dyad (=0.1.1), dyad-app (>=0.1.0 <=0.1.2) potentially affected by CVE-2026-33054 via mesop (=1.0.0rc1)

mesop PYPI version =1.0.0rc1 is affected by a known vulnerability. The following packages have a transitive dependency on mesop and may be impacted: - dyad =0.1.1 - dyad-app =0.1.0, =0.1.2 Source cves: CVE-2026-33054 Source advisory: SNYK:PYTHON-MESOP-15703509...

CVE-2025-58766

Dyad is a local AI app builder. A critical security vulnerability has been discovered that affected Dyad v0.19.0 and earlier versions that allows attackers to execute arbitrary code on users' systems. The vulnerability affects the application's preview window functionality and can bypass Docker...

CVE-2025-58766

Dyad is a local AI app builder. A critical security vulnerability has been discovered that affected Dyad v0.19.0 and earlier versions that allows attackers to execute arbitrary code on users' systems. The vulnerability affects the application's preview window functionality and can bypass Docker...

CVE-2025-58766 Dyad Vulnerable to Remote Code Execution via Top-level Navigation in Preview Window

Dyad is a local AI app builder. A critical security vulnerability has been discovered that affected Dyad v0.19.0 and earlier versions that allows attackers to execute arbitrary code on users' systems. The vulnerability affects the application's preview window functionality and can bypass Docker...

CVE-2025-58766

Dyad CVE-2025-58766 affects Dyad

CVE-2025-58766 Dyad Vulnerable to Remote Code Execution via Top-level Navigation in Preview Window

Dyad is a local AI app builder. A critical security vulnerability has been discovered that affected Dyad v0.19.0 and earlier versions that allows attackers to execute arbitrary code on users' systems. The vulnerability affects the application's preview window functionality and can bypass Docker...

CVE-2025-58766 Dyad Vulnerable to Remote Code Execution via Top-level Navigation in Preview Window

Dyad is a local AI app builder. A critical security vulnerability has been discovered that affected Dyad v0.19.0 and earlier versions that allows attackers to execute arbitrary code on users' systems. The vulnerability affects the application's preview window functionality and can bypass Docker...

PT-2025-38242

Name of the Vulnerable Software and Affected Versions: Dyad versions prior to 0.20.0 Description: Dyad is a local AI app builder susceptible to arbitrary code execution on users' systems. The issue affects the application’s preview window functionality and can bypass Docker container protections...

Dyad 代码注入漏洞

Dyad is an AI application builder open-sourced by Dyad. A code injection vulnerability exists in Dyad 0.19.0 and earlier versions, which stems from the Preview Window feature that can bypass Docker container protection and could lead to the execution of arbitrary code...

Ubuntu 4.10 / 5.04 / 5.10 : perl vulnerability (USN-222-1)

Jack Louis of Dyad Security discovered that Perl did not sufficiently check the explicit length argument in format strings. Specially crafted format strings with overly large length arguments led to a crash of the Perl interpreter or even to execution of arbitrary attacker-defined code with the...

USN-222-2: Perl vulnerability

USN-222-1 fixed a vulnerability in the Perl interpreter. It was discovered that the version of USN-222-1 was not sufficient to handle all possible cases of malformed input that could lead to arbitrary code execution, so another update is necessary. Original advisory: Jack Louis of Dyad Security...

[Full-disclosure] Webmin miniserv.pl format string vulnerability

SUMMARY. The webmin miniserv.pl' web server component is vulnerable to a new class of exploitable remote code perl format string vulnerabilities. During the login process it is possible to trigger this vulnerability via a crafted username parameter containing format string data. In the observed...

perl, webmin, usermin -- perl format string integer wrap vulnerability

The Perl Development page reports: Dyad Security recently released a security advisory explaining how in certain cases, a carefully crafted format string passed to sprintf can cause a buffer overflow. This buffer overflow can then be used by an attacker to execute code on the machine. This was...