06 21:31:14 | Deep Dive |
| CVE-2026-35408 | Directus is Missing Cross-Origin Opener Policy | directus | directus | High | 8.7 | 2026-04-06 21:30:23 | Deep Dive |
| CVE-2026-26185 | Directus Affected by User Enumeration via Password Reset Timing Attack | directus | directus | Medium | 5.3 | 2026-02-12 21:54:14 | Deep Dive |
| CVE-2026-22032 | Directus has open redirect in SAML | directus | directus | Medium | 4.3 | 2026-01-08 14:32:07 | Deep Dive |
| CVE-2025-64749 | Directus Vulnerable to Information Leakage in Existing Collections | directus | directus | Medium | 4.3 | 2025-11-13 21:34:55 | Deep Dive |
| CVE-2025-64748 | Directus's conceal fields are searchable if read permissions enabled | directus | directus | Medium | 6.5 | 2025-11-13 21:29:45 | Deep Dive |
| CVE-2025-64747 | Directus Vulnerable to Stored Cross-site Scripting | directus | directus | Medium | 5.5 | 2025-11-13 21:13:43 | Deep Dive |
| CVE-2025-64746 | Directus has Improper Permission Handling on Deleted Fields | directus | directus | Medium | 4.6 | 2025-11-13 20:54:42 | Deep Dive |
| CVE-2025-55746 | Directus allows unauthenticated file upload and file modification due to lacking input sanitization | directus | directus | Critical | 9.3 | 2025-08-20 17:58:07 | Deep Dive |
| CVE-2025-53889 | Directus missing permission checks for manual trigger Flows | directus | directus | Medium | 6.5 | 2025-07-14 23:50:23 | Deep Dive |
| CVE-2025-53887 | Directus's exact version number is exposed by the OpenAPI Spec | directus | directus | Medium | 5.3 | 2025-07-14 23:40:59 | Deep Dive |
| CVE-2025-53886 | Directus doesn't redact tokens in Flow logs | directus | directus | Medium | 4.5 | 2025-07-14 23:35:56 | Deep Dive |