CVE-2025-58768 DeepChat's Mermaid rendering has XSS leading to RCE

DeepChat is a smart assistant uses artificial intelligence. Prior to version 0.3.5, in the Mermaid chart rendering component, there is a risky operation of directly using innerHTML to set user content. Therefore, any malicious content rendered via Mermaid will directly trigger the exploit chain,...

DeepChat 代码注入漏洞

DeepChat is an intelligent assistant open-sourced by ThinkInAIXYZ. A code injection vulnerability exists in DeepChat versions prior to 0.3.5, which stems from the direct use of user content in innerHTML and could lead to command execution...

CVE-2025-55733

DeepChat is a smart assistant that connects powerful AI to your personal world. DeepChat before 0.3.1 has a one-click remote code execution vulnerability. An attacker can exploit this vulnerability by embedding a specially crafted deepchat: URL on any website, including a malicious one they...

CVE-2025-55733

DeepChat is a smart assistant that connects powerful AI to your personal world. DeepChat before 0.3.1 has a one-click remote code execution vulnerability. An attacker can exploit this vulnerability by embedding a specially crafted deepchat: URL on any website, including a malicious one they...

CVE-2025-55733 DeepChat One-click Remote Code Execution through Custom URL Handling

DeepChat is a smart assistant that connects powerful AI to your personal world. DeepChat before 0.3.1 has a one-click remote code execution vulnerability. An attacker can exploit this vulnerability by embedding a specially crafted deepchat: URL on any website, including a malicious one they...

CVE-2025-55733 DeepChat One-click Remote Code Execution through Custom URL Handling

DeepChat is a smart assistant that connects powerful AI to your personal world. DeepChat before 0.3.1 has a one-click remote code execution vulnerability. An attacker can exploit this vulnerability by embedding a specially crafted deepchat: URL on any website, including a malicious one they...

CVE-2025-55733

DeepChat (prior to version 0.3.1) is affected by a remote code execution flaw that is triggered by embedding a specially crafted deepchat: URL on any website. When a user visits the site or clicks the link, the browser invokes the DeepChat app’s custom URL handler, which launches the application ...

CVE-2025-55733 DeepChat One-click Remote Code Execution through Custom URL Handling

DeepChat is a smart assistant that connects powerful AI to your personal world. DeepChat before 0.3.1 has a one-click remote code execution vulnerability. An attacker can exploit this vulnerability by embedding a specially crafted deepchat: URL on any website, including a malicious one they...

PT-2025-33844

Name of the Vulnerable Software and Affected Versions: DeepChat versions prior to 0.3.1 Description: DeepChat is a smart assistant that connects powerful AI to a user’s personal world. A remote code execution flaw exists in versions prior to 0.3.1. An attacker can exploit this issue by embedding ...

ThinkInAIXYZ DeepChat 安全漏洞

ThinkInAIXYZ DeepChat is an intelligent assistant open-sourced by ThinkInAIXYZ. A security vulnerability exists in ThinkInAIXYZ DeepChat versions prior to 0.3.1, which stems from a specially crafted URL that could lead to remote code execution...

DRUPAL-CONTRIB-2025-003

The Drupal AI module provides a framework for easily integrating Artificial Intelligence on any Drupal site using any kind of AI from multiple vendors. The sub-modules AI Chatbot and AI Assistants API allow users to interact with the Drupal site via a 'chat' interface. The AI Chatbot module doesn...