CVE-2025-32796

Dify (open‑source LLM app platform) prior to version 0.6.12 is affected by an access control flaw where normal users can enable/disable apps via the API despite UI restrictions. The root cause is an insufficiently enforced permissions model, allowing non‑admin changes that can disrupt app functio...

CVE-2023-41970

An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on Windows during the Repair App functionality may allow Local Execution of Code.This issue affects Client Connector on Windows: before 4.1.0.62...

CVE-2024-23463

CVE-2024-23463 affects Zscaler Client Connector on Windows prior to 4.2.1. The anti-tampering protection can be bypassed when using the Repair App functionality, per connected sources (e.g., PT-2024-19886 and RH/CVE-2024-23463). Root cause is bypass of the built-in tamper protection during Repair...

CVE-2024-23463 Anti-Tampering bypass via Repair App functionality

Anti-tampering protection of the Zscaler Client Connector can be bypassed under certain conditions when running the Repair App functionality. This affects Zscaler Client Connector on Windows prior to 4.2.1...

PT-2024-19886 · Zscaler · Zscaler Client Connector

Name of the Vulnerable Software and Affected Versions: Zscaler Client Connector versions prior to 4.2.1 Description: The anti-tampering protection of the Zscaler Client Connector can be bypassed under certain conditions when running the Repair App functionality. Recommendations: For versions prio...

Information Disclosure

@apollosproject/data-connector-rock is vulnerable to information disclosure. Registration of a new user allows a user who knows basic profile information name, birthday, gender, etc of anyone to access anyone's account using all app functionality within the app...