313 matches found
dify 安全特征问题漏洞
dify is an open source LLM application development platform from LangGenius Open Source. A security feature issue vulnerability exists in dify version v0.10.1 that stems from a weak pseudo-random number generator that could lead to account takeover...
PT-2025-12302 · Pandas +1 · Pandas +1
Name of the Vulnerable Software and Affected Versions: Dify Tools versions prior to the fixed version Description: A vulnerability in the Dify Tools' Vanna module of the langgenius/dify repository allows for a Pandas Query Injection in the latest version. The vulnerability occurs in the function...
dify 安全漏洞
dify is an open source LLM application development platform from LangGenius Open Source. A security vulnerability exists in dify, which stems from the vulnerability of the Vanna module of Dify Tools to a Pandas query injection attack that could lead to remote code execution...
dify 代码问题漏洞
dify is an open source LLM application development platform from LangGenius Open Source. A code issue vulnerability exists in version 0.10.1 of dify, which stems from an unvalidated URL and could lead to a server-side request forgery attack...
PT-2025-12146 · Langgenius · Dify
Name of the Vulnerable Software and Affected Versions: langgenius/dify version 0.10.1 Description: The issue concerns the /forgot-password/resets endpoint, which does not verify the password reset code. This allows an attacker to reset the password of any user, including administrators, potential...
dify 代码问题漏洞
dify is an open source LLM application development platform from LangGenius Open Source. A code issue vulnerability exists in version 0.10.2 of dify, which stems from the Create Knowledge section when uploading DOCX files is vulnerable to server-side request forgery attacks...
dify 代码注入漏洞
dify is an open source LLM application development platform from LangGenius Open Source. A code injection vulnerability exists in dify v0.9.1 and prior versions, which stems from an internal SSRF request that could lead to code injection that could remove the entire sandbox service...
dify 跨站脚本漏洞
dify is an open source LLM application development platform from LangGenius Open Source. A cross-site scripting vulnerability exists in dify, which stems from improper validation and cleanup of user input in the SVG markdown support and could lead to a stored cross-site scripting attack...
dify 安全漏洞
dify is an open source LLM application development platform from LangGenius Open Source. A security vulnerability exists in dify version v0.10.1, which stems from unverified password reset code that could lead to full account control...
dify 跨站脚本漏洞
dify is an open source LLM application development platform from LangGenius Open Source. A cross-site scripting vulnerability exists in dify, which stems from an undisabled HTML tag and could lead to a stored cross-site scripting attack...
dify 安全漏洞
dify is an open source LLM application development platform from LangGenius Open Source. A security vulnerability exists in dify version v0.10.1, which stems from an unlimited number of password reset code guessing attempts, which could lead to a fully cracked account...
dify 安全漏洞
dify is an open source LLM application development platform from LangGenius Open Source. A security vulnerability exists in version 0.9.1 of dify, which stems from improper handling of the apiendpoint parameter and could lead to a server-side request forgery attack...
Dify Detected
This is an informational plugin to inform the user that the scanner has detected a publicly accessible Dify instance on the target application. Dify is an open-source LLM app development platform. This detection is included in the AI and LLM category. No source data...