Breaking 18:55 Mohammed VI Football Academy strengthens Morocco’s long-term rise as a global football powerhouse 18:48 Frankfurt police foil alleged contract killing plot, five young suspects detained 18:42 Uniqlo France faces nationwide strike call as Union cites worsening working conditions 17:32 Airbus boosts first-half aircraft deliveries by 15%, keeping annual targets within reach 17:15 Mistral AI unveils first robotics model to accelerate industrial automation strategy 17:00 Greenland rejects Trump's renewed bid for control of Arctic territory 16:45 Trump to fly legacy Air Force One to UK as newly refurbished aircraft makes separate visit 16:30 Tangier Med strengthens maritime security with advanced U.S. X-ray cargo scanners 16:15 Sign language takes center stage at Avignon Festival in powerful theatrical statement 16:00 Czech Republic declines to join €70 billion NATO military aid package for Ukraine 15:45 Venezuela launches new oil and gas reform framework to attract investment 15:30 South Korean bank manager fired after replacing stolen cash with fake banknotes 15:15 IMF lowers global growth forecast again as Middle East tensions weigh on outlook 15:00 Apple signs more than $30 billion semiconductor deal with Broadcom through 2031 14:45 Paris apartment building fire near Les Invalides brought under control with no casualties 14:30 Jailed Istanbul mayor Ekrem Imamoglu removed from courtroom as corruption trial resumes 14:15 Trump seeks to block release of $5.8 million Carroll judgment pending Supreme Court appeal 14:00 SAS CEO Anko van der Werff to join Air Canada as chief executive in 2027 13:45 Tchubi teases ambitious new album while embracing live jazz influences at Jazzablanca 2026 13:30 Africa faces mounting development funding challenge as global aid drops sharply 13:15 Morocco expands global digital and AI partnerships at UN forum in Geneva 13:00 Morocco rejects fake statements falsely attributed to Education Minister Mohamed Saad Berrada 12:45 Hegseth to discuss potential F-35 sale to Turkey during Israel talks 12:30 Black Sea NATO members strengthen mine operations to safeguard critical infrastructure 12:15 Young volunteer firefighter killed while battling forest fire in France’s Savoie region 12:00 Hungary’s budget overhaul becomes first major test for Prime Minister Peter Magyar 11:45 Trump declares Iran interim agreement over as tensions escalate again 11:30 Tanzania strengthens foreign reserves with 28-ton gold acquisition 11:22 Climate change could weaken Italy’s growth outlook and increase debt pressures by 2050 11:15 Daimler Truck reports 8% rise in second-quarter vehicle sales on North American recovery 11:00 EU court rejects Ryanair challenge to Italy's COVID-19 airline support scheme 10:58 Meloni’s party proposes faster deportation rules for convicted foreign offenders in Italy 10:51 Deutsche Bank expands Saudi presence with new Riyadh regional headquarters licence 10:45 SambaNova reaches $11 billion valuation after securing $1 billion AI funding 10:45 Attijariwafa bank showcases AI-driven banking innovation at sixth Wenov Demo Day 10:41 Erdogan calls for removal of NATO defence barriers as Turkey seeks deeper industry role 10:30 Mexican national killed during ICE operation in Texas, U.S. authorities say 10:25 Search operations intensify after cargo plane disappears near Karachi coast 10:21 Sanofi faces EU scrutiny as Brussels reviews proposed competition remedies 10:15 French lawmaker proposes cost-price healthy food basket to improve access to nutritious products 10:00 India weighs tougher cryptocurrency restrictions as central bank renews call for ban 09:57 French competition authority orders Meta to resume fair talks with news publishers 09:45 Marine Le Pen expected to begin 2027 presidential campaign without electronic monitoring, prosecutor says 09:30 OpenAI expands public access to GPT-5.6 as next-generation AI model rolls out globally 09:15 UniCredit secures 17.6% stake in Commerzbank following takeover bid 09:00 Cambodia prepares for tiger reintroduction as conservation plan sparks local concern 08:45 Michelin Guide unveils first vineyard awards with new grape rating system 08:39 Chile-Morocco: The chilean parliamentary friendship group reaffirms support for the autonomy plan 08:30 Severe floods force evacuation of 130,000 people in southern China after Typhoon Maysak 08:15 Netflix expands into short-form video through partnerships with major media publishers 08:00 Thousands join funeral procession for Ayatollah Ali Khamenei as cortege enters Iraq 07:45 Russia deploys Starlink jamming systems to counter Ukraine's expanding drone operations 07:30 UK regulator fines Virgin Media £28 million over barriers to customer cancellations 07:15 Consumer group warns of unsafe sunscreen products sold on major online marketplaces 07:06 Taiwan warns China's growing pressure could reshape status quo in Taiwan Strait

Lovable denies breach after api flaw exposed user project data

Tuesday 21 April 2026 - 16:20
By: Dakir Madiha
Lovable denies breach after api flaw exposed user project data

Lovable is facing scrutiny after a security researcher revealed that a simple API vulnerability allowed unauthorized access to sensitive data across thousands of user projects. The company has denied that a data breach occurred, even as details of the flaw raised concerns about access controls and platform security.

The vulnerability, disclosed by a researcher known as @weezerOSINT, affected projects created before November 2025. It was identified as a broken object level authorization flaw, in which the system failed to verify whether a user had permission to access specific resources. According to the researcher, only five API calls from a free account were required to retrieve complete project data belonging to other users, including source code, database credentials, AI conversation histories, and customer information.

The issue was initially reported on March 3 through HackerOne, but the report was classified as a duplicate and closed without escalation to Lovable’s internal security team. Reviewers reportedly considered the behavior consistent with existing platform design, where some project elements had historically been accessible. The vulnerability remained unaddressed for 48 days before being publicly disclosed.

Lovable’s response evolved over the course of Monday. The company first stated that no data breach had occurred and attributed the exposure to unclear documentation around what constituted a “public” project. It later acknowledged that a backend change introduced in February had unintentionally restored access to project conversation histories, a feature that had previously been restricted. The company said it reversed the change immediately after becoming aware of the issue.

The startup, which reports a valuation of 6.6 billion dollars and lists companies such as Uber and Zendesk among its users, maintained that it had not been notified earlier because the bug report was not forwarded. It added that public project conversations are no longer accessible and that steps have been taken to prevent similar exposures.

The incident follows a pattern of security concerns linked to AI generated applications on the platform. Earlier in 2026, researcher Taimur Khan found that a significant number of featured apps contained critical vulnerabilities, including one case that exposed data from more than 18,000 users. The root cause was traced to missing row level security policies in databases, a recurring weakness in AI generated code that functions correctly but lacks proper access controls.

The latest disclosure has intensified debate حول the security of so called “vibe coding” platforms, which allow users to build applications through natural language prompts. Experts warn that while such tools accelerate development, they can also introduce systemic risks if generated code is not rigorously audited. The Lovable case highlights how design assumptions and overlooked authorization checks can expose large volumes of sensitive data at scale.


  • Fajr
  • Sunrise
  • Dhuhr
  • Asr
  • Maghrib
  • Isha

Read more

This website, walaw.press, uses cookies to provide you with a good browsing experience and to continuously improve our services. By continuing to browse this site, you agree to the use of these cookies.