313 matches found
CVE-2026-21866
Dify is an open-source LLM app development platform. Prior to 1.11.2, Dify is vulnerable to a stored XSS issue when rendering Mermaid diagrams within chats. This occurs because Dify’s default Mermaid configuration uses securityLevel: loose, which allows potentially unsafe content to execute. This...
CVE-2026-21866 Dify - Stored XSS in chat
Dify is an open-source LLM app development platform. Prior to 1.11.2, Dify is vulnerable to a stored XSS issue when rendering Mermaid diagrams within chats. This occurs because Dify’s default Mermaid configuration uses securityLevel: loose, which allows potentially unsafe content to execute. This...
CVE-2026-21866 Dify - Stored XSS in chat
Dify is an open-source LLM app development platform. Prior to 1.11.2, Dify is vulnerable to a stored XSS issue when rendering Mermaid diagrams within chats. This occurs because Dify’s default Mermaid configuration uses securityLevel: loose, which allows potentially unsafe content to execute. This...
CVE-2026-21866
Dify (open-source LLM app platform) is affected by a stored XSS in Mermaid rendering prior to version 1.11.2 due to securityLevel: loose; this may allow execution of unsafe content in chats. The issue is fixed in 1.11.2. CVSS v4 base score 5.1 (Medium); attack vector NETWORK, low attack complexit...
CVE-2026-21866 Dify - Stored XSS in chat
Dify is an open-source LLM app development platform. Prior to 1.11.2, Dify is vulnerable to a stored XSS issue when rendering Mermaid diagrams within chats. This occurs because Dify’s default Mermaid configuration uses securityLevel: loose, which allows potentially unsafe content to execute. This...
EUVD-2026-9325
Dify is an open-source LLM app development platform. Prior to 1.11.2, Dify is vulnerable to a stored XSS issue when rendering Mermaid diagrams within chats. This occurs because Dify’s default Mermaid configuration uses securityLevel: loose, which allows potentially unsafe content to execute. This...
dify 跨站脚本漏洞
dify is an open-source LLM application development platform developed by LangGenius. Versions of dify prior to 1.11.2 had a cross-site scripting vulnerability. This vulnerability stemmed from the relaxed security settings when Mermaid charts were rendered in chat messages, potentially leading to...
PT-2026-22832
Name of the Vulnerable Software and Affected Versions Dify versions prior to 1.11.2 Description Dify, an open-source LLM app development platform, contains a stored cross-site scripting XSS issue when rendering Mermaid diagrams within chats. The issue stems from Dify’s default Mermaid configurati...
CVE-2026-28288
Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue...
CVE-2026-28288
Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue...
CVE-2026-28288
Dify (open-source LLM app development platform) has a user enumeration vulnerability in its API prior to version 1.9.0, where responses differ between existing and non-existent accounts, enabling email-address enumeration. The issue is addressed in version 1.9.0. Exploitation is noted as a proof-...
CVE-2026-28288 Dify has a user enumeration issue
Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue...
CVE-2026-28288 Dify has a user enumeration issue
Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue...
CVE-2026-28288
Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue...
EUVD-2026-9068
Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue...
CVE-2026-28288 Dify has a user enumeration issue
Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue...
dify 安全漏洞
dify is an open-source LLM application development platform developed by LangGenius. Versions of dify prior to 1.9.0 contained security vulnerabilities. These vulnerabilities were caused by differences in API responses, which could lead to the enumeration of registered email addresses...
CVE-2026-26023
Dify is an open-source LLM app development platform. Prior to 1.13.0, a cross site scripting vulnerability has been found in the web application chat frontend when using echarts. User or llm inputs containing echarts containing a specific javascript payload will be executed. This vulnerability is...
CVE-2026-26023
Dify is an open-source LLM app development platform. Prior to 1.13.0, a cross site scripting vulnerability has been found in the web application chat frontend when using echarts. User or llm inputs containing echarts containing a specific javascript payload will be executed. This vulnerability is...
CVE-2026-26023
CVE-2026-26023 affects Dify’s web chat frontend when using echarts prior to version 1.13.0, enabling a client-side DOM XSS via inputs containing a specific JavaScript payload. The vulnerability, exploitable with network access and passive user interaction, has no confidentiality/integrity/availab...