Skip to main content

Devika

11 CVEs product

Monthly

CVE-2024-7790 MEDIUM POC This Month

A stored cross site scripting vulnerabilities exists in DevikaAI from commit 6acce21fb08c3d1123ef05df6a33912bf0ee77c2 onwards via improperly decoded user input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Devika
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-6331 MEDIUM POC This Month

stitionai/devika main branch as of commit cdfb782b0e634b773b10963c8034dc9207ba1f9f is vulnerable to Local File Read (LFI) by Prompt Injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Google Devika
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-40422 CRITICAL POC THREAT Act Now

The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path traversal attack. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Path Traversal Devika
NVD GitHub Exploit-DB
CVSS 3.1
9.1
EPSS
11.4%
CVE-2024-5549 HIGH POC PATCH This Week

A CORS misconfiguration in the stitionai/devika repository allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Devika
NVD GitHub
CVSS 3.0
8.1
EPSS
0.3%
CVE-2024-5711 MEDIUM POC PATCH This Month

A stored Cross-Site Scripting (XSS) vulnerability exists in the stitionai/devika chat feature, allowing attackers to inject malicious payloads into the chat input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Devika
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-5926 CRITICAL POC Act Now

A path traversal vulnerability in the get-project-files functionality of stitionai/devika allows attackers to read arbitrary files from the filesystem and cause a Denial of Service (DoS). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Denial Of Service Devika
NVD
CVSS 3.0
9.1
EPSS
0.9%
CVE-2024-5712 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) vulnerability was identified in the stitionai/devika application, affecting the latest version. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Devika
NVD
CVSS 3.0
8.1
EPSS
0.3%
CVE-2024-5820 HIGH POC This Week

An unprotected WebSocket connection in the latest version of stitionai/devika (commit ecee79f) allows a malicious website to connect to the backend and issue commands on behalf of the user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass SSRF Devika
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-5548 HIGH POC PATCH This Week

A directory traversal vulnerability exists in the stitionai/devika repository, specifically within the /api/download-project endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Path Traversal Devika
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2024-5547 HIGH POC PATCH This Week

A directory traversal vulnerability exists in the /api/download-project-pdf endpoint of the stitionai/devika repository, affecting the latest version. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Devika
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2024-5334 HIGH POC PATCH This Week

A local file read vulnerability exists in the stitionai/devika repository, affecting the latest version. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Devika
NVD GitHub
CVSS 3.0
7.5
EPSS
2.1%
EPSS 0% CVSS 5.4
MEDIUM POC This Month

A stored cross site scripting vulnerabilities exists in DevikaAI from commit 6acce21fb08c3d1123ef05df6a33912bf0ee77c2 onwards via improperly decoded user input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Devika
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

stitionai/devika main branch as of commit cdfb782b0e634b773b10963c8034dc9207ba1f9f is vulnerable to Local File Read (LFI) by Prompt Injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Google Devika
NVD
EPSS 11% CVSS 9.1
CRITICAL POC THREAT Act Now

The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path traversal attack. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Path Traversal Devika
NVD GitHub Exploit-DB
EPSS 0% CVSS 8.1
HIGH POC PATCH This Week

A CORS misconfiguration in the stitionai/devika repository allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from other. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Devika
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM POC PATCH This Month

A stored Cross-Site Scripting (XSS) vulnerability exists in the stitionai/devika chat feature, allowing attackers to inject malicious payloads into the chat input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Devika
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

A path traversal vulnerability in the get-project-files functionality of stitionai/devika allows attackers to read arbitrary files from the filesystem and cause a Denial of Service (DoS). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Denial Of Service Devika
NVD
EPSS 0% CVSS 8.1
HIGH POC This Week

A Cross-Site Request Forgery (CSRF) vulnerability was identified in the stitionai/devika application, affecting the latest version. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Devika
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

An unprotected WebSocket connection in the latest version of stitionai/devika (commit ecee79f) allows a malicious website to connect to the backend and issue commands on behalf of the user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass SSRF Devika
NVD
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

A directory traversal vulnerability exists in the stitionai/devika repository, specifically within the /api/download-project endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Path Traversal Devika
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

A directory traversal vulnerability exists in the /api/download-project-pdf endpoint of the stitionai/devika repository, affecting the latest version. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Devika
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

A local file read vulnerability exists in the stitionai/devika repository, affecting the latest version. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Devika
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy