CVE-2025-58357

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Version 0.13.2 contains a vulnerability in the chat page's script gadgets that enables content injection attacks through multiple vectors: malicious prompt injection pages, compromised MCP server...

CVE-2025-58357

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Version 0.13.2 contains a vulnerability in the chat page's script gadgets that enables content injection attacks through multiple vectors: malicious prompt injection pages, compromised MCP server...

CVE-2025-58357

Summary: 5ire (desktop AI assistant) vulnerability in the chat page’s script gadgets leads to content injection via multiple vectors (malicious prompt injection pages, compromised MCP servers, exploited tool integrations). Affected version: 0.13.2. Impact: allows content injection; CVSS 3.1 base ...

CVE-2025-58357 5ire Chat Message XSS Vulnerability Enables Remote Code Execution

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Version 0.13.2 contains a vulnerability in the chat page's script gadgets that enables content injection attacks through multiple vectors: malicious prompt injection pages, compromised MCP server...

The 5 Golden Rules of Safe AI Adoption

Employees are experimenting with AI at record speed. They are drafting emails, analyzing data, and transforming the workplace. The problem is not the pace of AI adoption, but the lack of control and safeguards in place. For CISOs and security leaders like you, the challenge is clear: you don't wa...

Linux Distros Unpatched Vulnerability : CVE-2023-6682

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from...

Malicious code in ares-api-integrations (npm)

The package ares-api-integrations was found to contain malicious code...

MAL-2025-14816 Malicious code in ares-api-integrations (npm)

The package ares-api-integrations was found to contain malicious code...

Malicious code in microsoft-cloud-integrations (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-6941 Malicious code in microsoft-cloud-integrations (npm)

The package communicates with a domain associated with malicious activity...

Celebrating 200 WINtegrations—and the Partners Who Make It Possible

200 integrations strong: How our open ecosystem is redefining cloud security collaboration...

Tracking GPTs Third Party Service: Automation, Analysis, and Insights

ChatGPT has quickly advanced from simple natural language processing to tackling more sophisticated and specialized tasks. Drawing inspiration from the success of mobile app ecosystems, OpenAI allows developers to create applications that interact with third-party services, known as GPTs. GPTs ca...

SQL Injection

llamaindex is vulnerable to SQL Injection. The vulnerability is due to SQL injection due to improper handling of user input in multiple vector store integrations, allowing attackers to manipulate SQL queries and access or modify unauthorized data...

MAL-2025-4751 Malicious code in moonpay-demo-integrations (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

Malicious code in moonpay-demo-integrations (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection through multiple vector store integrations. An attacker can read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage of the library in a web application...

SQL Injection

Overview llama-index-core is an Interface between LLMs and your data Affected versions of this package are vulnerable to SQL Injection through multiple vector store integrations. An attacker can read and write data using SQL, potentially leading to unauthorized access to data of other users...

[SECURITY] Fedora 41 Update: nextcloud-31.0.5-1.fc41

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

CVE-2025-22151

Strawberry GraphQL is a library for creating GraphQL APIs. Starting in 0.182.0 and prior to version 0.257.0, a type confusion vulnerability exists in Strawberry GraphQL's relay integration that affects multiple ORM integrations Django, SQLAlchemy, Pydantic. The vulnerability occurs when multiple...

CVE-2024-5250

In versions of Akana API Platform prior to 2024.1.0 overly verbose errors can be found in SAML integrations...