10 matches found
CVE-2026-22793
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsing vulnerability in the ECharts Markdown plugin allows any user able to submit ECharts code blocks to execute arbitrary JavaScript code in the...
CVE-2026-22792
5ire desktop AI assistant (cross-platform) prior to version 0.15.3 is affected by an unsafe HTML rendering vulnerability in the renderer context that allows untrusted HTML (including on* event attributes) to execute JavaScript. An attacker can inject an payload to call exposed bridge APIs (e.g.,...
CVE-2026-22792 5ire vulnerable to Remote Code Execution (RCE)
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML rendering permits untrusted HTML including on event attributes to execute in the renderer context. An attacker can inject an payload to run arbitrary...
5ire code injection vulnerability
5ire is a cross-platform desktop AI assistant developed by Ironben’s developers. Versions of 5ire prior to 0.15.3 contained a code injection vulnerability. This vulnerability stemmed from insecure option parsing in the ECharts Markdown plugin, allowing users who could submit ECharts code blocks t...
CVE-2025-58357 5ire Chat Message XSS Vulnerability Enables Remote Code Execution
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Version 0.13.2 contains a vulnerability in the chat page's script gadgets that enables content injection attacks through multiple vectors: malicious prompt injection pages, compromised MCP server...
CVE-2025-47777
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Versions prior to 0.11.1 are vulnerable to stored cross-site scripting in chatbot responses due to insufficient sanitization. This, in turn, can lead to Remote Code Execution RCE via unsafe...
CVE-2025-47777
5ire client (cross‑platform desktop AI assistant) versions prior to 0.11.1 are vulnerable to stored XSS in chatbot responses due to insufficient sanitization, which can lead to Remote Code Execution via unsafe Electron protocol handling and exposed Electron APIs. Patch available in 0.11.1; all us...
CVE-2025-47777 5ire Client Vulnerable to Cross-Site Scripting (XSS) and Remote Code Execution (RCE)
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Versions prior to 0.11.1 are vulnerable to stored cross-site scripting in chatbot responses due to insufficient sanitization. This, in turn, can lead to Remote Code Execution RCE via unsafe...
CVE-2025-47777 5ire Client Vulnerable to Cross-Site Scripting (XSS) and Remote Code Execution (RCE)
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Versions prior to 0.11.1 are vulnerable to stored cross-site scripting in chatbot responses due to insufficient sanitization. This, in turn, can lead to Remote Code Execution RCE via unsafe...
CVE-2025-47777 5ire Client Vulnerable to Cross-Site Scripting (XSS) and Remote Code Execution (RCE)
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Versions prior to 0.11.1 are vulnerable to stored cross-site scripting in chatbot responses due to insufficient sanitization. This, in turn, can lead to Remote Code Execution RCE via unsafe...