Lucene search
K

71 matches found

Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.13 views

PT-2026-22832

Name of the Vulnerable Software and Affected Versions Dify versions prior to 1.11.2 Description Dify, an open-source LLM app development platform, contains a stored cross-site scripting XSS issue when rendering Mermaid diagrams within chats. The issue stems from Dify’s default Mermaid configurati...

5.1CVSS6AI score0.00218EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/03/01 1:43 a.m.7 views

CVE-2026-28288

Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue...

6.9CVSS5.9AI score0.00635EPSS
Exploits1References1
NVD
NVD
added 2026/02/27 9:16 p.m.10 views

CVE-2026-28288

Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue...

6.9CVSS0.00635EPSS
Exploits1References2
EUVD
EUVD
added 2026/02/27 8:25 p.m.4 views

EUVD-2026-9068

Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue...

6.9CVSS5.9AI score0.00635EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/02/27 8:25 p.m.21 views

CVE-2026-28288 Dify has a user enumeration issue

Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue...

6.9CVSS0.00635EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/02/27 8:25 p.m.7 views

CVE-2026-28288 Dify has a user enumeration issue

Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue...

6.9CVSS5.9AI score0.00635EPSS
Exploits1References2
CVE
CVE
added 2026/02/27 8:25 p.m.17 views

CVE-2026-28288

Dify (open-source LLM app development platform) has a user enumeration vulnerability in its API prior to version 1.9.0, where responses differ between existing and non-existent accounts, enabling email-address enumeration. The issue is addressed in version 1.9.0. Exploitation is noted as a proof-...

6.9CVSS5.9AI score0.00635EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.8 views

dify 安全漏洞

dify is an open-source LLM application development platform developed by LangGenius. Versions of dify prior to 1.9.0 contained security vulnerabilities. These vulnerabilities were caused by differences in API responses, which could lead to the enumeration of registered email addresses...

6.9CVSS5.8AI score0.00635EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/02/13 1:30 a.m.6 views

CVE-2026-26023

Dify is an open-source LLM app development platform. Prior to 1.13.0, a cross site scripting vulnerability has been found in the web application chat frontend when using echarts. User or llm inputs containing echarts containing a specific javascript payload will be executed. This vulnerability is...

6.1CVSS4.7AI score0.00246EPSS
Exploits1References1
NVD
NVD
added 2026/02/11 10:15 p.m.15 views

CVE-2026-26023

Dify is an open-source LLM app development platform. Prior to 1.13.0, a cross site scripting vulnerability has been found in the web application chat frontend when using echarts. User or llm inputs containing echarts containing a specific javascript payload will be executed. This vulnerability is...

6.1CVSS0.00246EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/11 9:23 p.m.28 views

CVE-2026-26023 Client‑side DOM XSS in the web chat app of Dify when using echarts

Dify is an open-source LLM app development platform. Prior to 1.13.0, a cross site scripting vulnerability has been found in the web application chat frontend when using echarts. User or llm inputs containing echarts containing a specific javascript payload will be executed. This vulnerability is...

5.3CVSS0.00246EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.7 views

dify 跨站脚本漏洞

dify is an open-source LLM application development platform developed by LangGenius. Versions of dify prior to 1.13.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from insufficient validation of inputs when echarts was used in the web application chat front-end,...

6.1CVSS5.6AI score0.00246EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/07 9:12 a.m.5 views

CVE-2025-67732

Dify is an open-source LLM app development platform. Prior to version 1.11.0, the API key is exposed in plaintext to the frontend, allowing non-administrator users to view and reuse it. This can lead to unauthorized access to third-party services, potentially consuming limited quotas. Version...

8.4CVSS6.6AI score0.00305EPSS
Exploits1References1
NVD
NVD
added 2026/01/05 10:15 p.m.8 views

CVE-2025-67732

Dify is an open-source LLM app development platform. Prior to version 1.11.0, the API key is exposed in plaintext to the frontend, allowing non-administrator users to view and reuse it. This can lead to unauthorized access to third-party services, potentially consuming limited quotas. Version...

8.4CVSS0.00305EPSS
Exploits1References1
OSV
OSV
added 2026/01/05 9:41 p.m.6 views

CVE-2025-67732 Dify Vulnerable to Plaintext API Key Exposure via Model Provider Configuration Endpoint

Dify is an open-source LLM app development platform. Prior to version 1.11.0, the API key is exposed in plaintext to the frontend, allowing non-administrator users to view and reuse it. This can lead to unauthorized access to third-party services, potentially consuming limited quotas. Version...

8.4CVSS6.6AI score0.00305EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/01/05 9:41 p.m.30 views

CVE-2025-67732 Dify Vulnerable to Plaintext API Key Exposure via Model Provider Configuration Endpoint

Dify is an open-source LLM app development platform. Prior to version 1.11.0, the API key is exposed in plaintext to the frontend, allowing non-administrator users to view and reuse it. This can lead to unauthorized access to third-party services, potentially consuming limited quotas. Version...

8.4CVSS0.00305EPSS
Exploits1References1
CVE
CVE
added 2026/01/05 9:41 p.m.34 views

CVE-2025-67732

Dify (open-source LLM app platform) prior to v1.11.0 exposes API keys in plaintext to the frontend, allowing non-administrator users to view and reuse them. This can enable unauthorized access to third‑party services and potential quota abuse. A fix is available in v1.11.0 or later.

8.4CVSS6.3AI score0.00305EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/05 9:41 p.m.4 views

CVE-2025-67732 Dify Vulnerable to Plaintext API Key Exposure via Model Provider Configuration Endpoint

Dify is an open-source LLM app development platform. Prior to version 1.11.0, the API key is exposed in plaintext to the frontend, allowing non-administrator users to view and reuse it. This can lead to unauthorized access to third-party services, potentially consuming limited quotas. Version...

8.4CVSS6.3AI score0.00305EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/01/05 12:0 a.m.11 views

PT-2026-1341

Name of the Vulnerable Software and Affected Versions Dify versions prior to 1.11.0 Description Dify is an open-source LLM app development platform. Before version 1.11.0, the API key was exposed in plaintext to the frontend, allowing non-administrator users to view and reuse it. This could lead ...

8.4CVSS6.3AI score0.00305EPSS
Exploits1References7
CNNVD
CNNVD
added 2025/12/18 12:0 a.m.5 views

dify 安全漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A security vulnerability exists in version 1.9.1 of dify, which stems from a misconfiguration of CORS and could lead to cross-domain authentication requests...

9.1CVSS6.8AI score0.002EPSS
Exploits0References4
Rows per page
Query Builder