Vulnerabilidades en langgenius
35 resultadosCVE-2025-58747LOWDify MCP OAuth Flow Vulnerable to XSSEPSS 5.2%CVE-2025-0185HIGHPandas Query Injection in langgenius/difyEPSS 1.0%CVE-2024-10252HIGHCode Injection in langgenius/difyEPSS 0.7%CVE-2025-11750MEDIUMUser Enumeration via Distinct Error Messages in langgenius/dify-webEPSS 0.7%CVE-2025-3466CRITICALUnsanitized Input in langgenius/difyEPSS 0.7%CVE-2026-28288MEDIUMDify has a user enumeration issueEPSS 0.6%CVE-2024-12039HIGHImproper Restriction of Excessive Authentication Attempts in langgenius/difyEPSS 0.6%CVE-2024-12776HIGHAuthentication Bypass in langgenius/difyEPSS 0.6%CVE-2024-12775MEDIUMSSRF in langgenius/difyEPSS 0.6%CVE-2024-11822MEDIUMServer-Side Request Forgery (SSRF) in langgenius/difyEPSS 0.6%CVE-2025-1796HIGHAdmin account takeover through weak Pseudo-Random number generator used in generating password reset codes in langgenius/difyEPSS 0.5%CVE-2026-41948CRITICALDify v1.14.1 Path Traversal via Plugin Daemon Internal API AccessEPSS 0.5%CVE-2025-0184MEDIUMServer-Side Request Forgery (SSRF) in langgenius/difyEPSS 0.5%CVE-2026-41947CRITICALDify < 1.14.2 Authorization Bypass via Trace Configuration EndpointsEPSS 0.5%CVE-2024-11821MEDIUMPrivilege Escalation in langgenius/difyEPSS 0.4%CVE-2026-41949HIGHDify < 1.14.2 Authorization Bypass via File Preview EndpointEPSS 0.4%CVE-2024-11824MEDIUMStored XSS in langgenius/difyEPSS 0.4%CVE-2024-11850MEDIUMStored XSS in langgenius/difyEPSS 0.4%CVE-2025-32796MEDIUMDify Allows Unauthorized APP Enable/Disable via APIEPSS 0.4%CVE-2025-3467HIGHXSS Vulnerability in langgenius/difyEPSS 0.3%