Lucene search
K

6 matches found

Nuclei
Nuclei
added yesterday67 views

Dify User Enumeration via Observable Response Discrepancy

Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue. id: CVE-2026-28288 info: name: Dify User Enumeratio...

6.9CVSS5.9AI score0.00635EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/12 9:28 p.m.60 views

CVE-2026-44305 Lemur: LDAP TLS certificate verification globally disabled enables credential interception

Lemur manages TLS certificate creation. Prior to 1.9.0, when LDAP TLS is enabled LDAPUSETLS = True, Lemur's LDAP authentication module unconditionally disables TLS certificate verification at the global ldap module level. This allows a man-in-the-middle attacker positioned between Lemur and the...

6.8CVSS0.00094EPSS
Exploits0References1
OSV
OSV
added 2026/03/20 4:52 a.m.5 views

CVE-2026-33017 Langflow has Unauthenticated Remote Code Execution via Public Flow Build Endpoint

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions prior to 1.9.0, the POST /api/v1/buildpublictmp/flowid/flow endpoint allows building public flows without requiring authentication. When the optional data parameter is supplied, the endpoint uses...

9.3CVSS6.3AI score0.98412EPSS
Exploits19References9
EUVD
EUVD
added 2026/02/27 8:25 p.m.4 views

EUVD-2026-9068

Dify is an open-source LLM app development platform. Prior to 1.9.0, responses from the Dify API to existing and non-existent accounts differ, allowing an attacker to enumerate email addresses registered with Dify. Version 1.9.0 fixes the issue...

6.9CVSS5.9AI score0.00635EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.7 views

PT-2026-22397

Name of the Vulnerable Software and Affected Versions Dify versions prior to 1.9.0 Description The Dify API exhibits differing responses when queried for existing and non-existent accounts, potentially enabling an attacker to enumerate email addresses registered with the Dify platform. This issue...

6.9CVSS5.9AI score0.00635EPSS
Exploits1References9
The Hacker News
The Hacker News
added 2021/02/01 7:14 a.m.6 views

Google Discloses Severe Bug in Libgcrypt Encryption Library—Impacting Many Projects

A "severe" vulnerability in GNU Privacy Guard GnuPG's Libgcrypt encryption software could have allowed an attacker to write arbitrary data to the target machine, potentially leading to remote code execution. The flaw, which affects version 1.9.0 of libgcrypt, was discovered on January 28 by Tavis...

6.5AI score
Exploits0
Rows per page
Query Builder