Lucene search
+L

53 matches found

redhatcve
redhatcve
added 2026/06/05 7:23 p.m.11 views

CVE-2026-43899

DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, An incomplete mitigation for CVE-2025-55733 leaves DeepChat vulnerable to an arbitrary protocol execution bypass RCE. While the patch correctly restricted...

9.6CVSS5.8AI score0.0033EPSS
Exploits0References1
nvd
nvd
added 2026/05/11 11:20 p.m.15 views

CVE-2026-43899

DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, An incomplete mitigation for CVE-2025-55733 leaves DeepChat vulnerable to an arbitrary protocol execution bypass RCE. While the patch correctly restricted...

9.6CVSS0.0033EPSS
Exploits0References1
nvd
nvd
added 2026/05/11 11:20 p.m.18 views

CVE-2026-43900

DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, a Cross-Site Scripting XSS vulnerability exists due to a discrepancy between the backend validation layer and the frontend browser rendering engine. The SVGSanitizer...

9.3CVSS0.00306EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/11 9:42 p.m.52 views

CVE-2026-43899 DeepChat: Incomplete Fix for CVE-2025-55733 leads to Remote Code Execution via Markdown Links bypassing `isValidExternalUrl`

DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, An incomplete mitigation for CVE-2025-55733 leaves DeepChat vulnerable to an arbitrary protocol execution bypass RCE. While the patch correctly restricted...

9.6CVSS0.0033EPSS
Exploits0References1
euvd
euvd
added 2026/05/11 9:42 p.m.16 views

EUVD-2026-29336

DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, An incomplete mitigation for CVE-2025-55733 leaves DeepChat vulnerable to an arbitrary protocol execution bypass RCE. While the patch correctly restricted...

9.6CVSS6AI score0.00634EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2026/05/11 9:42 p.m.9 views

CVE-2026-43899 DeepChat: Incomplete Fix for CVE-2025-55733 leads to Remote Code Execution via Markdown Links bypassing `isValidExternalUrl`

DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, An incomplete mitigation for CVE-2025-55733 leaves DeepChat vulnerable to an arbitrary protocol execution bypass RCE. While the patch correctly restricted...

9.6CVSS6AI score0.0033EPSS
Exploits0References1
osv
osv
added 2026/05/11 9:42 p.m.4 views

CVE-2026-43899 DeepChat: Incomplete Fix for CVE-2025-55733 leads to Remote Code Execution via Markdown Links bypassing `isValidExternalUrl`

DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, An incomplete mitigation for CVE-2025-55733 leaves DeepChat vulnerable to an arbitrary protocol execution bypass RCE. While the patch correctly restricted...

9.6CVSS6.2AI score0.0033EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/05/11 9:42 p.m.6 views

CVE-2026-43899

DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, An incomplete mitigation for CVE-2025-55733 leaves DeepChat vulnerable to an arbitrary protocol execution bypass RCE. While the patch correctly restricted...

9.6CVSS6AI score0.00634EPSS
Exploits1References2Affected Software1
cve
cve
added 2026/05/11 9:42 p.m.21 views

CVE-2026-43899

DeepChat (open-source AI agent platform) has a CVE-2026-43899 stating an incomplete fix for CVE-2025-55733 prior to v1.0.4-beta.1. The issue: mitigation restricted api.openExternal() in renderer preload/index.ts but did not sanitize native Electron pop-up window handlers, allowing a compromised A...

9.6CVSS6AI score0.0033EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/11 9:42 p.m.50 views

CVE-2026-43900 DeepChat: Persistent DOM XSS via HTML Entity Encoding in `<antArtifact>` SVG Rendering (Bypass of `svgSanitizer.ts`)

DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, a Cross-Site Scripting XSS vulnerability exists due to a discrepancy between the backend validation layer and the frontend browser rendering engine. The SVGSanitizer...

