Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

313 matches found

Positive Technologies
Positive Technologiesadded 2025/06/17 12:0 a.m.4 views

PT-2025-25765 · Dify · Dify

Name of the Vulnerable Software and Affected Versions: Dify version 1.2.0 Description: Dify is an open-source LLM app development platform. In this platform, there is insufficient filtering of user input by web applications, which allows attackers to inject malicious script code into web pages...

6.1CVSS5.8AI score0.00231EPSS
Exploits1References8
RedhatCVE
RedhatCVEadded 2025/04/30 4:13 p.m.15 views

CVE-2025-43854

DIFY is an open-source LLM app development platform. Prior to version 1.3.0, a clickjacking vulnerability was found in the default setup of the DIFY application, allowing malicious actors to trick users into clicking on elements of the web page without their knowledge or consent. This can lead to...

6.1CVSS6.9AI score0.00199EPSS
Exploits0References1
NVD
NVDadded 2025/04/28 4:15 p.m.16 views

CVE-2025-43854

DIFY is an open-source LLM app development platform. Prior to version 1.3.0, a clickjacking vulnerability was found in the default setup of the DIFY application, allowing malicious actors to trick users into clicking on elements of the web page without their knowledge or consent. This can lead to...

6.1CVSS0.00199EPSS
Exploits0References2
Cvelist
Cvelistadded 2025/04/28 3:58 p.m.20 views

CVE-2025-43854 DIFY vulnerable to Clickjacking Attack

DIFY is an open-source LLM app development platform. Prior to version 1.3.0, a clickjacking vulnerability was found in the default setup of the DIFY application, allowing malicious actors to trick users into clicking on elements of the web page without their knowledge or consent. This can lead to...

2.3CVSS0.00199EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/04/28 3:58 p.m.7 views

CVE-2025-43854 DIFY vulnerable to Clickjacking Attack

DIFY is an open-source LLM app development platform. Prior to version 1.3.0, a clickjacking vulnerability was found in the default setup of the DIFY application, allowing malicious actors to trick users into clicking on elements of the web page without their knowledge or consent. This can lead to...

2.3CVSS6.5AI score0.00199EPSS
Exploits0References2
CVE
CVEadded 2025/04/28 3:58 p.m.65 views

CVE-2025-43854

DIFY (LangGenius Open Source) prior to version 1.3.0 is affected by a clickjacking vulnerability in the default web setup. The issue allows an attacker to trick users into clicking on elements, potentially triggering unauthorized actions and compromising security/privacy. The vulnerability is fix...

6.1CVSS7AI score0.00199EPSS
Exploits0References2Affected Software1
OSV
OSVadded 2025/04/28 3:58 p.m.6 views

CVE-2025-43854 DIFY vulnerable to Clickjacking Attack

DIFY is an open-source LLM app development platform. Prior to version 1.3.0, a clickjacking vulnerability was found in the default setup of the DIFY application, allowing malicious actors to trick users into clicking on elements of the web page without their knowledge or consent. This can lead to...

2.3CVSS6.6AI score0.00199EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2025/04/28 12:0 a.m.3 views

PT-2025-18093 · Dify · Dify

Name of the Vulnerable Software and Affected Versions: DIFY versions prior to 1.3.0 Description: A clickjacking issue was found in the default setup of the DIFY application, allowing malicious actors to trick users into clicking on elements of the web page without their knowledge or consent. This...

6.1CVSS6.3AI score0.00199EPSS
Exploits0References8
CNNVD
CNNVDadded 2025/04/28 12:0 a.m.3 views

dify 安全漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A security vulnerability exists in versions of dify prior to 1.3.0, which stems from a clickjacking vulnerability in the default settings that could lead to unauthorized operations...

6.1CVSS6.4AI score0.00199EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/04/26 12:8 a.m.12 views

CVE-2025-32795

Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users are improperly granted permissions to edit APP names, descriptions and icons. This access control flaw allows non-admin users to modify app details, despite...

