8.1
CVE-2026-35442 - Directus: Authenticated Users Can Extract Concealed Fields via Aggregate Queries
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, aggregate functions (min, max) applied to fields with the conceal special type incorrectly return raw database values instead of the masked placeholder. When combined with groupBy, any authenticated uโฆ
6.5
CVE-2026-35441 - Directus Affected by GraphQL Alias Amplification Denial-of-Service Due to Missing Query Cost/Compleโฆ
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus' GraphQL endpoints (/graphql and /graphql/system) did not deduplicate resolver invocations within a single request. An authenticated user could exploit GraphQL aliasing to repeat an expensiveโฆ
5.3
CVE-2026-35413 - Directus GraphQL Schema SDL Disclosure Setting
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, when GRAPHQL_INTROSPECTION=false is configured, Directus correctly blocks standard GraphQL introspection queries (__schema, __type). However, the server_specs_graphql resolver on the /graphql/system eโฆ
7.1
CVE-2026-35412 - Directus has a TUS Upload Authorization Bypass Allows Arbitrary File Overwrite
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, Directus' TUS resumable upload endpoint (/files/tus) allows any authenticated user with basic file upload permissions to overwrite arbitrary existing files by UUID. The TUS controller performs only coโฆ
4.3
CVE-2026-35411 - Directus is an Open Redirect in Admin 2FA Setup Page
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, Directus is vulnerable to an open redirect via the redirect query parameter on the /admin/tfa-setup page. When an administrator who has not yet configured Two-Factor Authentication (2FA) visits a crafโฆ
6.1
CVE-2026-35410 - Directus has an Open Redirect via Parser Bypass in OAuth2/SAML Authentication Flow
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.1, an open redirect vulnerability exists in the login redirection logic. The isLoginRedirectAllowed function fails to correctly identify certain malformed URLs as external, allowing attackers to bypass rโฆ
7.7
CVE-2026-5709 - AWS Research and Engineering Studio (RES) FileBrowser Command Injection
Unsanitized input in the FileBrowser API in AWS Research and Engineering Studio (RES) version 2024.10 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands on the cluster-manager EC2 instance via crafted input when using the FileBrowser functionality. To remediaโฆ
7.7
CVE-2026-35409 - Directus has a SSRF Protection Bypass via IPv4-Mapped IPv6 Addresses in File Import
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.16.0, a Server-Side Request Forgery (SSRF) protection bypass has been identified and fixed in Directus. The IP address validation mechanism used to block requests to local and private networks could be circโฆ
8.7
CVE-2026-35408 - Directus is Missing Cross-Origin Opener Policy
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus's Single Sign-On (SSO) login pages lacked a Cross-Origin-Opener-Policy (COOP) HTTP response header. Without this header, a malicious cross-origin window that opens the Directus login page retโฆ
8.7
CVE-2026-5685 - Tenda CX12L addressNat fromAddressNat stack-based overflow
A vulnerability was identified in Tenda CX12L 16.03.53.12. This affects the function fromAddressNat of the file /goform/addressNat. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might be used.