Lucene search
K

43 matches found

NVD
NVD
added 2026/06/29 6:16 a.m.9 views

CVE-2026-13534

A vulnerability was detected in CherryHQ cherry-studio up to 1.9.7. This affects the function sha256 of the file src/main/services/memory/MemoryService.ts of the component CherryIN Preload API. Performing a manipulation of the argument state results in authorization bypass. The attack can be...

5CVSS0.00199EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/29 4:15 a.m.40 views

CVE-2026-13534 CherryHQ cherry-studio CherryIN Preload API MemoryService.ts sha256 authorization

A vulnerability was detected in CherryHQ cherry-studio up to 1.9.7. This affects the function sha256 of the file src/main/services/memory/MemoryService.ts of the component CherryIN Preload API. Performing a manipulation of the argument state results in authorization bypass. The attack can be...

5CVSS0.00199EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/29 4:15 a.m.8 views

CVE-2026-13534

A vulnerability was detected in CherryHQ cherry-studio up to 1.9.7. This affects the function sha256 of the file src/main/services/memory/MemoryService.ts of the component CherryIN Preload API. Performing a manipulation of the argument state results in authorization bypass. The attack can be...

5CVSS5.4AI score0.00199EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 2026/06/29 4:15 a.m.8 views

EUVD-2026-40031

A vulnerability was detected in CherryHQ cherry-studio up to 1.9.7. This affects the function sha256 of the file src/main/services/memory/MemoryService.ts of the component CherryIN Preload API. Performing a manipulation of the argument state results in authorization bypass. The attack can be...

5CVSS5.4AI score0.00199EPSS
Exploits0References7
NVD
NVD
added 2026/06/29 3:16 a.m.10 views

CVE-2026-13524

A security vulnerability has been detected in CherryHQ cherry-studio up to 1.9.6. This vulnerability affects unknown code of the file src/main/services/mcp/oauth/callback.ts of the component MCP OAuth Local Callback Server. The manipulation of the argument code leads to improper authorization. Th...

6.3CVSS0.00264EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/29 1:45 a.m.9 views

CVE-2026-13524

A security vulnerability has been detected in CherryHQ cherry-studio up to 1.9.6. This vulnerability affects unknown code of the file src/main/services/mcp/oauth/callback.ts of the component MCP OAuth Local Callback Server. The manipulation of the argument code leads to improper authorization. Th...

6.3CVSS5.7AI score0.00264EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2026/06/29 1:45 a.m.38 views

CVE-2026-13524 CherryHQ cherry-studio MCP OAuth Local Callback Server callback.ts improper authorization

A security vulnerability has been detected in CherryHQ cherry-studio up to 1.9.6. This vulnerability affects unknown code of the file src/main/services/mcp/oauth/callback.ts of the component MCP OAuth Local Callback Server. The manipulation of the argument code leads to improper authorization. Th...

6.3CVSS0.00264EPSS
Exploits0References7
CVE
CVE
added 2026/06/29 1:45 a.m.22 views

CVE-2026-13524

The CVE-2026-13524 entry concerns CherryHQ cherry-studio up to 1.9.6. Affected component: MCP OAuth Local Callback Server, specifically the source file src/main/services/mcp/oauth/callback.ts. The vulnerability is caused by manipulation of the argument code, leading to improper authorization. The...

6.3CVSS5.7AI score0.00264EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.11 views

PT-2026-53194

Name of the Vulnerable Software and Affected Versions CherryHQ cherry-studio versions prior to 1.9.7 Description Improper authorization exists in the MCP OAuth Local Callback Server component within the src/main/services/mcp/oauth/callback.ts file. A remote attacker can manipulate the code argume...

6.3CVSS6.2AI score0.00264EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2025/12/09 8:26 p.m.5 views

CVE-2025-14204

A vulnerability has been found in TykoDev cherry-studio-TykoFork 0.1. This issue affects the function redirectToAuthorization of the file /.well-known/oauth-authorization-server of the component OAuth Server Discovery. Such manipulation of the argument authorizationUrl leads to os command...

