Lucene search
K

9 matches found

NVD
NVD
added 2026/06/25 7:16 p.m.8 views

CVE-2026-56769

Huly Platform through 0.7.423, fixed in commit 68cbf8a contains an authenticated server-side request forgery vulnerability in the /import endpoint of front pod that allows workspace users to make arbitrary server requests. Attackers can exploit this by supplying malicious URLs to fetch internal...

8.5CVSS0.00216EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/25 6:5 p.m.8 views

EUVD-2026-39521

Huly Platform through 0.7.423, fixed in commit 68cbf8a contains an authenticated server-side request forgery vulnerability in the /import endpoint of front pod that allows workspace users to make arbitrary server requests. Attackers can exploit this by supplying malicious URLs to fetch internal...

8.5CVSS6AI score0.00216EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/25 6:5 p.m.32 views

CVE-2026-56769 Huly Platform - Server-Side Request Forgery via /import Endpoint

Huly Platform through 0.7.423, fixed in commit 68cbf8a contains an authenticated server-side request forgery vulnerability in the /import endpoint of front pod that allows workspace users to make arbitrary server requests. Attackers can exploit this by supplying malicious URLs to fetch internal...

8.5CVSS0.00216EPSS
Exploits0References4
CVE
CVE
added 2026/06/25 6:5 p.m.12 views

CVE-2026-56769

Huly Platform through version 0.7.423 contains an authenticated server-side request forgery (SSRF) in the /import endpoint of the front pod. The vulnerability lets workspace users issue arbitrary server requests by supplying malicious URLs, enabling access to internal services, exfiltration of re...

8.5CVSS6AI score0.00216EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 6:5 p.m.2 views

CVE-2026-56769 Huly Platform - Server-Side Request Forgery via /import Endpoint

Huly Platform through 0.7.423, fixed in commit 68cbf8a contains an authenticated server-side request forgery vulnerability in the /import endpoint of front pod that allows workspace users to make arbitrary server requests. Attackers can exploit this by supplying malicious URLs to fetch internal...

6.3CVSS6AI score0.00216EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.6 views

CVE-2026-32750

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, POST /api/import/importStdMd passes the localPath parameter directly to model.ImportFromLocalPath with zero path validation. The function recursively reads every file under the given path and permanently stores their...

6.8CVSS5.9AI score0.00431EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/09/25 1:19 p.m.5 views

CVE-2025-59422 Dify Has Broken Access Control on Log Message Endpoint Allows Reading of Chats of Others

Dify is an open-source LLM app development platform. In version 1.8.1, a broken access control vulnerability on the /console/api/apps/chat-messages?conversationid=&limit=10 endpoint allows users in the same workspace to read chat messages of other users. A regular user is able to read the query...

6CVSS6.3AI score0.0023EPSS
Exploits1References2
CVE
CVE
added 2025/09/25 1:19 p.m.16 views

CVE-2025-59422

CVE-2025-59422 affects Dify (open‑source LLM app platform) in version 1.8.1. A broken access control flaw on the endpoint /console/api/apps/chat-messages?conversation_id=&limit=10 allows users in the same workspace to read other users’ chat messages, including query data and filenames, if the con...

6CVSS6.3AI score0.0023EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/09/25 1:19 p.m.6 views

CVE-2025-59422 Dify Has Broken Access Control on Log Message Endpoint Allows Reading of Chats of Others

Dify is an open-source LLM app development platform. In version 1.8.1, a broken access control vulnerability on the /console/api/apps/chat-messages?conversationid=&limit=10 endpoint allows users in the same workspace to read chat messages of other users. A regular user is able to read the query...

6CVSS6.6AI score0.0023EPSS
Exploits1References4
Rows per page
Query Builder