6.5CVSS6.8AI score0.00249EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/04/26 12:4 a.m.12 views

CVE-2025-32790

Dify is an open-source LLM app development platform. In versions 0.6.8 and prior, a vulnerability was identified in the DIFY AI where normal users are improperly granted permissions to export APP DSL. The feature in '/export' should only allow administrator users to export DSL. A workaround for...

6.3CVSS6.7AI score0.0024EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/04/26 12:2 a.m.8 views

CVE-2025-32796

Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users can enable or disable apps through the API, even though the web UI button for this action is disabled and normal users are not permitted to make such changes...

6.5CVSS6.7AI score0.0035EPSS
Exploits1References1
NVD
NVDadded 2025/04/25 3:15 p.m.30 views

CVE-2025-43862

Dify is an open-source LLM app development platform. Prior to version 0.6.12, a normal user is able to access and modify APP orchestration, even though the web UI of APP orchestration is not presented for a normal user. This access control flaw allows non-admin users to make unauthorized access a...

7.6CVSS0.00284EPSS
Exploits1References2
OSV
OSVadded 2025/04/25 3:5 p.m.4 views

CVE-2025-43862 Dify Allows Unauthorized Access and Modification of APP Orchestration

Dify is an open-source LLM app development platform. Prior to version 0.6.12, a normal user is able to access and modify APP orchestration, even though the web UI of APP orchestration is not presented for a normal user. This access control flaw allows non-admin users to make unauthorized access a...

7.6CVSS6.6AI score0.00284EPSS
Exploits1References4
Cvelist
Cvelistadded 2025/04/25 3:5 p.m.27 views

CVE-2025-43862 Dify Allows Unauthorized Access and Modification of APP Orchestration

Dify is an open-source LLM app development platform. Prior to version 0.6.12, a normal user is able to access and modify APP orchestration, even though the web UI of APP orchestration is not presented for a normal user. This access control flaw allows non-admin users to make unauthorized access a...

7.6CVSS0.00284EPSS
Exploits1References2
CVE
CVEadded 2025/04/25 3:5 p.m.58 views

CVE-2025-43862

CVE-2025-43862 relates to Dify, an open-source LLM app development platform. Prior to version 0.6.12, a normal (non-admin) user could access and modify APP orchestration despite UI restrictions, due to an access-control flaw. This could allow unauthorized access and changes to APPs. The issue is ...

7.6CVSS7.5AI score0.00284EPSS
Exploits1References2Affected Software1
CNNVD
CNNVDadded 2025/04/25 12:0 a.m.5 views

dify 安全漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A security vulnerability exists in versions of dify prior to 0.6.12, which stems from an access control flaw that could lead to unauthorized access and modification of APP orchestration by non-administrative...

7.6CVSS6.4AI score0.00284EPSS
Exploits1References4
Positive Technologies
Positive Technologiesadded 2025/04/25 12:0 a.m.7 views

PT-2025-17928 · Dify · Dify

Name of the Vulnerable Software and Affected Versions: Dify versions prior to 0.6.12 Description: The issue concerns an access control flaw in Dify, an open-source LLM app development platform. This flaw allows non-admin users to make unauthorized access and changes to APPs, despite the web UI of...

7.6CVSS6.2AI score0.00284EPSS
Exploits1References9
NVD
NVDadded 2025/04/18 4:15 p.m.14 views

CVE-2025-32795

Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users are improperly granted permissions to edit APP names, descriptions and icons. This access control flaw allows non-admin users to modify app details, despite...

6.5CVSS0.00249EPSS
Exploits1References2
NVD
NVDadded 2025/04/18 4:15 p.m.22 views

CVE-2025-32796

Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users can enable or disable apps through the API, even though the web UI button for this action is disabled and normal users are not permitted to make such changes...

6.5CVSS0.0035EPSS
Exploits1References2
Rows per page
Query Builder