Security Researcher Finds 16 Vulnerabilities in Lovable-Showcased EdTech App

The post describes a security researcher discovering 16 vulnerabilities in an EdTech app featured by Lovable, a $6.6 billion coding platform. Among the flaws, six were critical, including reversed authentication logic and unauthenticated access to 18,697 user records (names, emails, roles), account deletion, grade modification, bulk email sending, and enterprise data from 14 institutions. The app had over 100,000 views on Lovable’s showcase and real users from universities like UC Berkeley, UC Davis, and schools across Europe, Africa, and Asia. After reporting the issues, Lovable closed the support ticket.