Breaking 17:20 Amazon animals share predator alerts through a forest wide communication network 17:00 Saudi oil exports hit multi year high ahead of gulf supply disruption 16:40 Openai expands enterprise push as cognizant joins codex rollout partners 16:20 Lovable denies breach after api flaw exposed user project data 16:00 Volkswagen unveils agentic ai roadmap to accelerate china strategy 15:40 Catl unveils ev battery charging to 80 percent in under four minutes 15:20 Banks urge buying gold dips as volatility tests investor confidence 15:00 Countries roll out emergency measures as iran war fuels energy crisis 14:40 Grimes announces psy opera album featuring lyrics co written by ai 14:20 Homer iliad papyrus found inside egyptian mummy in rare discovery 13:50 Asia pacific stocks hit records on ai chip demand and iran talks hopes 13:20 Asian crude imports fall as hormuz disruption nears eighth week 12:45 Rtx raises profit and revenue outlook on strong weapons demand 12:30 Germany maintains opposition to suspension of EU–Israel agreement 12:20 IEA chief warns Iran war has triggered worst energy crisis in history 12:15 Nigeria charges six suspects over foiled 2025 coup attempt 12:00 Boots owners hire consultants for overhaul ahead of possible London ipo in 2027 12:00 Neura robotics partners with aws to scale cognitive robots globally 11:45 Indonesia approves historic law for 4.2 million domestic workers 11:40 Google builds four partner chip supply chain to rival Nvidia 11:30 US stock futures climb as AI optimism tempers Middle East concerns 11:20 Netanyahu condemns soldier over destruction of Jesus statue in Lebanon 11:15 Around 7,900 migrants dead or missing on migration routes in 2025 11:00 Curiosity rover finds organic molecules tied to life’s origins on Mars 11:00 UK regulator investigates Telegram over child safety concerns 10:45 Over 75,000 AI-generated tracks are uploaded daily on Deezer 10:40 Apple names john ternus as ceo to succeed tim cook 10:30 Marseille: Health Minister supports pilot “drug consumption room” initiative 10:29 Asian airlines see surge in europe demand as gulf hubs remain disrupted 10:15 FBI Director Kash Patel files defamation lawsuit against The Atlantic 10:00 Severstal reports an almost 100% plunge in first-quarter net profit 10:00 Solar leads global energy growth for first time, IEA reports 09:45 Exclusive: US firm in key Congo minerals deal overstated mining experience, documents and sources show 09:40 Japan lifts postwar ban on lethal weapons exports 09:30 BHP targets large-scale copper exploration in Zambia as global demand rises 09:20 Iran war drives global battery storage surge in 2026 09:15 Tank explosion kills three soldiers during military exercise in Japan 09:01 Swiss regulator says UBS crisis preparedness plan still needs improvement 09:00 Moonshot releases kimi k2.6 to challenge leading us ai models 08:45 Changan sets ambitious goal to join world’s top 10 automakers by 2030 08:40 GitHub halts Copilot subscriptions as AI coding costs surge 08:30 Spain’s antitrust authority clears BP, Moeve and Repsol of competition breaches 08:20 Fungus from NASA clean rooms survives simulated Mars journey conditions 08:15 Swedish supreme court acquits former Swedbank CEO in money laundering case 08:00 Theodora and Hamza lead nominations at Les Flammes music awards 07:50 Mit study identifies molecules that let gut neurons detect bacteria 07:45 School safety concerns rise in France as hundreds of weapons seized near campuses 07:30 Associated British Foods plans Primark spin-off to boost shareholder value 07:15 Lidl enters the pub business with new concept in Northern Ireland 07:02 Hiring intentions in France fall by 6.5% in 2026 amid economic slowdown

Lovable denies breach after api flaw exposed user project data

16:20
By: Dakir Madiha
Lovable denies breach after api flaw exposed user project data

Lovable is facing scrutiny after a security researcher revealed that a simple API vulnerability allowed unauthorized access to sensitive data across thousands of user projects. The company has denied that a data breach occurred, even as details of the flaw raised concerns about access controls and platform security.

The vulnerability, disclosed by a researcher known as @weezerOSINT, affected projects created before November 2025. It was identified as a broken object level authorization flaw, in which the system failed to verify whether a user had permission to access specific resources. According to the researcher, only five API calls from a free account were required to retrieve complete project data belonging to other users, including source code, database credentials, AI conversation histories, and customer information.

The issue was initially reported on March 3 through HackerOne, but the report was classified as a duplicate and closed without escalation to Lovable’s internal security team. Reviewers reportedly considered the behavior consistent with existing platform design, where some project elements had historically been accessible. The vulnerability remained unaddressed for 48 days before being publicly disclosed.

Lovable’s response evolved over the course of Monday. The company first stated that no data breach had occurred and attributed the exposure to unclear documentation around what constituted a “public” project. It later acknowledged that a backend change introduced in February had unintentionally restored access to project conversation histories, a feature that had previously been restricted. The company said it reversed the change immediately after becoming aware of the issue.

The startup, which reports a valuation of 6.6 billion dollars and lists companies such as Uber and Zendesk among its users, maintained that it had not been notified earlier because the bug report was not forwarded. It added that public project conversations are no longer accessible and that steps have been taken to prevent similar exposures.

The incident follows a pattern of security concerns linked to AI generated applications on the platform. Earlier in 2026, researcher Taimur Khan found that a significant number of featured apps contained critical vulnerabilities, including one case that exposed data from more than 18,000 users. The root cause was traced to missing row level security policies in databases, a recurring weakness in AI generated code that functions correctly but lacks proper access controls.

The latest disclosure has intensified debate حول the security of so called “vibe coding” platforms, which allow users to build applications through natural language prompts. Experts warn that while such tools accelerate development, they can also introduce systemic risks if generated code is not rigorously audited. The Lovable case highlights how design assumptions and overlooked authorization checks can expose large volumes of sensitive data at scale.

Keywords:



Latest News
  • Fajr
  • Sunrise
  • Dhuhr
  • Asr
  • Maghrib
  • Isha

Newsletter

Subscribe now to the Walaw website newsletter to receive all the latest updates

Email address

Read more

Fossid unveils real time compliance tool for ai generated code Technology Fossid unveils real time compliance tool for ai generated code

This website, walaw.press, uses cookies to provide you with a good browsing experience and to continuously improve our services. By continuing to browse this site, you agree to the use of these cookies.