Browse all 14 CVE security advisories affecting dfactory. AI-powered Chinese analysis, POCs, and references for each vulnerability.
dFactory is a software development platform focused on application lifecycle management and DevOps automation. Historically, it has been associated with multiple critical vulnerabilities including remote code execution, cross-site scripting, and privilege escalation flaws. The platform's complex architecture and extensive plugin ecosystem have contributed to security challenges, with 14 CVEs documented to date. Notable incidents include authentication bypass vulnerabilities in API endpoints and insecure default configurations that exposed sensitive data. These issues often stem from insufficient input validation and improper access controls, highlighting ongoing security concerns in enterprise environments relying on dFactory for continuous integration and deployment processes.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-2479 | Responsive Lightbox & Gallery <= 2.7.1 - Authenticated (Author+) Server-Side Request Forgery via Remote Library Image Upload — Responsive Lightbox & GalleryCWE-918 | 5.0 | Medium | 2026-02-25 |
| CVE-2025-12359 | Responsive Lightbox & Gallery <= 2.5.3 - Authenticated (Author+) Server-Side Request Forgery — Responsive Lightbox & GalleryCWE-918 | 5.4 | Medium | 2025-11-19 |
| CVE-2024-6870 | Responsive Lightbox & Gallery <= 2.4.7 - Authenticated (Author+) Stored Cross-Site Scripting via File Upload — Responsive Lightbox & GalleryCWE-79 | 6.4 | Medium | 2024-08-22 |
| CVE-2023-49174 | WordPress Responsive Lightbox Plugin <= 2.4.5 is vulnerable to Cross Site Scripting (XSS) — Responsive Lightbox & GalleryCWE-79 | 5.9 | Medium | 2023-12-15 |
This page lists every published CVE security advisory associated with dfactory. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.