Most recent sightings.

https://vulnerability.circl.lu/sightings/feed Most recent sightings. 2026-06-25T06:26:42.817436+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/31ab4f94-b943-4f20-b53a-d910931d9c8b/export 31ab4f94-b943-4f20-b53a-d910931d9c8b 2026-06-25T06:26:42.837702+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "31ab4f94-b943-4f20-b53a-d910931d9c8b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41947", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mm5dtbyy3q2o", "content": "CVE-2026-41947 - Dify v1.14.1 Authorization Bypass via Trace Configuration Endpoints\nCVE ID : CVE-2026-41947\n \n Published : May 18, 2026, 3:16 p.m. | 55\u00a0minutes ago\n \n Description : Dify version 1.14.1 and prior contains an authorization bypass vulnerability that allows authen...", "creation_timestamp": "2026-05-18T16:56:44.810872Z"} 2026-05-18T16:56:44.810872+00:00 https://vulnerability.circl.lu/sighting/a12c28ee-58bc-4cd6-9c6b-4d7c96db3eeb/export a12c28ee-58bc-4cd6-9c6b-4d7c96db3eeb 2026-06-25T06:26:42.837629+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "a12c28ee-58bc-4cd6-9c6b-4d7c96db3eeb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41947", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116599714465595162", "content": "\ud83d\udea8 CRITICAL: CVE-2026-41947 in langgenius Dify \u22641.14.1 lets editor users bypass tenant checks, redirecting app messages to attacker LLMs. Free self-registration increases risk. Restrict editor roles & monitor configs. https://radar.offseq.com/threat/cve-2026-41947-authorization-bypass-through-user-c-da35e5dc #OffSeq #CVE202641947 #AppSec", "creation_timestamp": "2026-05-19T06:00:48.759805Z"} 2026-05-19T06:00:48.759805+00:00 https://vulnerability.circl.lu/sighting/55597ebc-db70-4ebf-97d9-2d90e37ae9a9/export 55597ebc-db70-4ebf-97d9-2d90e37ae9a9 2026-06-25T06:26:42.837520+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "55597ebc-db70-4ebf-97d9-2d90e37ae9a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41947", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mnuxvice4k2o", "content": "LLM\u30a2\u30d7\u30ea\u958b\u767a\u57fa\u76e4\u300cDify\u300d\u306b\u8907\u6570\u306e\u30af\u30ea\u30c6\u30a3\u30ab\u30eb\u8106\u5f31\u6027\n\n\u5927\u898f\u6a21\u8a00\u8a9e\u30e2\u30c7\u30eb\uff08LLM\uff09\u30a2\u30d7\u30ea\u958b\u767a\u30d7\u30e9\u30c3\u30c8\u30d5\u30a9\u30fc\u30e0\u300cDify\u300d\u306b\u60c5\u5831\u6f0f\u6d29\u3084\u8a2d\u5b9a\u306e\u6539\u3056\u3093\u306a\u3069\u8907\u6570\u306e\u8106\u5f31\u6027\u304c\u660e\u3089\u304b\u3068\u306a\u3063\u305f\u3002\n\n...\n\n\u300cCVE-2026-41948\u300d\u306f\u3001Plugin\u30c7\u30fc\u30e2\u30f3\u306e\u300cREST API\u300d\u306b\u304a\u3044\u3066\u8ee2\u9001\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u64cd\u4f5c\u3067\u304d\u308b\u30d1\u30b9\u30c8\u30e9\u30d0\u30fc\u30b5\u30eb\u306e\u8106\u5f31\u6027\u3002\u30c6\u30ca\u30f3\u30c8\u306eUUID\u3092\u628a\u63e1\u3057\u3066\u3044\u308b\u5834\u5408\u306b\u3001\u30bf\u30b9\u30af\u8b58\u5225\u5b50\u3084\u30d5\u30a1\u30a4\u30eb\u540d\u30d1\u30e9\u30e1\u30fc\u30bf\u3092\u7d30\u5de5\u3057\u3066\u5185\u90e8\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u3078\u30a2\u30af\u30bb\u30b9\u3055\u308c\u308b\u304a\u305d\u308c\u304c\u3042\u308b\u3002\n\n\u300cCVE-2026-41947\u300d\u306f\u3001\u7de8\u96c6\u8005\u6a29\u9650\u306b\u304a\u3051\u308b\u8a8d\u53ef\u30d0\u30a4\u30d1\u30b9\u306e\u8106\u5f31\u6027\u3002\u30c8\u30ec\u30fc\u30b9\u8a2d\u5b9a\u306e\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u306b\u304a\u3051\u308b\u30c6\u30ca\u30f3\u30c8\u6240...", "creation_timestamp": "2026-06-09T19:53:31.495496Z"} 2026-06-09T19:53:31.495496+00:00 https://vulnerability.circl.lu/sighting/e39c6255-f6bd-408e-8986-ad16d792ccaa/export e39c6255-f6bd-408e-8986-ad16d792ccaa 2026-06-25T06:26:42.836275+00:00 Automation user https://cve.circl.lu/user/automation {"uuid": "e39c6255-f6bd-408e-8986-ad16d792ccaa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41947", "type": "seen", "source": "https://bsky.app/profile/securitycyberuk.bsky.social/post/3motmqfv2my2n", "content": "\ud83d\udea8 ALERT: CVE-2026-41947\n\nCVSS 9.1/10\n\n\ud83d\udccb WHAT IT IS:\nDify before version 1.14.2 contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant ownership. Attackers can exploit missing tenant owners", "creation_timestamp": "2026-06-22T00:25:09.045512Z"} 2026-06-22T00:25:09.045512+00:00