2 matches found
CVE-2026-6619
creationtimestamp| type| source ---|---|--- 2026-04-20 11:53:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjwfttkvi72k...
CVE-2026-6619
The CVE affects langgenius dify up to version 1.13.3, specifically the ImagePreview component’s openInNewTab in web/app/components/base/image-uploader/image-preview.tsx. The vulnerability arises from manipulating the filename argument, enabling cross-site scripting. Impact is described as remote ...