Recherche : [flaws] - Cyberveille

The hottest new vibe coding startup Lovable is a sitting duck for hackers https://www.semafor.com/article/05/29/2025/the-hottest-new-vibe-coding-startup-lovable-is-a-sitting-duck-for-hackers

02/06/2025 06:45:14

Lovable is accused of failing to fix security flaws that exposed information about users, a growing vulnerability as vibe coding’s popularity surges.

Lovable, the popular vibe coding app that describes itself as the fastest-growing company in Europe, has failed to fix a critical security flaw, despite being notified about it months ago, according to a new report by an employee at a competitor.

The service offered by Lovable, a Swedish startup that bills its product as “the last piece of software,” allows customers without any technical training to instantly create websites and apps using only natural language prompts.

The employee at AI coding assistant company Replit who wrote the report, reviewed by Semafor, says he and a colleague scanned 1,645 Lovable-created web apps that were featured on the company’s site. Of those, 170 allowed anyone to access information about the site’s users, including names, email addresses, financial information and secret API keys for AI services that would allow would-be hackers to run up charges billed to Lovable’s customers.

The vulnerability, which was made public on the National Vulnerabilities Database on Thursday, highlights a growing security problem as artificial intelligence allows anyone to become a software developer. Each new app or website created by novices is a potential sitting duck for hackers with automated tools that target everything connected to the internet. The advent of amateur vibe coding raises new questions about who is responsible for securing consumer products in an era where developers with zero security know-how can build them.

Multiple flaws in Fortinet FortiOS fixed https://securityaffairs.com/164494/security/fortios-high-severity-code-execution-flaws.html?amp

14/06/2024 08:13:37

Fortinet released security updates to address multiple vulnerabilities in FortiOS, including a high-severity code execution security issue.

Salt Labs research finds security flaws within ChatGPT Ecosystem (Remediated) https://salt.security/blog/security-flaws-within-chatgpt-extensions-allowed-access-to-accounts-on-third-party-websites-and-sensitive-data

14/03/2024 11:00:20

Salt Labs researchers identified generative AI ecosystems as a new interesting attack vector. vulnerabilities found during this research on ChatGPT ecosystem could have granted access to accounts of users, including GitHub repositories, including 0-click attacks.

Atlassian Releases Critical Software Fixes to Prevent Remote Code Execution https://thehackernews.com/2023/12/atlassian-releases-critical-software.html

06/12/2023 12:04:04

Atlassian has released software fixes to address four critical flaws in its software that could lead to remote code execution.

How China Demands Tech Firms Reveal Hackable Flaws in Their Products https://www.wired.com/story/china-vulnerability-disclosure-law/

07/09/2023 20:53:58

Some foreign companies may be complying—potentially offering China’s spies hints for hacking their customers.

Liens par page

Filtres