Every CVE whose affected-product data names Stitionai Devika, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2024-40422 — CVSS 9.1 (critical): The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path traversal attack. An…
CVE-2024-5926 — CVSS 9.1 (critical): A path traversal vulnerability in the get-project-files functionality of stitionai/devika allows attackers to read arbitrary files from the…
CVE-2024-5820 — CVSS 8.8 (high): An unprotected WebSocket connection in the latest version of stitionai/devika (commit ecee79f) allows a malicious website to connect to the…
CVE-2024-5549 — CVSS 8.1 (high): A CORS misconfiguration in the stitionai/devika repository allows attackers to steal sensitive information such as logs, browser sessions…
CVE-2024-5712 — CVSS 8.1 (high): A Cross-Site Request Forgery (CSRF) vulnerability was identified in the stitionai/devika application, affecting the latest version. This…
CVE-2024-5548 — CVSS 7.5 (high): A directory traversal vulnerability exists in the stitionai/devika repository, specifically within the /api/download-project endpoint…
CVE-2024-5334 — CVSS 7.5 (high): A local file read vulnerability exists in the stitionai/devika repository, affecting the latest version. The vulnerability is due to…
CVE-2024-5547 — CVSS 7.5 (high): A directory traversal vulnerability exists in the /api/download-project-pdf endpoint of the stitionai/devika repository, affecting the…
CVE-2024-6331 — CVSS 7.5 (high): stitionai/devika main branch as of commit cdfb782b0e634b773b10963c8034dc9207ba1f9f is vulnerable to Local File Read (LFI) by Prompt…
CVE-2024-7790 — CVSS 6.5 (medium): A stored cross site scripting vulnerabilities exists in DevikaAI from commit 6acce21fb08c3d1123ef05df6a33912bf0ee77c2 onwards via…
CVE-2024-5711 — CVSS 6.1 (medium): A stored Cross-Site Scripting (XSS) vulnerability exists in the stitionai/devika chat feature, allowing attackers to inject malicious…