2291 matches found
CVE-2025-58747
Dify is an LLM application development platform. In Dify versions through 1.9.1, the MCP OAuth component is vulnerable to cross-site scripting when a victim connects to an attacker-controlled remote MCP server. The vulnerability exists in the OAuth flow implementation where the authorizationurl...
CVE-2025-58747
Dify is an LLM application development platform. In Dify versions through 1.9.1, the MCP OAuth component is vulnerable to cross-site scripting when a victim connects to an attacker-controlled remote MCP server. The vulnerability exists in the OAuth flow implementation where the authorizationurl...
CVE-2025-58747 Dify MCP OAuth Flow Vulnerable to XSS
Dify is an LLM application development platform. In Dify versions through 1.9.1, the MCP OAuth component is vulnerable to cross-site scripting when a victim connects to an attacker-controlled remote MCP server. The vulnerability exists in the OAuth flow implementation where the authorizationurl...
CVE-2025-58747 Dify MCP OAuth Flow Vulnerable to XSS
Dify is an LLM application development platform. In Dify versions through 1.9.1, the MCP OAuth component is vulnerable to cross-site scripting when a victim connects to an attacker-controlled remote MCP server. The vulnerability exists in the OAuth flow implementation where the authorizationurl...
CVE-2025-58747
CVE-2025-58747 affects Dify up to version 1.9.1, where the MCP OAuth flow passes the remote server’s authorization_url directly to window.open without validation, enabling arbitrary JavaScript execution (XSS) when a victim connects to a malicious MCP server. Affected component: MCP OAuth in Dify....
EUVD-2025-34897
Dify is an LLM application development platform. In Dify versions through 1.9.1, the MCP OAuth component is vulnerable to cross-site scripting when a victim connects to an attacker-controlled remote MCP server. The vulnerability exists in the OAuth flow implementation where the authorizationurl...
CVE-2025-11636 Tomofun Furbo 360 Account server-side request forgery
A security vulnerability has been detected in Tomofun Furbo 360 up to FB0035FW036. This issue affects some unknown processing of the component Account Handler. Such manipulation leads to server-side request forgery. The attack can be executed remotely. This attack is characterized by high...
Malicious code in python3-6 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d48e27507362baa15b8e41d1554bce82077fcc870112ab6cb4d17694b47c8ef3 During installation, the obfuscated code is run and connect with a remote server. In the current version, the code just opens a URL without exfiltrating any...
MAL-2025-191843 Malicious code in python3-6 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d48e27507362baa15b8e41d1554bce82077fcc870112ab6cb4d17694b47c8ef3 During installation, the obfuscated code is run and connect with a remote server. In the current version, the code just opens a URL without exfiltrating any...
EUVD-2003-1595
Malware in sbrugna...
EUVD-2018-0726
Malware in sbrugna...
EUVD-2003-0136
Malware in sbrugna...
EUVD-2021-20299
Malware in sbrugna...
EUVD-2010-2264
Malware in sbrugna...
EUVD-2018-15704
Malware in sbrugna...
EUVD-2004-1481
Malware in sbrugna...
EUVD-2014-3642
Malware in sbrugna...
EUVD-2011-3319
Malware in sbrugna...
EUVD-2010-3103
Malware in sbrugna...
EUVD-2019-16558
Malware in sbrugna...