Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
LanggeniusDify

2 matches found

CVE
CVEadded 2025/04/25 3:15 p.m.46 views

CVE-2025-43862

Dify is an open-source LLM app development platform. Prior to version 0.6.12, a normal user is able to access and modify APP orchestration, even though the web UI of APP orchestration is not presented for a normal user. This access control flaw allows non-admin users to make unauthorized access and...

7.6CVSS7.5AI score0.00071EPSS
CVE
CVEadded 2025/03/20 10:15 a.m.40 views

CVE-2024-11824

A stored cross-site scripting (XSS) vulnerability exists in langgenius/dify version latest, specifically in the chat log functionality. The vulnerability arises because certain HTML tags like and are not disallowed, allowing an attacker to inject malicious HTML into the log via prompts. When an a...

7.6CVSS5.3AI score0.00035EPSS