Vulnerabilities > Monospace

DATE CVE VULNERABILITY TITLE RISK
2024-08-15 CVE-2024-6534 Authorization Bypass Through User-Controlled Key vulnerability in Monospace Directus 10.13.0
Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user.
network
low complexity
monospace CWE-639
4.3
2024-08-15 CVE-2024-6533 Cross-site Scripting vulnerability in Monospace Directus 10.13.0
Directus v10.13.0 allows an authenticated external attacker to execute arbitrary JavaScript on the client.
network
low complexity
monospace CWE-79
5.4
2024-07-08 CVE-2024-39699 Server-Side Request Forgery (SSRF) vulnerability in Monospace Directus
Directus is a real-time API and App dashboard for managing SQL database content.
network
low complexity
monospace CWE-918
5.0
2023-10-19 CVE-2023-45820 Improper Handling of Exceptional Conditions vulnerability in Monospace Directus
Directus is a real-time API and App dashboard for managing SQL database content.
network
low complexity
monospace CWE-755
6.5
2023-07-25 CVE-2023-38503 Incorrect Authorization vulnerability in Monospace Directus
Directus is a real-time API and App dashboard for managing SQL database content.
network
low complexity
monospace CWE-863
6.5
2023-04-04 CVE-2020-19850 Resource Exhaustion vulnerability in Monospace Directus 2.2.0
An issue found in Directus API v.2.2.0 allows a remote attacker to cause a denial of service via a great amount of HTTP requests.
network
low complexity
monospace CWE-400
6.5
2023-03-24 CVE-2023-28443 Unspecified vulnerability in Monospace Directus
Directus is a real-time API and App dashboard for managing SQL database content.
local
low complexity
monospace
5.5
2023-03-07 CVE-2023-27481 Unspecified vulnerability in Monospace Directus
Directus is a real-time API and App dashboard for managing SQL database content.
network
low complexity
monospace
4.3
2023-03-03 CVE-2023-26492 Unspecified vulnerability in Monospace Directus
Directus is a real-time API and App dashboard for managing SQL database content.
network
low complexity
monospace
7.5
2022-12-26 CVE-2022-26969 Unspecified vulnerability in Monospace Directus
In Directus before 9.7.0, the default settings of CORS_ORIGIN and CORS_ENABLED are true.
network
low complexity
monospace
critical
9.8