3 matches found
CVE-2025-66580 Dive has Cross-Site Scripting vulnerability that can escalate to Remote Code Execution
Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. A critical Stored Cross-Site Scripting XSS vulnerability exists in versions prior to 0.11.1 in the Mermaid diagram rendering component. The application allows the execution of arbitrary...
MAL-2023-628 Malicious code in node-click (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cc037aa55af871fbf0902d3179c70ecb52bcf5c7312f18ed10412a5e831cd026 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in node-click (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cc037aa55af871fbf0902d3179c70ecb52bcf5c7312f18ed10412a5e831cd026 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...