2 matches found
CVE-2026-56264
CVE-2026-56264 affects Crawl4AI prior to 0.8.7. The Docker API server’s /execute_js endpoint accepts and executes arbitrary JavaScript in the server’s browser context with --disable-web-security enabled, enabling an attacker to run arbitrary JS and, given relaxed browser security, perform server-...
dify 代码注入漏洞
dify is an open source LLM application development platform from LangGenius Open Source. A code injection vulnerability exists in dify v0.9.1 and prior versions, which stems from an internal SSRF request that could lead to code injection that could remove the entire sandbox service...