CVE-2025-66580 Dive has Cross-Site Scripting vulnerability that can escalate to Remote Code Execution

Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. A critical Stored Cross-Site Scripting XSS vulnerability exists in versions prior to 0.11.1 in the Mermaid diagram rendering component. The application allows the execution of arbitrary...

Dive 安全漏洞

Dive is an OpenAgentPlatform open source MCP hosted desktop application. A security vulnerability exists in Dive 0.9.3 and earlier versions that stems from improper handling of custom URLs and could lead to remote code execution...