Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/12/19 12:41 a.m.16 views

CVE-2025-63388

A Cross-Origin Resource Sharing CORS misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/system-features endpoint. The endpoint implements an overly permissive CORS policy that reflects arbitrary Origin headers and sets Access-Control-Allow-Credentials: true, allowing any...

9.1CVSS6AI score0.002EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2025/12/18 12:0 a.m.5 views

CVE-2025-63386

A Cross-Origin Resource Sharing CORS misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/setup endpoint. The endpoint implements an insecure CORS policy that reflects any Origin header and enables Access-Control-Allow-Credentials: true, permitting arbitrary external domains t...

9.1CVSS5.7AI score0.00212EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/18 12:0 a.m.5 views

CVE-2025-63386

A Cross-Origin Resource Sharing CORS misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/setup endpoint. The endpoint implements an insecure CORS policy that reflects any Origin header and enables Access-Control-Allow-Credentials: true, permitting arbitrary external domains t...

5.7AI score0.00212EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/18 12:0 a.m.23 views

CVE-2025-63388

A Cross-Origin Resource Sharing CORS misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/system-features endpoint. The endpoint implements an overly permissive CORS policy that reflects arbitrary Origin headers and sets Access-Control-Allow-Credentials: true, allowing any...

0.002EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2025/12/18 12:0 a.m.3 views

CVE-2025-63388

A Cross-Origin Resource Sharing CORS misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/system-features endpoint. The endpoint implements an overly permissive CORS policy that reflects arbitrary Origin headers and sets Access-Control-Allow-Credentials: true, allowing any...

9.1CVSS6AI score0.002EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/18 12:0 a.m.3 views

CVE-2025-63387

Dify v1.9.1 is vulnerable to Insecure Permissions. An unauthenticated attacker can directly send HTTP GET requests to the /console/api/system-features endpoint without any authentication credentials or session tokens. The endpoint fails to implement proper authorization checks, allowing anonymous...

5.5AI score0.28042EPSS
Exploits0References6
Rows per page
Query Builder