浏览 30+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-34082 | Dify has IDOR in deleting someone else's chat conversation | langgenius | dify | - | - | 2026-04-20 23:03:18 | Deep Dive |
| CVE-2026-6619 | langgenius dify ImagePreview image-preview.tsx openInNewTab cross site scripting | langgenius | dify | Low | 3.5 | 2026-04-20 08:00:17 | Deep Dive |
| CVE-2026-6618 | langgenius dify ApiBasedToolSchemaParser parser.py parse_openai_plugin_json_to_tool_bundle server-side request forgery | langgenius | dify | Medium | 6.3 | 2026-04-20 07:45:17 | Deep Dive |
| CVE-2026-6617 | langgenius dify ApiToolManageService api_tools_manage_service.py get_api_tool_provider_remote_schema server-side request forgery | langgenius | dify | Medium | 6.3 | 2026-04-20 07:30:12 | Deep Dive |
| CVE-2026-21866 | Dify - Stored XSS in chat | langgenius | dify | - | - | 2026-03-03 21:42:25 | Deep Dive |
| CVE-2026-28288 | Dify has a user enumeration issue | langgenius | dify | 中危 | - | 2026-02-27 20:25:25 | Deep Dive |
| CVE-2026-26023 | Client‑side DOM XSS in the web chat app of Dify when using echarts | langgenius | dify | - | - | 2026-02-11 21:23:10 | Deep Dive |
| CVE-2025-67732 | Dify Vulnerable to Plaintext API Key Exposure via Model Provider Configuration Endpoint | langgenius | dify | 高危 | - | 2026-01-05 21:41:02 | Deep Dive |
| CVE-2025-11750 | User Enumeration via Distinct Error Messages in langgenius/dify-web | langgenius | langgenius/dify | - | - | 2025-10-22 13:13:32 | Deep Dive |
| CVE-2025-58747 | Dify MCP OAuth Flow Vulnerable to XSS | langgenius | dify | - | - | 2025-10-17 15:48:05 | Deep Dive |
| CVE-2025-59422 | Dify Has Broken Access Control on Log Message Endpoint Allows Reading of Chats of Others | langgenius | dify | - | - | 2025-09-25 13:19:11 | Deep Dive |
| CVE-2025-3467 | XSS Vulnerability in langgenius/dify | langgenius | langgenius/dify | - | - | 2025-07-07 09:56:19 | Deep Dive |
| CVE-2025-3466 | Unsanitized Input in langgenius/dify | langgenius | langgenius/dify | - | - | 2025-07-07 09:55:29 | Deep Dive |
| CVE-2025-49149 | Dify has XSS vulnerability | langgenius | dify | - | - | 2025-06-17 22:34:25 | Deep Dive |
| CVE-2025-43854 | DIFY vulnerable to Clickjacking Attack | langgenius | dify | - | - | 2025-04-28 15:58:55 | Deep Dive |
| CVE-2025-43862 | Dify Allows Unauthorized Access and Modification of APP Orchestration | langgenius | dify | High | 7.6 | 2025-04-25 15:05:32 | Deep Dive |
| CVE-2025-32796 | Dify Allows Unauthorized APP Enable/Disable via API | langgenius | dify | Medium | 6.5 | 2025-04-18 16:06:48 | Deep Dive |
| CVE-2025-32795 | Dify Allows Insecure User Role Access Control for APP Editing | langgenius | dify | Medium | 6.5 | 2025-04-18 16:05:12 | Deep Dive |
| CVE-2025-32790 | Dify Allows Insecure User Role Access Control for APP DSL Exporting | langgenius | dify | Medium | 6.3 | 2025-04-18 12:15:11 | Deep Dive |
| CVE-2025-0184 | Server-Side Request Forgery (SSRF) in langgenius/dify | langgenius | langgenius/dify | 中危 | - | 2025-03-20 10:11:38 | Deep Dive |