EUVD-2025-12580

Malicious code in bioql PyPI...

CVE-2025-49149

Dify is an open-source LLM app development platform. In version 1.2.0, there is insufficient filtering of user input by web applications. Attackers can use website vulnerabilities to inject malicious script code into web pages. This may result in a cross-site scripting XSS attack when a user...

PT-2025-25765 · Dify · Dify

Name of the Vulnerable Software and Affected Versions: Dify version 1.2.0 Description: Dify is an open-source LLM app development platform. In this platform, there is insufficient filtering of user input by web applications, which allows attackers to inject malicious script code into web pages...

CVE-2025-43854

DIFY is an open-source LLM app development platform. Prior to version 1.3.0, a clickjacking vulnerability was found in the default setup of the DIFY application, allowing malicious actors to trick users into clicking on elements of the web page without their knowledge or consent. This can lead to...

CVE-2025-43854

DIFY is an open-source LLM app development platform. Prior to version 1.3.0, a clickjacking vulnerability was found in the default setup of the DIFY application, allowing malicious actors to trick users into clicking on elements of the web page without their knowledge or consent. This can lead to...

CVE-2025-43854 DIFY vulnerable to Clickjacking Attack

DIFY is an open-source LLM app development platform. Prior to version 1.3.0, a clickjacking vulnerability was found in the default setup of the DIFY application, allowing malicious actors to trick users into clicking on elements of the web page without their knowledge or consent. This can lead to...

CVE-2025-43854 DIFY vulnerable to Clickjacking Attack

DIFY is an open-source LLM app development platform. Prior to version 1.3.0, a clickjacking vulnerability was found in the default setup of the DIFY application, allowing malicious actors to trick users into clicking on elements of the web page without their knowledge or consent. This can lead to...

CVE-2025-43854

DIFY (LangGenius Open Source) prior to version 1.3.0 is affected by a clickjacking vulnerability in the default web setup. The issue allows an attacker to trick users into clicking on elements, potentially triggering unauthorized actions and compromising security/privacy. The vulnerability is fix...

CVE-2025-32795

CVE-2025-32795 affects Dify, an open-source LLM app development platform. Prior to version 0.6.12, a misconfigured access control allowed normal/non-admin users to edit app details (names, descriptions, icons) despite not having permission to view apps, compromising integrity. Root cause: insuffi...

CVE-2025-32795 Dify Allows Insecure User Role Access Control for APP Editing

Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users are improperly granted permissions to edit APP names, descriptions and icons. This access control flaw allows non-admin users to modify app details, despite...

CVE-2025-32790 Dify Allows Insecure User Role Access Control for APP DSL Exporting

Dify is an open-source LLM app development platform. In versions 0.6.8 and prior, a vulnerability was identified in the DIFY AI where normal users are improperly granted permissions to export APP DSL. The feature in '/export' should only allow administrator users to export DSL. A workaround for...

CVE-2025-32790 Dify Allows Insecure User Role Access Control for APP DSL Exporting

Dify is an open-source LLM app development platform. In versions 0.6.8 and prior, a vulnerability was identified in the DIFY AI where normal users are improperly granted permissions to export APP DSL. The feature in '/export' should only allow administrator users to export DSL. A workaround for...

CVE-2024-12776

In langgenius/dify v0.10.1, the /forgot-password/resets endpoint does not verify the password reset code, allowing an attacker to reset the password of any user, including administrators. This vulnerability can lead to a complete compromise of the application...