Lucene search
K

5 matches found

CVE
CVE
added 2026/01/20 12:0 a.m.34 views

CVE-2025-65482

The CVE-2025-65482 XXE vulnerability affects opensagres XDocReport versions 0.9.2 through 2.0.3, allowing arbitrary code execution via crafted .docx uploads. Root cause relates to XML data processing within the library, enabling an attacker to trigger code execution when processing external entit...

9.8CVSS6AI score0.00492EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2025/03/20 10:11 a.m.32 views

CVE-2025-0184 Server-Side Request Forgery (SSRF) in langgenius/dify

A Server-Side Request Forgery SSRF vulnerability was identified in langgenius/dify version 0.10.2. The vulnerability occurs in the 'Create Knowledge' section when uploading DOCX files. If an external relationship exists in the DOCX file, the reltype value is requested as a URL using the 'requests...

6.5CVSS0.00472EPSS
Exploits1References2
OSV
OSV
added 2025/03/20 10:11 a.m.9 views

CVE-2025-0184 Server-Side Request Forgery (SSRF) in langgenius/dify

A Server-Side Request Forgery SSRF vulnerability was identified in langgenius/dify version 0.10.2. The vulnerability occurs in the 'Create Knowledge' section when uploading DOCX files. If an external relationship exists in the DOCX file, the reltype value is requested as a URL using the 'requests...

6.5CVSS6.6AI score0.00472EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/03/20 10:11 a.m.7 views

CVE-2025-0184 Server-Side Request Forgery (SSRF) in langgenius/dify

A Server-Side Request Forgery SSRF vulnerability was identified in langgenius/dify version 0.10.2. The vulnerability occurs in the 'Create Knowledge' section when uploading DOCX files. If an external relationship exists in the DOCX file, the reltype value is requested as a URL using the 'requests...

6.5CVSS6.5AI score0.00472EPSS
Exploits1References2
Huntr
Huntr
added 2024/11/01 1:30 a.m.8 views

Server Side Request Forgery(SSRF) on WordExtractor in langgenius/dify

Summary The vulnerability occurs when uploading DOCX files in the "Create Knowledge" section. If an external relationship exists in the DOCX file, the reltype value is requested as a URL. Requests are sent using the 'requests' module instead of the 'ssrfproxy', which can lead to an SSRF...

6.5CVSS6.8AI score0.00472EPSS
Exploits1
Rows per page
Query Builder