18 matches found
CVE-2026-41949 Dify < 1.14.2 Authorization Bypass via File Preview Endpoint
Dify before version 1.14.2 contains an authorization bypass vulnerability in the file preview endpoint that allows any authenticated user to read up to 3,000 characters of any uploaded document across all tenants and workspaces using only the file's UUID. Attackers can access the...
dify 安全漏洞
dify is an open-source LLM application development platform by LangGenius. Versions of dify prior to 1.14.1 have a security vulnerability. This vulnerability stems from an authorization bypass issue in the file preview endpoint, which allows any authenticated user to read the first 3,000 characte...
EUVD-2019-9116
Malware in sbrugna...
CVE-2022-36677
Obsidian Mind Map v1.1.0 allows attackers to execute arbitrary code via a crafted payload injected into an uploaded document...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the upload functionality. An attacker can inject malicious scripts or execute arbitrary code by uploading a crafted PDF file containing JavaScript. Details Cross-site scripting or XSS is a code vulnerability...
BIT-ALFRESCO-2020-8778
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 rb65251d6-b368 has XSS via an uploaded document, when the attacker has write access to a project...
CVE-2022-36677
Obsidian Mind Map v1.1.0 allows attackers to execute arbitrary code via a crafted payload injected into an uploaded document...
CVE-2022-36677
Obsidian Mind Map v1.1.0 allows attackers to execute arbitrary code via a crafted payload injected into an uploaded document...
Code injection
Obsidian Mind Map v1.1.0 allows attackers to execute arbitrary code via a crafted payload injected into an uploaded document...
CVE-2022-36677
Obsidian Mind Map v1.1.0 allows attackers to execute arbitrary code via a crafted payload injected into an uploaded document...
CVE-2022-36677
Obsidian Mind Map v1.1.0 allows attackers to execute arbitrary code via a crafted payload injected into an uploaded document...
CVE-2019-16955
SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request...
Unspecified Vulnerability in Canon Oce Colorwave 500
The Canon Oce Colorwave 500 is a printer from Canon Japan. An authentication bypass vulnerability exists in the /home.jsp page of the web application in the Canon Oce Colorwave 500 version 4.0.0.0. An attacker can exploit this vulnerability to obtain a backup file of a document uploaded by an...
CVE-2018-19599
Monstra CMS 1.6 allows XSS via an uploaded SVG document to the admin/index.php?id=filesmanager&path=uploads/ URI. NOTE: this is a discontinued product...
CVE-2020-8778
Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 rb65251d6-b368 has XSS via an uploaded document, when the attacker has write access to a project...
CVE-2020-8778
CVE-2020-8778 affects Alfresco Enterprise prior to 5.2.7 and Alfresco Community prior to 6.2.0, where an attacker with write access to a project can trigger a stored XSS via an uploaded document. Public references describe the issue as a cross‑site scripting vulnerability in the document upload w...
PT-2020-20270 · Alfresco · Alfresco Community +1
Name of the Vulnerable Software and Affected Versions: Alfresco Enterprise versions prior to 5.2.7 Alfresco Community versions prior to 6.2.0 rb65251d6-b368 Description: The issue allows for cross-site scripting XSS attacks via an uploaded document. This can occur when an attacker has write acces...
PT-2019-15858 · Alfresco · Alfresco Enterprise
Name of the Vulnerable Software and Affected Versions: Alfresco Enterprise versions prior to 5.2.5 Description: The issue allows for stored XSS via an uploaded HTML document. This means an attacker can upload a malicious HTML file to the system, which can then execute scripts on the user's browse...