CVE-2025-68669 5ire vulnerable to Remote Code Execution (RCE) via mermaid

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. In versions 0.15.2 and prior, an RCE vulnerability exists in useMarkdown.ts, where the markdown-it-mermaid plugin is initialized with securityLevel: 'loose'. This configuration explicitly permits...

CVE-2025-68669

CVE-2025-68669 affects 5ire, a cross-platform desktop AI assistant. In versions 0.15.2 and earlier, RCE is possible in useMarkdown.ts because the markdown-it-mermaid plugin is initialized with securityLevel: 'loose', which allows HTML in Mermaid diagram nodes. The issue has not been patched at pu...

PT-2023-8844 · Npm · @Excalidraw/Excalidraw

Name of the Vulnerable Software and Affected Versions: @excalidraw/excalidraw versions 0.0.0 through 0.15.2 Description: The issue is related to Cross-site Scripting XSS via embedded links in whiteboard objects due to improper input sanitization. This allows a remote attacker to conduct an XSS...

cypress-ct-jordan-qwik (>=0.0.0-alpha-9 <=0.0.0-alpha-12), storybook-framework-qwik (=0.0.1) potentially affected by CVE-2023-1283 via @builder.io/qwik (>=0.15.2 <=0.18.1)

@builder.io/qwik NPM version =0.15.2, =0.0.0-alpha-9, =0.0.0-alpha-12 - storybook-framework-qwik =0.0.1 Source cves: CVE-2023-1283 Source advisory: OSV:GHSA-9WF9-QVVP-2929...

PT-2014-2164 · Qemu +2 · Qemu +2

Name of the Vulnerable Software and Affected Versions: QEMU versions prior to 0.15.2 QEMU versions 1.x prior to 1.0-rc4 Description: The issue is related to a buffer overflow in the ccid card vscard handle message function, which can be triggered by a crafted VSC ATR message. This could lead to a...