Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2026/01/22 9:26 p.m.6 views

CVE-2026-22793

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsing vulnerability in the ECharts Markdown plugin allows any user able to submit ECharts code blocks to execute arbitrary JavaScript code in the...

9.6CVSS6.2AI score0.00607EPSS
Exploits1References1
CVE
CVE
added 2026/01/21 8:54 p.m.17 views

CVE-2026-22792

5ire desktop AI assistant (cross-platform) prior to version 0.15.3 is affected by an unsafe HTML rendering vulnerability in the renderer context that allows untrusted HTML (including on* event attributes) to execute JavaScript. An attacker can inject an payload to call exposed bridge APIs (e.g.,...

9.6CVSS6AI score0.00713EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/01/21 8:54 p.m.17 views

CVE-2026-22792 5ire vulnerable to Remote Code Execution (RCE)

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML rendering permits untrusted HTML including on event attributes to execute in the renderer context. An attacker can inject an payload to run arbitrary...

9.6CVSS0.00713EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/01/21 12:0 a.m.7 views

5ire code injection vulnerability

5ire is a cross-platform desktop AI assistant developed by Ironben’s developers. Versions of 5ire prior to 0.15.3 contained a code injection vulnerability. This vulnerability stemmed from insecure option parsing in the ECharts Markdown plugin, allowing users who could submit ECharts code blocks t...

9.6CVSS6.4AI score0.00607EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/09/04 12:30 a.m.57 views

CVE-2025-58357 5ire Chat Message XSS Vulnerability Enables Remote Code Execution

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Version 0.13.2 contains a vulnerability in the chat page's script gadgets that enables content injection attacks through multiple vectors: malicious prompt injection pages, compromised MCP server...

9.6CVSS0.00597EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/16 4:9 p.m.6 views

CVE-2025-47777

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Versions prior to 0.11.1 are vulnerable to stored cross-site scripting in chatbot responses due to insufficient sanitization. This, in turn, can lead to Remote Code Execution RCE via unsafe...

9.6CVSS6.8AI score0.0081EPSS
Exploits1References1
CVE
CVE
added 2025/05/14 3:23 p.m.38 views

CVE-2025-47777

5ire client (cross‑platform desktop AI assistant) versions prior to 0.11.1 are vulnerable to stored XSS in chatbot responses due to insufficient sanitization, which can lead to Remote Code Execution via unsafe Electron protocol handling and exposed Electron APIs. Patch available in 0.11.1; all us...

9.6CVSS9.2AI score0.0081EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2025/05/14 3:23 p.m.6 views

CVE-2025-47777 5ire Client Vulnerable to Cross-Site Scripting (XSS) and Remote Code Execution (RCE)

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Versions prior to 0.11.1 are vulnerable to stored cross-site scripting in chatbot responses due to insufficient sanitization. This, in turn, can lead to Remote Code Execution RCE via unsafe...

9.6CVSS6.4AI score0.0081EPSS
Exploits1References8
Cvelist
Cvelist
added 2025/05/14 3:23 p.m.18 views

CVE-2025-47777 5ire Client Vulnerable to Cross-Site Scripting (XSS) and Remote Code Execution (RCE)

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Versions prior to 0.11.1 are vulnerable to stored cross-site scripting in chatbot responses due to insufficient sanitization. This, in turn, can lead to Remote Code Execution RCE via unsafe...

9.6CVSS0.0081EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2025/05/14 3:23 p.m.11 views

CVE-2025-47777 5ire Client Vulnerable to Cross-Site Scripting (XSS) and Remote Code Execution (RCE)

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Versions prior to 0.11.1 are vulnerable to stored cross-site scripting in chatbot responses due to insufficient sanitization. This, in turn, can lead to Remote Code Execution RCE via unsafe...

9.6CVSS6.8AI score0.0081EPSS
Exploits1References6
Rows per page
Query Builder