20 matches found
CVE-2026-41948 Dify v1.14.1 Path Traversal via Plugin Daemon Internal API Access
Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficient URL path sanitization. Attackers can traverse out of their authorized tenant path using unencod...
CVE-2026-41948
Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficient URL path sanitization. Attackers can traverse out of their authorized tenant path using unencod...
PT-2026-41675
Name of the Vulnerable Software and Affected Versions Dify versions prior to 1.14.2 Description Insufficient URL path sanitization allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API. By using unencoded dot sequences in task identifiers or...
dify 安全漏洞
dify is an open-source LLM application development platform by LangGenius. Versions of dify prior to 1.14.1 have security vulnerabilities. These vulnerabilities stem from path traversal issues, which may allow authenticated users to manipulate requests redirected to the plugin daemon’s internal...
9 Critical IP KVM Flaws Enable Unauthenticated Root Access Across Four Vendors
Cybersecurity researchers have warned about the risks posed by low-cost IP KVM Keyboard, Video, Mouse over Internet Protocol devices, which can grant attackers extensive control over compromised hosts. The nine vulnerabilities, discovered by Eclypsium , span four different products from GL-iNet...
CVE-2025-59104
With physical access to the device and enough time an attacker is able to solder test leads to the debug footprint or use the 6-Pin tag-connect cable. Thus, the attacker gains access to the bootloader, where the kernel command line can be changed. An attacker is able to gain a root shell through...
EUVD-2025-206371
With physical access to the device and enough time an attacker is able to solder test leads to the debug footprint or use the 6-Pin tag-connect cable. Thus, the attacker gains access to the bootloader, where the kernel command line can be changed. An attacker is able to gain a root shell through...
CVE-2025-61330
A hard-coded weak password vulnerability has been discovered in all Magic-branded devices from Chinese network equipment manufacturer H3C. The vulnerability stems from the use of a hard-coded weak password for the root account in the /etc/shadow configuration or even the absence of any password a...
CVE-2025-61330
A hard-coded weak password vulnerability has been discovered in all Magic-branded devices from Chinese network equipment manufacturer H3C. The vulnerability stems from the use of a hard-coded weak password for the root account in the /etc/shadow configuration or even the absence of any password a...
CVE-2025-61330
A hard-coded weak password vulnerability has been discovered in all Magic-branded devices from Chinese network equipment manufacturer H3C. The vulnerability stems from the use of a hard-coded weak password for the root account in the /etc/shadow configuration or even the absence of any password a...
Barco ClickShare Devices Weak Password Requirements (CVE-2019-18828)
Barco ClickShare Button R9861500D01 devices before 1.9.0 have Insufficiently Protected Credentials. The root account present for access via debug interfaces, which are by default not enabled on production devices of the embedded Linux on the ClickShare Button is using a weak password. This plugin...
EUVD-2018-15506
Malware in sbrugna...
CVE-2022-24410
Dell BIOS contains an information exposure vulnerability. An unauthenticated local attacker with physical access to the system and knowledge of the system configuration could potentially exploit this vulnerability to read system information via debug interfaces...
Information disclosure
Dell BIOS contains an information exposure vulnerability. An unauthenticated local attacker with physical access to the system and knowledge of the system configuration could potentially exploit this vulnerability to read system information via debug interfaces...
CVE-2022-24410
Dell BIOS contains an information exposure vulnerability. An unauthenticated local attacker with physical access to the system and knowledge of the system configuration could potentially exploit this vulnerability to read system information via debug interfaces...
CVE-2022-24410
Dell BIOS contains an information exposure vulnerability. An unauthenticated local attacker with physical access to the system and knowledge of the system configuration could potentially exploit this vulnerability to read system information via debug interfaces...
PT-2023-12754 · Dell · Dell Bios
Name of the Vulnerable Software and Affected Versions: Dell BIOS affected versions not specified Description: The issue allows an unauthenticated local attacker with physical access to the system and knowledge of the system configuration to potentially exploit it and read system information via...
CVE-2019-18828
Barco ClickShare Button R9861500D01 devices before 1.9.0 have Insufficiently Protected Credentials. The root account present for access via debug interfaces, which are by default not enabled on production devices of the embedded Linux on the ClickShare Button is using a weak password...
Intel DCI Policy Update - Lenovo Support US
No description provided...
Intel DCI Policy Update - US
Lenovo Security Advisory: LEN-23611 Potential Impact: Privilege escalation, information disclosure Severity: High Scope of Impact: Industry-wide CVE Identifier: CVE-2018-3652 Summary Description: Intel is releasing Direct Connect Interface DCI policy update. Existing UEFI setting restrictions for...