9.3CVSS0.00306EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/05/11 9:42 p.m.5 views

CVE-2026-43900

DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, a Cross-Site Scripting XSS vulnerability exists due to a discrepancy between the backend validation layer and the frontend browser rendering engine. The SVGSanitizer...

9.3CVSS6AI score0.00306EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/05/11 9:42 p.m.3 views

CVE-2026-43900 DeepChat: Persistent DOM XSS via HTML Entity Encoding in `<antArtifact>` SVG Rendering (Bypass of `svgSanitizer.ts`)

DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, a Cross-Site Scripting XSS vulnerability exists due to a discrepancy between the backend validation layer and the frontend browser rendering engine. The SVGSanitizer...

9.3CVSS6.2AI score0.00306EPSS
Exploits0References3
cve
cve
added 2026/05/11 9:42 p.m.14 views

CVE-2026-43900

DeepChat vuln CVE-2026-43900 affects the SvgArtifact rendering path. The sanitizer in src/main/lib/svgSanitizer.ts scrubs javascript: protocols with plain-text regex but fails to account for HTML entity decoding before Vue’s v-html insertion in SvgArtifact.vue. Crafting an SVG artifact with obfus...

9.3CVSS6AI score0.00306EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/11 12:0 a.m.14 views

DeepChat 跨站脚本漏洞

DeepChat is an intelligent assistant developed by ThinkInAIXYZ as open source. Versions of DeepChat prior to v1.0.4-beta.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the discrepancy between the backend validation layer and the front-end browser rendering engin...

9.3CVSS5.9AI score0.00306EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/05/11 12:0 a.m.11 views

DeepChat 输入验证错误漏洞

DeepChat is an intelligent assistant developed by ThinkInAIXYZ as open source. Versions of DeepChat prior to v1.0.4-beta.1 contained a vulnerability related to input validation errors. This vulnerability stemmed from incomplete mitigation measures for CVE-2025-55733. Although the patch correctly...

9.6CVSS5.8AI score0.0033EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/11 12:0 a.m.13 views

PT-2026-39859

Name of the Vulnerable Software and Affected Versions DeepChat versions prior to 1.0.4-beta.1 Description An incomplete mitigation for a previous issue allows for an arbitrary protocol execution bypass, which can lead to remote code execution RCE. While restrictions were applied to the...

9.6CVSS6.5AI score0.0033EPSS
Exploits0References7
redhatcve
redhatcve
added 2025/12/17 12:55 a.m.9 views

CVE-2025-67744

DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to version 0.5.3, a security vulnerability exists in the Mermaid diagram rendering component that allows arbitrary JavaScript execution. Due to the exposure of the Electron IPC renderer...

9.6CVSS6.9AI score0.00536EPSS
Exploits1References1
nvd
nvd
added 2025/12/16 1:15 a.m.8 views

CVE-2025-67744

DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to version 0.5.3, a security vulnerability exists in the Mermaid diagram rendering component that allows arbitrary JavaScript execution. Due to the exposure of the Electron IPC renderer...

9.6CVSS0.00536EPSS
Exploits1References2
cvelist
cvelist
added 2025/12/16 12:42 a.m.30 views

CVE-2025-67744 Mermaid XSS vulnerability leads to Remote Code Execution

DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to version 0.5.3, a security vulnerability exists in the Mermaid diagram rendering component that allows arbitrary JavaScript execution. Due to the exposure of the Electron IPC renderer...

9.6CVSS0.00536EPSS
Exploits1References2
cnnvd
cnnvd
added 2025/12/16 12:0 a.m.4 views

DeepChat 代码注入漏洞

DeepChat is an intelligent assistant open-sourced by ThinkInAIXYZ. A code injection vulnerability exists in DeepChat versions prior to 0.5.3, which stems from a cross-site scripting issue in the Mermaid chart rendering component that could lead to remote code execution...

9.6CVSS7.4AI score0.00536EPSS
Exploits1References3
Rows per page
Query Builder