17 matches found
FreeBSD : Gitlab -- vulnerabilities (b933083e-2b2e-11f1-b60a-2cf05da270f3)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the b933083e-2b2e-11f1-b60a-2cf05da270f3 advisory. Gitlab reports: Improper Handling of Parameters issue in Jira Connect installations impacts...
Lobe Chat affected by Cross-Site Scripting(XSS) that can escalate to Remote Code Execution(RCE)
Summary A stored Cross-Site Scripting XSS vulnerability in the Mermaid artifact renderer allows attackers to execute arbitrary JavaScript within the application context. This XSS can be escalated to Remote Code Execution RCE. Details The vulnerability exists in the Renderer component responsible...
GHSA-4GPC-RHPJ-9443 Lobe Chat affected by Cross-Site Scripting(XSS) that can escalate to Remote Code Execution(RCE)
Summary A stored Cross-Site Scripting XSS vulnerability in the Mermaid artifact renderer allows attackers to execute arbitrary JavaScript within the application context. This XSS can be escalated to Remote Code Execution RCE. Details The vulnerability exists in the Renderer component responsible...
Arbitrary Code Injection
Overview @lobehub/lobehub is a LobeHub - an open-source,comprehensive AI Agent framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Supports one-click free deployment of your private ChatGPT/LLM web application. Affected versions of this package are...
CVE-2026-23733
LobeChat is an open source chat application platform. Prior to version 2.0.0-next.180, a stored Cross-Site Scripting XSS vulnerability in the Mermaid artifact renderer allows attackers to execute arbitrary JavaScript within the application context. This XSS can be escalated to Remote Code Executi...
CVE-2026-23733 Lobe Chat has Cross-Site Scripting (XSS) issue that may escalate to Remote Code Execution (RCE)
LobeChat is an open source chat application platform. Prior to version 2.0.0-next.180, a stored Cross-Site Scripting XSS vulnerability in the Mermaid artifact renderer allows attackers to execute arbitrary JavaScript within the application context. This XSS can be escalated to Remote Code Executi...
CVE-2026-23733 Lobe Chat has Cross-Site Scripting (XSS) issue that may escalate to Remote Code Execution (RCE)
LobeChat is an open source chat application platform. Prior to version 2.0.0-next.180, a stored Cross-Site Scripting XSS vulnerability in the Mermaid artifact renderer allows attackers to execute arbitrary JavaScript within the application context. This XSS can be escalated to Remote Code Executi...
CVE-2026-23733
LobeChat desktop (open source) is affected by a stored XSS in the Mermaid artifact renderer prior to version 2.0.0-next.180. The XSS can be escalated to Remote Code Execution (RCE) by abusing the exposed electronAPI IPC bridge, enabling arbitrary system commands in the victim’s machine. Version 2...
CVE-2026-23733 Lobe Chat has Cross-Site Scripting (XSS) issue that may escalate to Remote Code Execution (RCE)
LobeChat is an open source chat application platform. Prior to version 2.0.0-next.180, a stored Cross-Site Scripting XSS vulnerability in the Mermaid artifact renderer allows attackers to execute arbitrary JavaScript within the application context. This XSS can be escalated to Remote Code Executi...
CVE-2026-23733
LobeChat is an open source chat application platform. Prior to version 2.0.0-next.180, a stored Cross-Site Scripting XSS vulnerability in the Mermaid artifact renderer allows attackers to execute arbitrary JavaScript within the application context. This XSS can be escalated to Remote Code Executi...
Lobe Chat code injection vulnerability
Lobe Chat is an open-source, high-performance chatbot framework developed by LobeHub. Versions of Lobe Chat prior to 2.0.0-next.180 contained a code injection vulnerability. This vulnerability stemmed from a storage-oriented cross-site scripting vulnerability in the Mermaid renderer, which could...
PT-2026-3404
Name of the Vulnerable Software and Affected Versions LobeChat versions prior to 2.0.0-next.180 Description LobeChat is an open source chat application platform. A stored Cross-Site Scripting XSS issue exists in the Mermaid artifact renderer, enabling attackers to execute arbitrary JavaScript...
CVE-2025-66222
DeepChat (0.5.0 and earlier) is affected by a Stored XSS in the Mermaid diagram renderer, exploitable via the Electron IPC bridge to escalate to RCE by starting a malicious MCP server. Affected product/version: DeepChat prior to 0.5.0. Root cause: XSS within Mermaid rendering allows arbitrary Jav...
CVE-2025-66222 DeepChat Cross-Site Scripting(XSS) escalate to Remote Code Execution(RCE)
DeepChat is a smart assistant uses artificial intelligence. In 0.5.0 and earlier, there is a Stored Cross-Site Scripting XSS vulnerability in the Mermaid diagram renderer allows an attacker to execute arbitrary JavaScript within the application context. By leveraging the exposed Electron IPC...
CVE-2025-66222 DeepChat Cross-Site Scripting(XSS) escalate to Remote Code Execution(RCE)
DeepChat is a smart assistant uses artificial intelligence. In 0.5.0 and earlier, there is a Stored Cross-Site Scripting XSS vulnerability in the Mermaid diagram renderer allows an attacker to execute arbitrary JavaScript within the application context. By leveraging the exposed Electron IPC...
EUVD-2025-201091
DeepChat is a smart assistant uses artificial intelligence. In 0.5.0 and earlier, there is a Stored Cross-Site Scripting XSS vulnerability in the Mermaid diagram renderer allows an attacker to execute arbitrary JavaScript within the application context. By leveraging the exposed Electron IPC...
CVE-2025-66222 DeepChat Cross-Site Scripting(XSS) escalate to Remote Code Execution(RCE)
DeepChat is a smart assistant uses artificial intelligence. In 0.5.0 and earlier, there is a Stored Cross-Site Scripting XSS vulnerability in the Mermaid diagram renderer allows an attacker to execute arbitrary JavaScript within the application context. By leveraging the exposed Electron IPC...