Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
OpenagentplatformDive

3 matches found

CVE
CVEadded 2025/09/03 3:52 a.m.19 views

CVE-2025-58176

CVE-2025-58176 affects Dive (open-source MCP Host Desktop Application). Vulnerable versions: 0.9.0–0.9.3. A one-click Remote Code Execution vulnerability arises from improper handling of a custom URL value, transport, within a JSON object. An attacker can trigger code execution when a victim visi...

8.8CVSS7.6AI score0.07702EPSS
CVE
CVEadded 2026/01/16 4:29 p.m.13 views

CVE-2026-23523

Dive (MCP Host Desktop Application) prior to version 0.13.0 is affected. A crafted deeplink can install an attacker-controlled MCP server configuration without sufficient user confirmation, leading to arbitrary local command execution on the victim’s machine. This vulnerability is fixed in 0.13.0...

9.6CVSS6.6AI score0.06299EPSS
CVE
CVEadded 2025/12/19 4:37 p.m.12 views

CVE-2025-66580

CVE-2025-66580 affects the Dive open-source MCP Host Desktop Application. Versions prior to 0.11.1 contain a critical Stored Cross-Site Scripting (XSS) vulnerability in the Mermaid diagram rendering component that allows execution of arbitrary JavaScript via the javascript: URI. An attacker could...

9.6CVSS5.7AI score0.00478EPSS