Lucene search
K

78 matches found

NVD
NVD
added 2025/09/03 4:16 a.m.6 views

CVE-2025-58176

Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. In versions 0.9.0 through 0.9.3, there is a one-click Remote Code Execution vulnerability triggered through a custom url value, transport in the JSON object. An attacker can exploit the...

8.8CVSS0.07702EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/09/03 3:52 a.m.2 views

CVE-2025-58176 Dive's improper processing of custom urls can lead to Remote Code Execution

Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. In versions 0.9.0 through 0.9.3, there is a one-click Remote Code Execution vulnerability triggered through a custom url value, transport in the JSON object. An attacker can exploit the...

8.8CVSS7.6AI score0.07702EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/09/03 3:52 a.m.8 views

CVE-2025-58176 Dive's improper processing of custom urls can lead to Remote Code Execution

Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. In versions 0.9.0 through 0.9.3, there is a one-click Remote Code Execution vulnerability triggered through a custom url value, transport in the JSON object. An attacker can exploit the...

8.8CVSS0.07702EPSS
Exploits1References2
OSV
OSV
added 2025/09/03 3:52 a.m.5 views

CVE-2025-58176 Dive's improper processing of custom urls can lead to Remote Code Execution

Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. In versions 0.9.0 through 0.9.3, there is a one-click Remote Code Execution vulnerability triggered through a custom url value, transport in the JSON object. An attacker can exploit the...

8.8CVSS8AI score0.07702EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/09/03 12:0 a.m.3 views

Dive 安全漏洞

Dive is an OpenAgentPlatform open source MCP hosted desktop application. A security vulnerability exists in Dive 0.9.3 and earlier versions that stems from improper handling of custom URLs and could lead to remote code execution...

8.8CVSS7.6AI score0.07702EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/09/03 12:0 a.m.6 views

PT-2025-35657

Name of the Vulnerable Software and Affected Versions Dive versions 0.9.0 through 0.9.3 Description Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. Versions 0.9.0 through 0.9.3 contain a Remote Code Execution RCE vulnerability triggered by ...

8.8CVSS7.5AI score0.07702EPSS
Exploits1References12
Chainguard
Chainguard
added 2025/08/09 1:17 p.m.9 views

GHSA-J5PM-7495-QMR3 vulnerabilities

Vulnerabilities for packages: consul-fips, memcached-exporter, k9s-fips, cortex-fips, kubescape-operator-fips, newrelic-nri-kube-events, kubecolor, aactl, gatekeeper-fips, telegraf, eck-operator, caddy-fips, conftest, datadog-agent-fips, local-path-provisioner-fips, apko,...

6.1AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:47 p.m.11 views

CVE-2020-14205

The DiveBook plugin 1.1.4 for WordPress is prone to improper access control in the Log Dive form because it fails to perform authorization checks. An attacker may leverage this issue to manipulate the integrity of dive logs...

5.3CVSS6.9AI score0.01139EPSS
Exploits1
Wolfi
Wolfi
added 2025/02/25 3:16 p.m.63 views

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: secrets-store-csi-driver-provider-aws, kubernetes-event-exporter, pombump, prometheus-alertmanager, regclient, yq, grafana-operator, golangci-lint, vault-k8s, bom, kyverno-policy-reporter, http-echo, kube-rbac-proxy, flannel-cni-plugin, mage, php-fpmexporter, kaf,...

6.1AI score
Exploits0
Wolfi
Wolfi
added 2025/02/25 3:16 p.m.53 views

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: secrets-store-csi-driver-provider-aws, kubernetes-event-exporter, pombump, prometheus-alertmanager, regclient, yq, grafana-operator, golangci-lint, vault-k8s, bom, kyverno-policy-reporter, http-echo, kube-rbac-proxy, flannel-cni-plugin, mage, php-fpmexporter, kaf,...

6.1AI score
Exploits0
Packet Storm
Packet Storm
added 2025/01/12 12:0 a.m.113 views

CISA: Chemical Facility Anti-Terrorism Standards (CFATS) Deep Dive

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

7.4AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2024/10/23 12:0 a.m.18 views

Unmasking Prometei: A Deep Dive Into Our MXDR Findings

How does Prometei insidiously operate in a compromised system? This Managed Extended Detection and Response investigation conducted with the help of Trend Vision One provides a comprehensive analysis of the inner workings of this botnet so users can stop the threat in its tracks before it inflict...

7.2AI score
Exploits0
Wolfi
Wolfi
added 2024/06/10 6:38 p.m.116 views

GHSA-99PG-GRM5-QQ3V vulnerabilities

Vulnerabilities for packages: dive...

7.5AI score
Exploits0
Chainguard
Chainguard
added 2024/06/10 6:38 p.m.3 views

GHSA-99PG-GRM5-QQ3V vulnerabilities

Vulnerabilities for packages: dive...

7.3AI score
Exploits0
GithubExploit
GithubExploit
added 2024/06/07 10:17 p.m.550 views

Exploit for Path Traversal in Wso2 Api_Manager

CVE-2022-29464 A preauth arbitrary file upload that leads t...

10CVSS9.8AI score0.99999EPSS
Exploits22
vulnersOsv
vulnersOsv
added 2024/04/05 3:39 p.m.10 views

acme-dns-rust (>=1.0.0 <=1.0.6), asfa (>=0.1.0 <=0.5.2) +72 more potentially affected by unknown CVE via whoami (>=0.5.3 <=1.2.3)

whoami CARGO version =0.5.3, =1.0.0, =0.1.0, =3.0.0, =0.60.0, =0.60.0, =0.1.0, =0.27.0, =0.1.0, =0.1.0, =0.1.0, =0.3.0, =0.2.1, =0.0.0, =0.0.1, =0.1.0, =0.3.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-W5W5-8VFH-XCJQ...

5.8AI score
Exploits0
Wolfi
Wolfi
added 2024/03/05 11:15 p.m.571 views

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: secrets-store-csi-driver-provider-aws, kubernetes-event-exporter, pombump, prometheus-alertmanager, regclient, yq, grafana-operator, golangci-lint, vault-k8s, bom, kyverno-policy-reporter, http-echo, kube-rbac-proxy, flannel-cni-plugin, mage, php-fpmexporter, kaf,...

4.3CVSS6.7AI score0.0108EPSS
Exploits0
Openbugbounty
Openbugbounty
added 2024/02/06 1:43 p.m.3 views

thailanddiveexpo.com Cross Site Scripting vulnerability OBB-3849600

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Circl
Circl
added 2023/12/20 11:0 a.m.4 views

CVE-2023-41772

creationtimestamp| type| source ---|---|--- 2023-12-20 11:00:39+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/9620 2023-12-21 07:50:20+00:00| published-proof-of-concept| https://t.me/CNArsenal/1733 2023-12-21 13:21:00+00:00| exploited| https://t.me/LearnExploit/5792...

7.8CVSS7.2AI score0.1185EPSS
Exploits1References8
Openbugbounty
Openbugbounty
added 2023/11/20 5:15 a.m.10 views

dive-the-world.com Cross Site Scripting vulnerability OBB-3787489

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.3AI score
Exploits0
Rows per page
Query Builder