4 matches found
CVE-2025-58176
Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. In versions 0.9.0 through 0.9.3, there is a one-click Remote Code Execution vulnerability triggered through a custom url value, transport in the JSON object. An attacker can exploit the...
CVE-2025-58176
CVE-2025-58176 affects Dive (open-source MCP Host Desktop Application). Vulnerable versions: 0.9.0–0.9.3. A one-click Remote Code Execution vulnerability arises from improper handling of a custom URL value, transport, within a JSON object. An attacker can trigger code execution when a victim visi...
QuickJS 安全漏洞
QuickJS is a small and embeddable Javascript engine open-sourced by QuickJS. A security vulnerability exists in QuickJS 0.9.0 and earlier versions, which stems from a lack of length checking in JSReadString, and may result in a heap buffer overflow...
PT-2022-8728 · Is.Js · Is.Js
Name of the Vulnerable Software and Affected Versions: is.js versions 0.9.0 and prior Description: is.js is a general-purpose check library that contains one or more regular expressions vulnerable to Regular Expression Denial of Service ReDoS. The library uses a regex to validate URLs, which can...