Lucene search
K

2291 matches found

RedhatCVE
RedhatCVE
added 2025/10/18 4:43 p.m.10 views

CVE-2025-58747

Dify is an LLM application development platform. In Dify versions through 1.9.1, the MCP OAuth component is vulnerable to cross-site scripting when a victim connects to an attacker-controlled remote MCP server. The vulnerability exists in the OAuth flow implementation where the authorizationurl...

6.1CVSS6.6AI score0.05233EPSS
Exploits1References1
NVD
NVD
added 2025/10/17 4:15 p.m.4 views

CVE-2025-58747

Dify is an LLM application development platform. In Dify versions through 1.9.1, the MCP OAuth component is vulnerable to cross-site scripting when a victim connects to an attacker-controlled remote MCP server. The vulnerability exists in the OAuth flow implementation where the authorizationurl...

6.1CVSS0.05233EPSS
Exploits1References2
OSV
OSV
added 2025/10/17 3:48 p.m.5 views

CVE-2025-58747 Dify MCP OAuth Flow Vulnerable to XSS

Dify is an LLM application development platform. In Dify versions through 1.9.1, the MCP OAuth component is vulnerable to cross-site scripting when a victim connects to an attacker-controlled remote MCP server. The vulnerability exists in the OAuth flow implementation where the authorizationurl...

5.1CVSS6.7AI score0.05233EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/10/17 3:48 p.m.4 views

CVE-2025-58747 Dify MCP OAuth Flow Vulnerable to XSS

Dify is an LLM application development platform. In Dify versions through 1.9.1, the MCP OAuth component is vulnerable to cross-site scripting when a victim connects to an attacker-controlled remote MCP server. The vulnerability exists in the OAuth flow implementation where the authorizationurl...

5.1CVSS6.3AI score0.05233EPSS
Exploits1References2
CVE
CVE
added 2025/10/17 3:48 p.m.25 views

CVE-2025-58747

CVE-2025-58747 affects Dify up to version 1.9.1, where the MCP OAuth flow passes the remote server’s authorization_url directly to window.open without validation, enabling arbitrary JavaScript execution (XSS) when a victim connects to a malicious MCP server. Affected component: MCP OAuth in Dify....

6.1CVSS6.3AI score0.05233EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2025/10/17 3:48 p.m.5 views

EUVD-2025-34897

Dify is an LLM application development platform. In Dify versions through 1.9.1, the MCP OAuth component is vulnerable to cross-site scripting when a victim connects to an attacker-controlled remote MCP server. The vulnerability exists in the OAuth flow implementation where the authorizationurl...

5.1CVSS6.1AI score0.05233EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/10/12 3:2 p.m.7 views

CVE-2025-11636 Tomofun Furbo 360 Account server-side request forgery

A security vulnerability has been detected in Tomofun Furbo 360 up to FB0035FW036. This issue affects some unknown processing of the component Account Handler. Such manipulation leads to server-side request forgery. The attack can be executed remotely. This attack is characterized by high...

6.3CVSS0.00361EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/10/10 4:27 p.m.5 views

Malicious code in python3-6 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d48e27507362baa15b8e41d1554bce82077fcc870112ab6cb4d17694b47c8ef3 During installation, the obfuscated code is run and connect with a remote server. In the current version, the code just opens a URL without exfiltrating any...

7.2AI score
Exploits0References1
OSV
OSV
added 2025/10/10 4:27 p.m.11 views

MAL-2025-191843 Malicious code in python3-6 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d48e27507362baa15b8e41d1554bce82077fcc870112ab6cb4d17694b47c8ef3 During installation, the obfuscated code is run and connect with a remote server. In the current version, the code just opens a URL without exfiltrating any...

7.1AI score
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2003-1595

Malware in sbrugna...

7.5CVSS7.6AI score0.01915EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2018-0726

Malware in sbrugna...

7.5CVSS7.5AI score0.01764EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2003-0136

Malware in sbrugna...

7.5CVSS6.1AI score0.04494EPSS
Exploits0References21
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-20299

Malware in sbrugna...

6.5CVSS6.8AI score0.79583EPSS
Exploits0References15
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2010-2264

Malware in sbrugna...

6.8CVSS6.2AI score0.04214EPSS
Exploits0References23
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-15704

Malware in sbrugna...

7.5CVSS6.7AI score0.00989EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2004-1481

Malware in sbrugna...

5CVSS6.1AI score0.01657EPSS
Exploits1References11
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2014-3642

Malware in sbrugna...

5CVSS7.3AI score0.02871EPSS
Exploits0References15
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2011-3319

Malware in sbrugna...

7.3CVSS7.5AI score0.0078EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2010-3103

Malware in sbrugna...

9.3CVSS6.3AI score0.01572EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2019-16558

Malware in sbrugna...

8.6CVSS8.6AI score0.01659EPSS
Exploits0References2
Rows per page
Query Builder