Lucene search
K

6 matches found

EUVD
EUVD
added 2026/05/18 1:48 p.m.11 views

EUVD-2026-30772

Dify version 1.14.1 and prior contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership. Attackers can exploit missing tenant ownership checks in the trace configuration endpoints...

9.1CVSS5.8AI score0.00453EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/05/18 1:48 p.m.40 views

CVE-2026-41947 Dify < 1.14.2 Authorization Bypass via Trace Configuration Endpoints

Dify before version 1.14.2 contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership. Attackers can exploit missing tenant ownership checks in the trace configuration endpoints to...

9.3CVSS0.00453EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/05/18 1:48 p.m.8 views

CVE-2026-41947

Dify before version 1.14.2 contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership. Attackers can exploit missing tenant ownership checks in the trace configuration endpoints to...

9.3CVSS5.8AI score0.00453EPSS
Exploits1References6
CVE
CVE
added 2026/05/18 1:48 p.m.29 views

CVE-2026-41947

Affected product: Dify v1.14.1 and prior. Vulnerability: authorization bypass in trace configuration endpoints due to missing tenant ownership checks. Impact: authenticated editor users can set/enable trace configurations for any application and redirect messages/responses to attacker‑controlled ...

9.3CVSS5.8AI score0.00453EPSS
Exploits1References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/08/01 12:0 a.m.5 views

The vulnerability of the readConfig() function in the TraceConfiguration.cpp module of the “Red Database” database management system allows a hacker to cause a service failure.

The vulnerability of the readConfig function in the TraceConfiguration.cpp module of the “Red Database” database management system is related to the incorrect processing of the timeformat parameter. Exploiting this vulnerability can allow an attacker to cause a service failure...

4.9CVSS5.5AI score
Exploits0References2Affected Software2
OSV
OSV
added 2021/05/28 9:15 p.m.4 views

UBUNTU-CVE-2021-29507

GENIVI Diagnostic Log and Trace DLT provides a log and trace interface. In versions of GENIVI DLT between 2.10.0 and 2.18.6, a configuration file containing the special characters could cause a vulnerable component to crash. All the applications which are using the configuration file could fail t...

6.5CVSS6.6AI score0.00749EPSS
Exploits0References3
Rows per page
Query Builder