Vulnerabilidades en langgenius
35 resultadosCVE-2026-41950MEDIUMDify < 1.14.0 Authorization Bypass via File UUIDEPSS 0.3%CVE-2025-67732HIGHDify Vulnerable to Plaintext API Key Exposure via Model Provider Configuration EndpointEPSS 0.3%CVE-2025-43862HIGHDify Allows Unauthorized Access and Modification of APP OrchestrationEPSS 0.3%CVE-2025-32795MEDIUMDify Allows Insecure User Role Access Control for APP EditingEPSS 0.2%CVE-2026-26023MEDIUMClient‑side DOM XSS in the web chat app of Dify when using echartsEPSS 0.2%CVE-2025-32790MEDIUMDify Allows Insecure User Role Access Control for APP DSL ExportingEPSS 0.2%CVE-2026-42138MEDIUMDify Vulnerable to Stored XSS via SVG-file uploadEPSS 0.2%CVE-2025-49149MEDIUMDify has XSS vulnerabilityEPSS 0.2%CVE-2025-59422MEDIUMDify Has Broken Access Control on Log Message Endpoint Allows Reading of Chats of OthersEPSS 0.2%CVE-2026-21866MEDIUMDify - Stored XSS in chatEPSS 0.2%CVE-2026-6619MEDIUMlanggenius dify ImagePreview image-preview.tsx openInNewTab cross site scriptingEPSS 0.2%CVE-2026-6618MEDIUMlanggenius dify ApiBasedToolSchemaParser parser.py parse_openai_plugin_json_to_tool_bundle server-side request forgeryEPSS 0.2%CVE-2026-6617MEDIUMlanggenius dify ApiToolManageService api_tools_manage_service.py get_api_tool_provider_remote_schema server-side request forgeryEPSS 0.2%CVE-2025-43854LOWDIFY vulnerable to Clickjacking AttackEPSS 0.2%CVE-2026-34082MEDIUMDify has IDOR in deleting someone else's chat conversationEPSS 0.2%