6.5CVSS6.9AI score0.012EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/07 11:2 p.m.22 views

CVE-2025-14204 TykoDev cherry-studio-TykoFork OAuth Server Discovery oauth-authorization-server redirectToAuthorization os command injection

A vulnerability has been found in TykoDev cherry-studio-TykoFork 0.1. This issue affects the function redirectToAuthorization of the file /.well-known/oauth-authorization-server of the component OAuth Server Discovery. Such manipulation of the argument authorizationUrl leads to os command...

6.5CVSS0.012EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/07 12:0 a.m.8 views

PT-2025-49418

A vulnerability has been found in TykoDev cherry-studio-TykoFork 0.1. This issue affects the function redirectToAuthorization of the file /.well-known/oauth-authorization-server of the component OAuth Server Discovery. Such manipulation of the argument authorizationUrl leads to os command...

6.5CVSS7AI score0.012EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/10/13 7:21 a.m.6 views

CVE-2025-61929

Cherry Studio is a desktop client that supports for multiple LLM providers. Cherry Studio registers a custom protocol called cherrystudio://. When handling the MCP installation URL, it parses the base64-encoded configuration data and directly executes the command within it. In the files...

9.6CVSS7AI score0.00439EPSS
Exploits1References1
NVD
NVD
added 2025/10/10 8:15 p.m.11 views

CVE-2025-61929

Cherry Studio is a desktop client that supports for multiple LLM providers. Cherry Studio registers a custom protocol called cherrystudio://. When handling the MCP installation URL, it parses the base64-encoded configuration data and directly executes the command within it. In the files...

9.6CVSS0.00439EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/10/10 7:50 p.m.4 views

CVE-2025-61929 Cherry Studio allows one-click on a specific URL to cause a command to execute

Cherry Studio is a desktop client that supports for multiple LLM providers. Cherry Studio registers a custom protocol called cherrystudio://. When handling the MCP installation URL, it parses the base64-encoded configuration data and directly executes the command within it. In the files...

9.6CVSS6.6AI score0.00439EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/10 7:50 p.m.6 views

EUVD-2025-33778

Cherry Studio is a desktop client that supports for multiple LLM providers. Cherry Studio registers a custom protocol called cherrystudio://. When handling the MCP installation URL, it parses the base64-encoded configuration data and directly executes the command within it. In the files...

9.6CVSS6.5AI score0.00439EPSS
Exploits1References1
CVE
CVE
added 2025/10/10 7:50 p.m.39 views

CVE-2025-61929

Cherry Studio is affected by a code-injection vulnerability where the cherrystudio://mcp protocol handler parses base64-encoded configuration data and directly executes the contained command. Affected component paths include src/main/services/ProtocolClient.ts and src/main/services/urlschema/mcp-...

9.6CVSS6.6AI score0.00439EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/10/10 7:50 p.m.5 views

CVE-2025-61929 Cherry Studio allows one-click on a specific URL to cause a command to execute

Cherry Studio is a desktop client that supports for multiple LLM providers. Cherry Studio registers a custom protocol called cherrystudio://. When handling the MCP installation URL, it parses the base64-encoded configuration data and directly executes the command within it. In the files...

9.6CVSS7AI score0.00439EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/10/10 12:0 a.m.4 views

PT-2025-41600

Name of the Vulnerable Software and Affected Versions Cherry Studio versions 1.7.0-alpha.4 and earlier Description Cherry Studio is a desktop client supporting multiple LLM providers. It registers a custom protocol, cherrystudio://, and when handling MCP installation URLs, it parses base64-encode...

9.6CVSS7AI score0.00439EPSS
Exploits1References12
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-24569

Malicious code in bioql PyPI...

9.6CVSS6.6AI score0.05449EPSS
Exploits1References1
Rows per page
Query Builder