Lucene search

K

6 matches found

CVE
CVE
added 2025/04/18 4:15 p.m.59 views

CVE-2025-32795

Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users are improperly granted permissions to edit APP names, descriptions and icons. This access control flaw allows non-admin users to modify app details, despite be...

6.5CVSS7AI score0.00035EPSS
CVE
CVE
added 2025/04/18 1:15 p.m.56 views

CVE-2025-32790

Dify is an open-source LLM app development platform. In versions 0.6.8 and prior, a vulnerability was identified in the DIFY AI where normal users are improperly granted permissions to export APP DSL. The feature in '/export' should only allow administrator users to export DSL. A workaround for thi...

6.3CVSS6.1AI score0.00041EPSS
CVE
CVE
added 2025/03/20 10:15 a.m.48 views

CVE-2025-0184

A Server-Side Request Forgery (SSRF) vulnerability was identified in langgenius/dify version 0.10.2. The vulnerability occurs in the 'Create Knowledge' section when uploading DOCX files. If an external relationship exists in the DOCX file, the reltype value is requested as a URL using the 'requests...

6.5CVSS6.9AI score0.00043EPSS
CVE
CVE
added 2025/04/25 3:15 p.m.47 views

CVE-2025-43862

Dify is an open-source LLM app development platform. Prior to version 0.6.12, a normal user is able to access and modify APP orchestration, even though the web UI of APP orchestration is not presented for a normal user. This access control flaw allows non-admin users to make unauthorized access and...

7.6CVSS7.5AI score0.00052EPSS
CVE
CVE
added 2025/03/20 10:15 a.m.40 views

CVE-2024-11824

A stored cross-site scripting (XSS) vulnerability exists in langgenius/dify version latest, specifically in the chat log functionality. The vulnerability arises because certain HTML tags like and are not disallowed, allowing an attacker to inject malicious HTML into the log via prompts. When an a...

7.6CVSS5.3AI score0.00035EPSS
CVE
CVE
added 2025/07/07 10:15 a.m.11 views

CVE-2025-3467

An XSS vulnerability exists in langgenius/dify versions prior to 1.1.3, specifically affecting Firefox browsers. This vulnerability allows an attacker to obtain the administrator's token by sending a payload in the published chat. When the administrator views the conversation content through the mo...

8CVSS7.3AI score0.00043EPSS