Lucene search
K

13 matches found

NVD
NVD
added 2026/06/18 4:16 p.m.13 views

CVE-2026-44688

In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing them from system instructions. An attacker could craft a malicious repository with adversarial directory or file names that, when analyzed...

8.8CVSS0.00272EPSS
Exploits0References1
OSV
OSV
added 2026/06/18 4:16 p.m.5 views

UBUNTU-CVE-2026-44688

In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing them from system instructions. An attacker could craft a malicious repository with adversarial directory or file names that, when analyzed...

8.8CVSS6AI score0.00272EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/18 2:35 p.m.11 views

CVE-2026-44691

In Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files e.g. .theia/tasks.json, .vscode/tasks.json could be executed without requiring workspace trust. An attacker could craft a malicious repository that, when cloned and opened in Theia, leads to execution of arbitra...

8.4CVSS5.7AI score0.00231EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/18 2:35 p.m.9 views

EUVD-2026-37901

In Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files e.g. .theia/tasks.json, .vscode/tasks.json could be executed without requiring workspace trust. An attacker could craft a malicious repository that, when cloned and opened in Theia, leads to execution of arbitra...

8.4CVSS5.7AI score0.00231EPSS
Exploits0References1
CVE
CVE
added 2026/06/18 2:35 p.m.20 views

CVE-2026-44691

CVE-2026-44691 affects Eclipse Theia versions before 1.69.0. The issue arises when custom task definitions in workspace files (e.g., .theia/tasks.json, .vscode/tasks.json) can be executed without workspace trust, potentially enabling arbitrary commands to run with the user’s privileges if a malic...

8.8CVSS5.8AI score0.00231EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/18 2:22 p.m.12 views

CVE-2026-44688

The vulnerability CVE-2026-44688 affects Eclipse Theia versions prior to 1.71.0. The AI chat agent processes workspace file and directory names as part of its prompt context without distinguishing them from system instructions, enabling indirect prompt injection when an attacker uses adversarial ...

8.8CVSS5.7AI score0.00272EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.19 views

PT-2026-50690

Name of the Vulnerable Software and Affected Versions Eclipse Theia versions prior to 1.69.0 Description Custom task definitions in workspace files, such as .theia/tasks.json and .vscode/tasks.json, can be executed without requiring workspace trust. This allows an attacker to create a malicious...

8.8CVSS6.2AI score0.00231EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/04/06 3:15 a.m.25 views

CVE-2026-5616 JeecgBoot AI Chat JeecgBizToolsProvider.java missing authentication

A security vulnerability has been detected in JeecgBoot 3.9.0/3.9.1. The impacted element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/airag/JeecgBizToolsProvider.java of the component AI Chat Module. Such manipulation leads to...

7.5CVSS0.00409EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/04/06 3:15 a.m.3 views

CVE-2026-5616 JeecgBoot AI Chat JeecgBizToolsProvider.java missing authentication

A security vulnerability has been detected in JeecgBoot 3.9.0/3.9.1. The impacted element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/airag/JeecgBizToolsProvider.java of the component AI Chat Module. Such manipulation leads to...

7.5CVSS6.6AI score0.00409EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.7 views

JeecgBoot 访问控制错误漏洞

JeecgBoot is a Java low-code platform developed by Jeecg Corporation, designed for enterprise web applications. Versions 3.9.0 and 3.9.1 of JeecgBoot contain access control vulnerability issues. This vulnerability stems from a lack of authentication in the AI Chat Module component’s...

7.5CVSS7.1AI score0.00409EPSS
Exploits0References7
OSV
OSV
added 2025/12/03 6:48 p.m.6 views

DRUPAL-CONTRIB-2025-119

This modules provides the ability to chat with an AI Agent using a large-language model LLM provider for different purposes. The module doesn’t sufficiently filter LLM responses. This leads to a cross-site scripting XSS vulnerability where an attacker can use prompt injections on user-generated...

4.4CVSS5.7AI score0.00118EPSS
Exploits0References1
CVE
CVE
added 2025/11/27 9:27 a.m.32 views

CVE-2025-13381

CVE-2025-13381 (AYS & WordPress) Vulnerability exists in the AI ChatBot with ChatGPT and Content Generator by AYS plugin for WordPress due to a missing capability check in the ays_chatgpt_save_wp_media function through version 2.7.0, enabling unauthenticated users to upload media files. Wordfence...

5.3CVSS5.1AI score0.00249EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/08/22 12:0 a.m.10 views

CVE-2025-50733

NextChat contains a cross-site scripting XSS vulnerability in the HTMLPreview component of artifacts.tsx that allows attackers to execute arbitrary JavaScript code when HTML content is rendered in the AI chat interface. The vulnerability occurs because user-influenced HTML from AI responses is...

0.00188EPSS
Exploits0References2
Rows per page
Query Builder