Vulnerabilities > Monospace
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-15 | CVE-2024-6534 | Authorization Bypass Through User-Controlled Key vulnerability in Monospace Directus 10.13.0 Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. | 4.3 |
| 2024-08-15 | CVE-2024-6533 | Cross-site Scripting vulnerability in Monospace Directus 10.13.0 Directus v10.13.0 allows an authenticated external attacker to execute arbitrary JavaScript on the client. | 5.4 |
| 2024-07-08 | CVE-2024-39699 | Server-Side Request Forgery (SSRF) vulnerability in Monospace Directus Directus is a real-time API and App dashboard for managing SQL database content. | 5.0 |
| 2023-10-19 | CVE-2023-45820 | Improper Handling of Exceptional Conditions vulnerability in Monospace Directus Directus is a real-time API and App dashboard for managing SQL database content. | 6.5 |
| 2023-07-25 | CVE-2023-38503 | Incorrect Authorization vulnerability in Monospace Directus Directus is a real-time API and App dashboard for managing SQL database content. | 6.5 |
| 2023-04-04 | CVE-2020-19850 | Resource Exhaustion vulnerability in Monospace Directus 2.2.0 An issue found in Directus API v.2.2.0 allows a remote attacker to cause a denial of service via a great amount of HTTP requests. | 6.5 |
| 2023-03-24 | CVE-2023-28443 | Information Exposure Through Log Files vulnerability in Monospace Directus Directus is a real-time API and App dashboard for managing SQL database content. | 5.5 |
| 2023-03-07 | CVE-2023-27481 | Information Exposure vulnerability in Monospace Directus Directus is a real-time API and App dashboard for managing SQL database content. | 4.3 |
| 2023-03-03 | CVE-2023-26492 | Server-Side Request Forgery (SSRF) vulnerability in Monospace Directus Directus is a real-time API and App dashboard for managing SQL database content. | 7.5 |
| 2022-12-26 | CVE-2022-26969 | Unspecified vulnerability in Monospace Directus In Directus before 9.7.0, the default settings of CORS_ORIGIN and CORS_ENABLED are true. | 9.8 |