EUVD-2026-30771

Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficient URL path sanitization. Attackers can traverse out of their authorized tenant path using unencod...

CVE-2026-41948

Dify v1.14.1 (and prior) is affected by a path traversal vulnerability in the Plugin Daemon internal API caused by insufficient URL path sanitization. authenticated users can traverse outside their tenant path using unencoded dot sequences in task IDs or manipulated filename parameters to reach i...

CVE-2026-41948 Dify v1.14.1 Path Traversal via Plugin Daemon Internal API Access

Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficient URL path sanitization. Attackers can traverse out of their authorized tenant path using unencod...

CVE-2026-41948 Dify v1.14.1 Path Traversal via Plugin Daemon Internal API Access

Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficient URL path sanitization. Attackers can traverse out of their authorized tenant path using unencod...

dify 安全漏洞

dify is an open-source LLM application development platform by LangGenius. Versions of dify prior to 1.14.1 have security vulnerabilities. These vulnerabilities stem from path traversal issues, which may allow authenticated users to manipulate requests redirected to the plugin daemon’s internal...

CVE-2024-10441

Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation OS BSM before 1.1-65374 and Synology DiskStation Manager DSM before 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allows remote attackers to execute arbitrary code via unspecified vectors...

CVE-2024-10441

CVE-2024-10441 affects Synology BeeStation OS (BSM) and DiskStation Manager (DSM). The vulnerability is described as an improper encoding or escaping of output in the system plugin daemon, affecting BSM <= 1.1-65374 and DSM

CVE-2024-10441

Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation OS BSM before 1.1-65374 and Synology DiskStation Manager DSM before 7.2-64570-4, 7.2.1-69057-6 and 7.2.2-72806-1 allows remote attackers to execute arbitrary code via unspecified vectors...

Synology DiskStation Manager（DSM）和Synology BeeStation Manager 安全漏洞

Synology DiskStation Manager DSM and Synology BeeStation Manager are both products of China-based Synology Corporation.Synology DiskStation Manager is an operating system for use on networked storage servers NAS. The operating system manages information such as data, files, photos, music, etc...