Lucene search
K

5 matches found

OSV
OSV
added 2026/04/16 6:16 p.m.3 views

CVE-2026-33121 DataEase has SQL Injection via Datasource Save Flow

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource saving process. The deTableName field from the Base64-encoded datasource configuration is used to construct a DDL statement via simple strin...

8.7CVSS6.1AI score0.00328EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/10/10 7:50 p.m.4 views

CVE-2025-61929 Cherry Studio allows one-click on a specific URL to cause a command to execute

Cherry Studio is a desktop client that supports for multiple LLM providers. Cherry Studio registers a custom protocol called cherrystudio://. When handling the MCP installation URL, it parses the base64-encoded configuration data and directly executes the command within it. In the files...

9.6CVSS6.6AI score0.00439EPSS
Exploits1References1
OSV
OSV
added 2025/10/10 7:50 p.m.5 views

CVE-2025-61929 Cherry Studio allows one-click on a specific URL to cause a command to execute

Cherry Studio is a desktop client that supports for multiple LLM providers. Cherry Studio registers a custom protocol called cherrystudio://. When handling the MCP installation URL, it parses the base64-encoded configuration data and directly executes the command within it. In the files...

9.6CVSS7AI score0.00439EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/10/10 7:50 p.m.10 views

CVE-2025-61929 Cherry Studio allows one-click on a specific URL to cause a command to execute

Cherry Studio is a desktop client that supports for multiple LLM providers. Cherry Studio registers a custom protocol called cherrystudio://. When handling the MCP installation URL, it parses the base64-encoded configuration data and directly executes the command within it. In the files...

9.6CVSS0.00439EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/10/10 12:0 a.m.4 views

PT-2025-41600

Name of the Vulnerable Software and Affected Versions Cherry Studio versions 1.7.0-alpha.4 and earlier Description Cherry Studio is a desktop client supporting multiple LLM providers. It registers a custom protocol, cherrystudio://, and when handling MCP installation URLs, it parses base64-encode...

9.6CVSS7AI score0.00439EPSS
Exploits1References12
Rows per page
Query Builder