2 matches found
CVE-2026-28288
creationtimestamp| type| source ---|---|--- 2026-02-27 23:20:18+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mfutximupo2n 2026-03-26 12:02:25+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-28288.yaml 2026-03-28...
CVE-2026-28288 Dify has a user enumeration issue
Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue...