CVE-2026-42045

CVE-2026-42045 affects LobeHub/LobeChat prior to version 2.1.48. The issue combines a client‑side XSS in the Render path (Renderer defaulting to HTMLRenderer for unknown tags) with an insecure IPC interface runCommand in the Electron main process. An attacker who can induce the LLM to emit malici...

GHSA-XQ4X-622M-Q8FQ LobeHub has a Cross-Site Scripting issue that escalates to Remote Code Execution

Summary The vulnerability was automatically discovered by an ai agent and then manually verified. LobeChat's message rendering mechanism has a stored cross-site scripting XSS vulnerability. Combined with the Electron main process's exposed insecure IPC interface, attackers can construct malicious...

PT-2024-20224 · Unknown · Lukas Bach

Name of the Vulnerable Software and Affected Versions: Lukas Bach yana version 1.0.16 Description: The issue is related to Cross Site Scripting XSS via src/electron-main.ts. Recommendations: For version 1.0.16, update to a version that is 1.0.16 or later to resolve the issue. As a temporary...

Yana Security Breach

Yana is a powerful laptop application from the individual developer Lukas Bach. A security vulnerability exists in Yana version 1.0.16 and prior versions, which stems from a cross-site scripting vulnerability in the src/electron-main.ts location...