78 matches found
CVE-2025-58176
Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. In versions 0.9.0 through 0.9.3, there is a one-click Remote Code Execution vulnerability triggered through a custom url value, transport in the JSON object. An attacker can exploit the...
CVE-2025-58176 Dive's improper processing of custom urls can lead to Remote Code Execution
Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. In versions 0.9.0 through 0.9.3, there is a one-click Remote Code Execution vulnerability triggered through a custom url value, transport in the JSON object. An attacker can exploit the...
CVE-2025-58176 Dive's improper processing of custom urls can lead to Remote Code Execution
Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. In versions 0.9.0 through 0.9.3, there is a one-click Remote Code Execution vulnerability triggered through a custom url value, transport in the JSON object. An attacker can exploit the...
CVE-2025-58176 Dive's improper processing of custom urls can lead to Remote Code Execution
Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. In versions 0.9.0 through 0.9.3, there is a one-click Remote Code Execution vulnerability triggered through a custom url value, transport in the JSON object. An attacker can exploit the...
Dive 安全漏洞
Dive is an OpenAgentPlatform open source MCP hosted desktop application. A security vulnerability exists in Dive 0.9.3 and earlier versions that stems from improper handling of custom URLs and could lead to remote code execution...
PT-2025-35657
Name of the Vulnerable Software and Affected Versions Dive versions 0.9.0 through 0.9.3 Description Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. Versions 0.9.0 through 0.9.3 contain a Remote Code Execution RCE vulnerability triggered by ...
GHSA-J5PM-7495-QMR3 vulnerabilities
Vulnerabilities for packages: consul-fips, memcached-exporter, k9s-fips, cortex-fips, kubescape-operator-fips, newrelic-nri-kube-events, kubecolor, aactl, gatekeeper-fips, telegraf, eck-operator, caddy-fips, conftest, datadog-agent-fips, local-path-provisioner-fips, apko,...
CVE-2020-14205
The DiveBook plugin 1.1.4 for WordPress is prone to improper access control in the Log Dive form because it fails to perform authorization checks. An attacker may leverage this issue to manipulate the integrity of dive logs...
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: secrets-store-csi-driver-provider-aws, kubernetes-event-exporter, pombump, prometheus-alertmanager, regclient, yq, grafana-operator, golangci-lint, vault-k8s, bom, kyverno-policy-reporter, http-echo, kube-rbac-proxy, flannel-cni-plugin, mage, php-fpmexporter, kaf,...
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: secrets-store-csi-driver-provider-aws, kubernetes-event-exporter, pombump, prometheus-alertmanager, regclient, yq, grafana-operator, golangci-lint, vault-k8s, bom, kyverno-policy-reporter, http-echo, kube-rbac-proxy, flannel-cni-plugin, mage, php-fpmexporter, kaf,...
CISA: Chemical Facility Anti-Terrorism Standards (CFATS) Deep Dive
System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...
Unmasking Prometei: A Deep Dive Into Our MXDR Findings
How does Prometei insidiously operate in a compromised system? This Managed Extended Detection and Response investigation conducted with the help of Trend Vision One provides a comprehensive analysis of the inner workings of this botnet so users can stop the threat in its tracks before it inflict...
GHSA-99PG-GRM5-QQ3V vulnerabilities
Vulnerabilities for packages: dive...
GHSA-99PG-GRM5-QQ3V vulnerabilities
Vulnerabilities for packages: dive...
Exploit for Path Traversal in Wso2 Api_Manager
CVE-2022-29464 A preauth arbitrary file upload that leads t...
acme-dns-rust (>=1.0.0 <=1.0.6), asfa (>=0.1.0 <=0.5.2) +72 more potentially affected by unknown CVE via whoami (>=0.5.3 <=1.2.3)
whoami CARGO version =0.5.3, =1.0.0, =0.1.0, =3.0.0, =0.60.0, =0.60.0, =0.1.0, =0.27.0, =0.1.0, =0.1.0, =0.1.0, =0.3.0, =0.2.1, =0.0.0, =0.0.1, =0.1.0, =0.3.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-W5W5-8VFH-XCJQ...
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: secrets-store-csi-driver-provider-aws, kubernetes-event-exporter, pombump, prometheus-alertmanager, regclient, yq, grafana-operator, golangci-lint, vault-k8s, bom, kyverno-policy-reporter, http-echo, kube-rbac-proxy, flannel-cni-plugin, mage, php-fpmexporter, kaf,...
thailanddiveexpo.com Cross Site Scripting vulnerability OBB-3849600
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2023-41772
creationtimestamp| type| source ---|---|--- 2023-12-20 11:00:39+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/9620 2023-12-21 07:50:20+00:00| published-proof-of-concept| https://t.me/CNArsenal/1733 2023-12-21 13:21:00+00:00| exploited| https://t.me/LearnExploit/5792...
dive-the-world.com Cross Site Scripting vulnerability OBB-3787489
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...