📦 Devika

This vulnerability allows attackers to perform path traversal attacks via the snapshot_path parameter in Devika v1's API endpoint. By manipulating this parameter, attackers can access sensitive files ...

This vulnerability allows attackers to read sensitive local files through prompt injection in the Devika AI assistant. It affects systems running Devika with Google Gemini 1.0 Pro integration where sa...

A CORS misconfiguration in the stitionai/devika repository allows attackers to steal sensitive information like logs, browser sessions, and settings containing private API keys. This vulnerability als...

A Cross-Site Request Forgery (CSRF) vulnerability in the stitionai/devika application allows attackers to trick authenticated users into performing unauthorized actions like deleting projects or chang...

An unprotected WebSocket connection in stitionai/devika allows malicious websites to connect to the backend and issue commands as the authenticated user. This enables unauthorized command execution an...

A directory traversal vulnerability in the stitionai/devika repository allows attackers to download arbitrary PDF files from the system by manipulating the 'project_name' parameter in API requests. Th...

A stored cross-site scripting (XSS) vulnerability exists in DevikaAI software where improperly decoded user input allows attackers to inject malicious scripts. These scripts execute in victims' browse...

A stored Cross-Site Scripting (XSS) vulnerability in the stitionai/devika chat feature allows attackers to inject malicious JavaScript payloads that execute in users' browsers. This affects all versio...