Lucene search
K

313 matches found

CNNVD
CNNVD
added 2025/03/20 12:0 a.m.3 views

dify 安全特征问题漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A security feature issue vulnerability exists in dify version v0.10.1 that stems from a weak pseudo-random number generator that could lead to account takeover...

8.8CVSS7.4AI score0.00542EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.7 views

PT-2025-12302 · Pandas +1 · Pandas +1

Name of the Vulnerable Software and Affected Versions: Dify Tools versions prior to the fixed version Description: A vulnerability in the Dify Tools' Vanna module of the langgenius/dify repository allows for a Pandas Query Injection in the latest version. The vulnerability occurs in the function...

8.8CVSS7.9AI score0.00983EPSS
Exploits1References8
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.4 views

dify 安全漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A security vulnerability exists in dify, which stems from the vulnerability of the Vanna module of Dify Tools to a Pandas query injection attack that could lead to remote code execution...

8.8CVSS9AI score0.00983EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.6 views

dify 代码问题漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A code issue vulnerability exists in version 0.10.1 of dify, which stems from an unvalidated URL and could lead to a server-side request forgery attack...

6.5CVSS6.5AI score0.0061EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/03/20 12:0 a.m.6 views

PT-2025-12146 · Langgenius · Dify

Name of the Vulnerable Software and Affected Versions: langgenius/dify version 0.10.1 Description: The issue concerns the /forgot-password/resets endpoint, which does not verify the password reset code. This allows an attacker to reset the password of any user, including administrators, potential...

8.1CVSS7.9AI score0.00614EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.2 views

dify 代码问题漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A code issue vulnerability exists in version 0.10.2 of dify, which stems from the Create Knowledge section when uploading DOCX files is vulnerable to server-side request forgery attacks...

6.5CVSS6.7AI score0.00472EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.3 views

dify 代码注入漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A code injection vulnerability exists in dify v0.9.1 and prior versions, which stems from an internal SSRF request that could lead to code injection that could remove the entire sandbox service...

8.8CVSS8.9AI score0.00749EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.4 views

dify 跨站脚本漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A cross-site scripting vulnerability exists in dify, which stems from improper validation and cleanup of user input in the SVG markdown support and could lead to a stored cross-site scripting attack...

6.8CVSS6.2AI score0.00398EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.4 views

dify 安全漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A security vulnerability exists in dify version v0.10.1, which stems from unverified password reset code that could lead to full account control...

8.1CVSS8.1AI score0.00614EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.4 views

dify 跨站脚本漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A cross-site scripting vulnerability exists in dify, which stems from an undisabled HTML tag and could lead to a stored cross-site scripting attack...

7.6CVSS5.4AI score0.00432EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.4 views

dify 安全漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A security vulnerability exists in dify version v0.10.1, which stems from an unlimited number of password reset code guessing attempts, which could lead to a fully cracked account...

8.1CVSS7.6AI score0.00634EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.3 views

dify 安全漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A security vulnerability exists in version 0.9.1 of dify, which stems from improper handling of the apiendpoint parameter and could lead to a server-side request forgery attack...

7.5CVSS6.5AI score0.0056EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2024/07/29 12:0 a.m.52 views

Dify Detected

This is an informational plugin to inform the user that the scanner has detected a publicly accessible Dify instance on the target application. Dify is an open-source LLM app development platform. This detection is included in the AI and LLM category. No source data...

7.2AI score
Exploits0References2
Rows per page
Query Builder