Lucene search
K

5 matches found

EUVD
EUVD
added 2026/05/18 1:52 p.m.52 views

EUVD-2026-30774

Dify version 1.14.1 and prior contain an authorization bypass vulnerability in the file preview endpoint that allows any authenticated user to read up to 3,000 characters of any uploaded document across all tenants and workspaces using only the file's UUID. Attackers can access the...

8.2CVSS5.7AI score0.00435EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/04/16 4:11 a.m.19 views

CVE-2025-29720

Dify v1.0 was discovered to contain a Server-Side Request Forgery SSRF via the component controllers.console.remotefiles.RemoteFileUploadApi...

4.8CVSS7.5AI score0.00141EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/04/14 12:0 a.m.15 views

CVE-2025-29720

Dify v1.0 was discovered to contain a Server-Side Request Forgery SSRF via the component controllers.console.remotefiles.RemoteFileUploadApi...

0.00141EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/04/14 12:0 a.m.8 views

dify 安全漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A security vulnerability exists in dify v1.0, which stems from a server-side request forgery in the component controllers.console.remotefiles.RemoteFileUploadApi...

4.8CVSS6.5AI score0.00141EPSS
Exploits1References3
CVE
CVE
added 2025/04/14 12:0 a.m.84 views

CVE-2025-29720

CVE-2025-29720 describes a Server-Side Request Forgery (SSRF) in Dify via controllers.console.remote_files.RemoteFileUploadApi affecting Dify v1.0 (and references to v1.6.0 in related advisories). The underlying issue is a component exposure that can be triggered locally with user interaction req...

4.8CVSS7.5AI score0.00141EPSS
In wildExploits1References2Affected Software1
Rows per page
Query Builder