Lucene search
K

8 matches found

EUVD
EUVD
added 2026/06/10 10:20 p.m.12 views

EUVD-2026-36166

Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite does not restrict the kernel capabilities available inside the container, malicious code can remount the directo...

10CVSS5.6AI score0.00289EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/10 10:20 p.m.31 views

CVE-2026-47213 BoxLite: Timeout Bypass Vulnerability

Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. In versions 0.8.2 and prior, Boxlite allows users to configure a timeout for services running inside the virtual machine. When the timeout is...

6.5CVSS0.00268EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/10 10:20 p.m.8 views

CVE-2026-47213 BoxLite: Timeout Bypass Vulnerability

Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. In versions 0.8.2 and prior, Boxlite allows users to configure a timeout for services running inside the virtual machine. When the timeout is...

6.5CVSS5.5AI score0.00268EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/03/22 12:5 p.m.5 views

CVE-2024-10252

A vulnerability in langgenius/dify versions =v0.9.1 allows for code injection via internal SSRF requests in the Dify sandbox service. This vulnerability enables an attacker to execute arbitrary Python code with root privileges within the sandbox environment, potentially leading to the deletion of...

8.8CVSS8.1AI score0.00749EPSS
Exploits1References1
NVD
NVD
added 2025/03/20 10:15 a.m.6 views

CVE-2024-10252

A vulnerability in langgenius/dify versions =v0.9.1 allows for code injection via internal SSRF requests in the Dify sandbox service. This vulnerability enables an attacker to execute arbitrary Python code with root privileges within the sandbox environment, potentially leading to the deletion of...

8.8CVSS0.00749EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.10 views

CVE-2024-10252 Code Injection in langgenius/dify

A vulnerability in langgenius/dify versions =v0.9.1 allows for code injection via internal SSRF requests in the Dify sandbox service. This vulnerability enables an attacker to execute arbitrary Python code with root privileges within the sandbox environment, potentially leading to the deletion of...

8.8CVSS0.00749EPSS
Exploits1References2
CVE
CVE
added 2025/03/20 10:10 a.m.62 views

CVE-2024-10252

CVE-2024-10252 affects langgenius/dify

8.8CVSS9.1AI score0.00749EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2025/03/20 12:0 a.m.5 views

dify 代码注入漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A code injection vulnerability exists in dify v0.9.1 and prior versions, which stems from an internal SSRF request that could lead to code injection that could remove the entire sandbox service...

8.8CVSS8.9AI score0.00749EPSS
Exploits1References2
Rows per page
Query Builder