All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Security Researcher Finds 16 Vulnerabilities in Lovable-Hosted App Exposing 18,000 Users' Data

By

nottorp

3mo ago· 5 min readenNews
Bagel score 92 of 100
92/100
Golden Brown
Bagelometer

Pure flour-power. Hearty enough to carry you through lunch.

Score92TypenewsSentimentnegative

Summary

A security researcher discovered 16 vulnerabilities, including 6 critical ones, in a Lovable-hosted application that exposed data of over 18,000 users. The app was featured on Lovable's Discover page with over 100,000 views and 400 upvotes. The incident raises questions about platform responsibility versus developer accountability for security issues, as Lovable reportedly places responsibility on users to address security warnings before publishing.

Key quotes

· 4 pulled
Taimur Khan, a tech entrepreneur with a background in software engineering, found 16 vulnerabilities – six of which he said were critical – in a single Lovable-hosted app that leaked more than 18,000 people's data.
He declined to name the app during the disclosure process, although it was hosted on Lovable's platform and showcased on its Discover page.
The app had more than 100,000 views and around 400 upvotes.
Who's to blame – the vibey platforms or the humans who ignore security warnings?
Snippet from the RSS feed
: Who's to blame – the vibey platforms or the humans who ignore security warnings?

You might also wanna read

Malicious Domain ghrc.io Impersonates GitHub Container Registry to Steal Credentials

A malicious domain ghrc.io is impersonating GitHub's legitimate container registry ghcr.io to steal GitHub credentials. The domain appears t

bmitch.net·9mo ago

Prompt Injection Attacks: The Top Security Threat Hijacking AI Chatbots

Prompt injection attacks are a critical security vulnerability in AI systems where hidden instructions within user data (like emails or docu

buff.ly·16h ago

Quantum computing's security threats demand urgent preparation from IT professionals

The article discusses the impending quantum computing revolution and its dual nature: promising transformative advances while simultaneously

zdnet.com·16h ago

CISA warns security teams of wave of attacks targeting software supply chain credentials

CISA has issued a warning urging security teams to check for software development compromises, specifically regarding a wave of attacks targ

cybersecuritydive.com·1d ago

Security Researchers Expose Weak Encryption in Canon Enterprise Printers

During a network security assessment, security researchers discovered that Canon enterprise printers configured with default administrator c

securityboulevard.com·1d ago

New browser-based side-channel attack uses SSD activity analysis to spy on users

Researchers have discovered a new browser-based side-channel attack that can spy on users by analyzing SSD (Solid State Drive) activity thro

arstechnica.com·1d ago