langgenius
AI / MLoss-project
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting langgenius.
- CVE-2026-41949Dify < 1.14.2 Authorization Bypass via File Preview Endpoint5.9
- CVE-2026-41948Dify v1.14.1 Path Traversal via Plugin Daemon Internal API Access9.4
- CVE-2026-41947Dify < 1.14.2 Authorization Bypass via Trace Configuration Endpoints9.1
- CVE-2026-41950Dify < 1.14.0 Authorization Bypass via File UUID6.5
- CVE-2026-42138Dify Vulnerable to Stored XSS via SVG-file upload6.1
- CVE-2026-6619langgenius dify ImagePreview image-preview.tsx openInNewTab cross site scripting3.5
- CVE-2026-6618langgenius dify ApiBasedToolSchemaParser parser.py parse_openai_plugin_json_to_tool_bundle server-side request forgery6.3
- CVE-2026-6617langgenius dify ApiToolManageService api_tools_manage_service.py get_api_tool_provider_remote_schema server-side request forgery6.3
- CVE-2025-63388A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/system-features endpoint. The endpoint implements an overly permissive CORS policy th...9.1
- CVE-2025-63386A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/setup endpoint. The endpoint implements an insecure CORS policy that reflects any Ori...9.1
- CVE-2025-63387Dify v1.9.1 is vulnerable to Insecure Permissions. An unauthenticated attacker can directly send HTTP GET requests to the /console/api/system-features endpoint without any authentication credential...7.5
- CVE-2025-56157Default credentials in Dify thru 1.5.1. PostgreSQL username and password specified in the docker-compose.yaml file included in its source code. NOTE: the Supplier reports that the Docker configurat...9.8
- CVE-2025-11750User Enumeration via Distinct Error Messages in langgenius/dify-web5.3
- CVE-2025-3467XSS Vulnerability in langgenius/dify5.4
- CVE-2025-3466Unsanitized Input in langgenius/dify7.2