Lucene search
K

8 matches found

NVD
NVD
added 2026/05/18 3:16 p.m.40 views

CVE-2026-41949

Dify before version 1.14.2 contains an authorization bypass vulnerability in the file preview endpoint that allows any authenticated user to read up to 3,000 characters of any uploaded document across all tenants and workspaces using only the file's UUID. Attackers can access the...

8.2CVSS0.00435EPSS
Exploits1References6
EUVD
EUVD
added 2026/05/18 1:52 p.m.51 views

EUVD-2026-30774

Dify version 1.14.1 and prior contain an authorization bypass vulnerability in the file preview endpoint that allows any authenticated user to read up to 3,000 characters of any uploaded document across all tenants and workspaces using only the file's UUID. Attackers can access the...

8.2CVSS5.7AI score0.00435EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/18 1:52 p.m.51 views

CVE-2026-41949 Dify < 1.14.2 Authorization Bypass via File Preview Endpoint

Dify before version 1.14.2 contains an authorization bypass vulnerability in the file preview endpoint that allows any authenticated user to read up to 3,000 characters of any uploaded document across all tenants and workspaces using only the file's UUID. Attackers can access the...

8.2CVSS0.00435EPSS
Exploits1References6
CVE
CVE
added 2026/05/18 1:52 p.m.22 views

CVE-2026-41949

Dify v1.14.1 (and earlier) contains an authorization bypass in the file preview endpoint. An authenticated user can read up to 3,000 characters from any uploaded document across tenants/workspaces by using only the file UUID via /console/api/files/{file_id}/preview. The note that Dify Cloud allow...

8.2CVSS5.7AI score0.00435EPSS
Exploits1References6Affected Software1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.8 views

dify 安全漏洞

dify is an open-source LLM application development platform by LangGenius. Versions of dify prior to 1.14.1 have a security vulnerability. This vulnerability stems from an authorization bypass issue in the file preview endpoint, which allows any authenticated user to read the first 3,000 characte...

8.2CVSS5.8AI score0.00435EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/04/07 4:35 p.m.14 views

CVE-2026-35608 QuickDrop has stored XSS in SVG file preview endpoint allowing JavaScript execution

QuickDrop is an easy-to-use file sharing application. Prior to 1.5.3, a stored XSS vulnerability exists in the file preview endpoint. The application allows SVG files to be uploaded via the /api/file/upload-chunk endpoint. An attacker can upload a specially crafted SVG file containing a JavaScrip...

5.3CVSS0.00187EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/07 4:35 p.m.4 views

EUVD-2026-19784

QuickDrop is an easy-to-use file sharing application. Prior to 1.5.3, a stored XSS vulnerability exists in the file preview endpoint. The application allows SVG files to be uploaded via the /api/file/upload-chunk endpoint. An attacker can upload a specially crafted SVG file containing a JavaScrip...

5.3CVSS5.9AI score0.00187EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.5 views

QuickDrop 跨站脚本漏洞

QuickDrop is a self-hosted anonymous file sharing application developed by Rostislav. It supports multipart uploads and encrypted storage. Versions of QuickDrop prior to 1.5.3 had a cross-site scripting vulnerability. This vulnerability stemmed from a storage-related cross-site scripting flaw in...

6.1CVSS5.6AI score0.00187EPSS
Exploits1References2
Rows per page
Query Builder