langgenius

Top products

The 15 most recently published vulnerabilities affecting langgenius.

• CVE-2026-41949Dify < 1.14.2 Authorization Bypass via File Preview Endpoint5.9May 18, 2026
• CVE-2026-41948Dify v1.14.1 Path Traversal via Plugin Daemon Internal API Access9.4May 18, 2026
• CVE-2026-41947Dify < 1.14.2 Authorization Bypass via Trace Configuration Endpoints9.1May 18, 2026
• CVE-2026-41950Dify < 1.14.0 Authorization Bypass via File UUID6.5May 5, 2026
• CVE-2026-42138Dify Vulnerable to Stored XSS via SVG-file upload6.1May 4, 2026
• CVE-2026-34082Dify has IDOR in deleting someone else's chat conversation4.3Apr 20, 2026
• CVE-2026-6619langgenius dify ImagePreview image-preview.tsx openInNewTab cross site scripting3.5Apr 20, 2026
• CVE-2026-6618langgenius dify ApiBasedToolSchemaParser parser.py parse_openai_plugin_json_to_tool_bundle server-side request forgery6.3Apr 20, 2026
• CVE-2026-6617langgenius dify ApiToolManageService api_tools_manage_service.py get_api_tool_provider_remote_schema server-side request forgery6.3Apr 20, 2026
• CVE-2026-21866Dify - Stored XSS in chat5.4Mar 3, 2026
• CVE-2026-26023Client‑side DOM XSS in the web chat app of Dify when using echarts6.1Feb 11, 2026
• CVE-2025-67732Dify Vulnerable to Plaintext API Key Exposure via Model Provider Configuration Endpoint6.5Jan 5, 2026
• CVE-2025-63388A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/system-features endpoint. The endpoint implements an overly permissive CORS policy th...9.1Dec 18, 2025
• CVE-2025-63387Dify v1.9.1 is vulnerable to Insecure Permissions. An unauthenticated attacker can directly send HTTP GET requests to the /console/api/system-features endpoint without any authentication credential...7.5Dec 18, 2025
• CVE-2025-63386A Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in the /console/api/setup endpoint. The endpoint implements an insecure CORS policy that reflects any Ori...9.1Dec 18, 2025