31 matches found
EUVD-2025-204302
A Cross-Origin Resource Sharing CORS misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/setup endpoint. The endpoint implements an insecure CORS policy that reflects any Origin header and enables Access-Control-Allow-Credentials: true, permitting arbitrary external domains t...
EUVD-2025-204306
A Cross-Origin Resource Sharing CORS misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/system-features endpoint. The endpoint implements an overly permissive CORS policy that reflects arbitrary Origin headers and sets Access-Control-Allow-Credentials: true, allowing any...
PT-2025-52262
Name of the Vulnerable Software and Affected Versions Dify version 1.9.1 Description A Cross-Origin Resource Sharing CORS misconfiguration exists in the /console/api/setup endpoint. The endpoint has an insecure CORS policy that reflects any Origin header and allows Access-Control-Allow-Credential...
PT-2025-52282
Name of the Vulnerable Software and Affected Versions Dify version 1.9.1 Description Dify version 1.9.1 has an issue with insecure permissions. An attacker who is not authenticated can send HTTP GET requests to the /console/api/system-features API endpoint without providing any authentication. Th...
CVE-2025-63386
A Cross-Origin Resource Sharing CORS misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/setup endpoint. The endpoint implements an insecure CORS policy that reflects any Origin header and enables Access-Control-Allow-Credentials: true, permitting arbitrary external domains t...
CVE-2025-63386
CVE-2025-63386 affects Dify v1.9.1, specifically the /console/api/setup endpoint. The vulnerability arises from a misconfigured CORS policy that reflects any Origin header and sets Access-Control-Allow-Credentials: true, allowing arbitrary external domains to make authenticated requests. Impact i...
EUVD-2022-43181
Malicious code in bioql PyPI...
MAL-2025-3100 Malicious code in hide-console-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 553d9f1d98ecb2b448f09091adba1ab0cdce9e4f07391a50fc002ba74669645a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in hide-console-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 553d9f1d98ecb2b448f09091adba1ab0cdce9e4f07391a50fc002ba74669645a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
com.vip.saturn:saturn-console (>=3.0.0-M1 <=3.5.1), com.vip.saturn:saturn-it (>=3.0.0-M5 <=3.5.1) potentially affected by CVE-2025-29085 via com.vip.saturn:saturn-console-api (>=3.0.0-M1 <=3.5.1)
com.vip.saturn:saturn-console-api MAVEN version =3.0.0-M1, =3.0.0-M1, =3.0.0-M5, =3.5.1 Source cves: CVE-2025-29085 Source advisory: SNYK:JAVA-COMVIPSATURN-9749461...
BIT-MINIO-2023-28434 MinIO is vulnerable to privilege escalation on Linux/MacOS
Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing PostPolicyBucket. To carry out this attack, the attacker requires credentials wit...
MinIO Security Feature Bypass Vulnerability
MinIO contains a security feature bypass vulnerability that allows an attacker to use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing PostPolicyBucket to conduct privilege escalation. To carry out this attack, the attacker requires...
Privilege Escalation
github.com/minio/minio is vulnerable to Privilege Escalation. An attacker is able to use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing PostPolicyBucket. To achieve this, the attacker needs credentials with arn:aws:s3::: permission and...
CVE-2023-28434
Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing PostPolicyBucket. To carry out this attack, the attacker requires credentials wit...
UBUNTU-CVE-2023-28434
Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing PostPolicyBucket. To carry out this attack, the attacker requires credentials wit...
Code injection
Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing PostPolicyBucket. To carry out this attack, the attacker requires credentials wit...
CVE-2023-28434 MinIO is vulnerable to privilege escalation on Linux/MacOS
Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing PostPolicyBucket. To carry out this attack, the attacker requires credentials wit...
CVE-2023-28434 MinIO is vulnerable to privilege escalation on Linux/MacOS
Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing PostPolicyBucket. To carry out this attack, the attacker requires credentials wit...
CVE-2023-28434
Last updated 21 August 2024...
MinIO 安全漏洞
MinIO is an open source object storage server from US-based MinIO. The product supports building infrastructures for machine learning, analytics, and application data workloads. A security vulnerability exists in MinIO. An attacker exploited the vulnerability to gain access to the Enable Console...