Where
-Infinity
0

Trending

Last week
Last month
Last year

Dify difyDify < 1.14.0 Authorization Bypass via File UUID

Risk 38
Severity
6
First published (updated )
CVE-2026-41950

Dify difyDify Vulnerable to Stored XSS via SVG-file upload

Risk 33
Severity
6.9
First published (updated )
CVE-2026-42138

Dify difyA Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in the /…

Risk 66
Severity
9.1
First published (updated )
CVE-2025-63388

DifyA Cross-Origin Resource Sharing (CORS) misconfiguration vulnerability exists in Dify v1.9.1 in the /…

Risk 66
Severity
9.1
First published (updated )
CVE-2025-63386

npm/difyDify v1.9.1 is vulnerable to Insecure Permissions. An unauthenticated attacker can directly send HTT…

Risk 43
Severity
7.5
First published (updated )
CVE-2025-63387
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

docker-compose/difyDefault credentials in Dify thru 1.5.1. PostgreSQL username and password specified in the docker-com…

Risk 86
Severity
9.8
First published (updated )
CVE-2025-56157

Dify difyDIFY vulnerable to Clickjacking Attack

Risk 27
Severity
6.1
EPSS
0.03%
First published (updated )
CVE-2025-43854

Dify difyDify Allows Unauthorized APP Enable/Disable via API

Risk 27
Severity
6.5
EPSS
0.03%
First published (updated )
CVE-2025-32796

IBM Cognos AnalyticsPath Traversal

Risk 58
Severity
8.8
EPSS
0.04%
First published (updated )
CVE-2024-21891

IBM Cognos AnalyticsPath Traversal

Risk 62
Severity
9.8
EPSS
0.04%
First published (updated )
CVE-2024-21896
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

IBM Cognos AnalyticsNode.js could allow a remote attacker to bypass security restrictions, caused by the improper handli…

Risk 29
Severity
6.5
EPSS
0.04%
First published (updated )
CVE-2024-21890

redhat/nodeCode Injection

Risk 53
Severity
7.8
EPSS
0.04%
First published (updated )
CVE-2024-21892

Nodejs Node.jsNode.js could allow a remote attacker to obtain sensitive information, caused by the failure to rest…

Risk 28
Severity
5.3
First published (updated )
CVE-2023-32005

Nodejs Node.jsPath Traversal

Risk 45
Severity
7.5
First published (updated )
CVE-2023-32558

Fedoraproject FedoraPath Traversal

Risk 28
Severity
5.3
First published (updated )
CVE-2023-32003
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Fedoraproject FedoraPath Traversal

Risk 81
Severity
8.8
First published (updated )
CVE-2023-32004

Nodejs Node.jsNode.js could allow a remote attacker to bypass security restrictions, caused by the use of the depr…

Risk 75
Severity
7.5
First published (updated )
CVE-2023-32559

Nodejs Node.jsNode.js could allow a remote attacker to bypass security restrictions, caused by the use of module.c…

Risk 84
Severity
8.8
First published (updated )
CVE-2023-32006

Nodejs Node.jsHackerOne: CVE-2023-32002 Node.js `Module._load()` policy Remote Code Execution Vulnerability

Risk 91
Severity
9.8
First published (updated )
CVE-2023-32002

Nodejs Node.jsLast updated 24 July 2024

Risk 46
Severity
7.5
First published (updated )
CVE-2023-30590
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Nodejs Node.jsLast updated 24 July 2024

Risk 28
Severity
5.3
First published (updated )
CVE-2023-30588

Nodejs Node.jsNode.js could allow a remote attacker to bypass security restrictions, caused by an error in the cry…

Risk 45
Severity
7.5
First published (updated )
CVE-2023-30586

Nodejs Node.jsXSS

Risk 46
Severity
7.5
First published (updated )
CVE-2023-30589

redhat/nodejsCRLF Injection in Nodejs ‘undici’ via host

Risk 41
Severity
6.5
First published (updated )
CVE-2023-23936

Nodejs Node.jsLast updated 24 July 2024

Risk 45
Severity
7.5
First published (updated )
CVE-2023-23919
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Nodejs Node.jsIt was possible to bypass Permissions and access non authorized modules by using process.mainModule.…

Risk 45
Severity
7.5
First published (updated )
CVE-2023-23918

Nodejs Node.jsLast updated 24 July 2024

Risk 25
Severity
4.2
First published (updated )
CVE-2023-23920

Nodejs Node.jsCommand Injection, OS Command Injection

Risk 78
Severity
8.1
First published (updated )
CVE-2022-43548

Nodejs Node.jsWeak RNG

Risk 68
Severity
9.1
First published (updated )
CVE-2022-35255

Nodejs Node.jsXSS

Risk 41
Severity
6.5
First published (updated )
CVE-2022-35256
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203