Unsafe Dependency Resolution

Overview @theia/ai-chat-ui is a Theia - AI Chat UI Extension Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the processing of workspace file and directory names in the AI chat. An attacker can cause the agent to execute attacker-controlled instructions by...

Unsafe Dependency Resolution

Overview @theia/ai-chat is a Theia - AI Chat Extension Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the processing of workspace file and directory names in the AI chat. An attacker can cause the agent to execute attacker-controlled instructions by introduci...

[Eclipse Theia] Indirect Prompt Injection via Adversarial Workspace File and Directory Names in AI Chat

In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing them from system instructions. An attacker could craft a malicious repository with adversarial directory or file names that, when analyzed...

[Eclipse Theia] Data Exfiltration via Markdown Image Rendering in AI Chat

In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering HTTP requests to arbitrary external URLs without restriction. Combined with prompt injection in a malicious workspace, an attacker could induce the AI agent to construct image URLs...

CVE-2026-44691

In Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files e.g. .theia/tasks.json, .vscode/tasks.json could be executed without requiring workspace trust. An attacker could craft a malicious repository that, when cloned and opened in Theia, leads to execution of arbitra...

CVE-2026-22551

In Eclipse Theia versions prior to 1.71.0, the AI chat rendered Markdown image tags from AI responses, triggering HTTP requests to arbitrary external URLs without restriction. Combined with prompt injection in a malicious workspace, an attacker could induce the AI agent to construct image URLs...

CVE-2026-44691

In Eclipse Theia versions prior to 1.69.0, custom task definitions in workspace files e.g. .theia/tasks.json, .vscode/tasks.json could be executed without requiring workspace trust. An attacker could craft a malicious repository that, when cloned and opened in Theia, leads to execution of arbitra...

CVE-2026-22551

Eclipse Theia versions before 1.71.0 are affected: the AI chat could render Markdown image tags from AI responses, causing HTTP requests to arbitrary external URLs. In combination with a malicious workspace via prompt injection, an attacker could coax the AI agent to construct image URLs that lea...

Malicious code in xy-ai-chat (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f9025a3fddb0d31a5cd9114850b0ca859acf96e54649d4d2a9fe286b7ca015c xy-ai-chat ships a Lit web component whose bundled main entry hardcodes two plain-HTTP endpoints on a bare IPv4 address:...

1byte-react-design (>=1.7.1 <=1.14.0), 1g6table (=0.1.0) +1607 more potentially affected by unknown CVE via @antv/event-emitter (=0.1.3)

@antv/event-emitter NPM version =0.1.3 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/event-emitter and may be impacted: - 1byte-react-design =1.7.1, =1.1.0, =1.0.0, =0.1.1, =0.1.1, =0.1.0, =0.0.2, =0.0.9, =0.1.2, =1.1.43, =0.9.1, =5.0.48,...

Security Bulletin: @carbon/ai-chat is vulnerable to XSS if Object.prototype has been compromised in assistant provided content due to DOMPurify ( CVE-2026-41238 CVE-2026-41239 CVE-2026-41240)

Summary DOMPurify trusts Object.prototype for security-critical config, which violates the principle that a sanitizer should be robust against a hostile global environment. If Object.prototype has been compromised, DOMPurify may not sanitize HTML propertly. Vulnerability Details...

AI ChatBot with ChatGPT by AYS <= 2.6.6 - Unauthenticated API Key Exposure

AYS AI ChatBot with ChatGPT and Content Generator = 2.6.6 contains an insertion of sensitive information into sent data vulnerability caused by improper handling of embedded sensitive data, letting attackers retrieve sensitive information, exploit requires crafted input. id: CVE-2025-62039 info:...

CVE-2026-5616

A security vulnerability has been detected in JeecgBoot 3.9.0/3.9.1. The impacted element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/airag/JeecgBizToolsProvider.java of the component AI Chat Module. Such manipulation leads to...

CVE-2026-5616

A security vulnerability has been detected in JeecgBoot 3.9.0/3.9.1. The impacted element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/airag/JeecgBizToolsProvider.java of the component AI Chat Module. Such manipulation leads to...

CVE-2026-5616

JeecgBoot 3.9.0/3.9.1 contains a vulnerability in the AI Chat Module, specifically an unknown function within JeecgBizToolsProvider.java under jeecg-system-biz. This manipulation results in missing authentication and can be triggered remotely. A patch is identified by the hash b7c9aeba7aefda9e008...

AWS VDP: QuickSight Authorization Bypass: Chat Agents Accessible Despite Custom Permissions Denial

A vulnerability was discovered in Amazon Quick Suite formerly QuickSight that allowed users to access and interact with AI chat agents, despite administrative restrictions being in place to disable this functionality. The vulnerability was caused by the lack of proper server-side authorization...

WordPress AI ChatBot with ChatGPT and Content Generator by AYS plugin <= 2.7.5 - Missing Authorization to Unauthenticated API Key Modification vulnerability

Missing Authorization to Unauthenticated API Key Modification vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin AI ChatBot with ChatGPT and Content Generator by AYS versions = 2.7.5...

CVE-2026-25338 WordPress AI ChatBot with ChatGPT and Content Generator by AYS plugin <= 2.7.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ays Pro AI ChatBot with ChatGPT and Content Generator by AYS ays-chatgpt-assistant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI ChatBot with ChatGPT and Content Generator by AYS: from n/a through = 2.7.4...

CVE-2026-25338

CVE-2026-25338 concerns the WordPress plugin AI ChatBot with ChatGPT and Content Generator by AYS (versions through 2.7.4). Connected sources describe a Broken Access Control / Missing Authorization issue caused by misconfigured access control security levels, potentially enabling unauthorized ac...

CVE-2026-25338 WordPress AI ChatBot with ChatGPT and Content Generator by AYS plugin <= 2.7.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ays Pro AI ChatBot with ChatGPT and Content Generator by AYS ays-chatgpt-assistant allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI ChatBot with ChatGPT and Content Generator by AYS: from n/a through = 2.7.4...