Lucene search
K

43 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-24562

Malicious code in bioql PyPI...

7.7CVSS6.6AI score0.02144EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-24569

Malicious code in bioql PyPI...

9.6CVSS6.6AI score0.05449EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/08/15 2:20 p.m.11 views

CVE-2025-54074

Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.2.5 to 1.5.1, Cherry Studio is vulnerable to OS Command Injection during a connection with a malicious MCP server in HTTP Streamable mode. Attackers can setup a malicious MCP server with compatible OAuth...

7.7CVSS8.1AI score0.02144EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/08/15 2:20 p.m.10 views

CVE-2025-54382

Cherry Studio is a desktop client that supports for multiple LLM providers. In version 1.5.1, a remote code execution RCE vulnerability exists in the Cherry Studio platform when connecting to streamableHttp MCP servers. The issue arises from the server’s implicit trust in the oauth auth redirecti...

9.6CVSS8.1AI score0.05449EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/08/13 6:29 p.m.10 views

CVE-2025-54063

Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.4.8 to 1.5.0, there is a one-click remote code execution vulnerability through the custom URL handling. An attacker can exploit this by hosting a malicious website or embedding a specially crafted URL on a...

8CVSS8.1AI score0.00708EPSS
Exploits1References1
NVD
NVD
added 2025/08/13 2:15 p.m.14 views

CVE-2025-54382

Cherry Studio is a desktop client that supports for multiple LLM providers. In version 1.5.1, a remote code execution RCE vulnerability exists in the Cherry Studio platform when connecting to streamableHttp MCP servers. The issue arises from the server’s implicit trust in the oauth auth redirecti...

9.6CVSS0.05449EPSS
Exploits1References1
NVD
NVD
added 2025/08/13 2:15 p.m.17 views

CVE-2025-54074

Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.2.5 to 1.5.1, Cherry Studio is vulnerable to OS Command Injection during a connection with a malicious MCP server in HTTP Streamable mode. Attackers can setup a malicious MCP server with compatible OAuth...

9.8CVSS0.02144EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/08/13 1:31 p.m.6 views

CVE-2025-54382 Cherry Studio RCE Vulnerability Disclosure

Cherry Studio is a desktop client that supports for multiple LLM providers. In version 1.5.1, a remote code execution RCE vulnerability exists in the Cherry Studio platform when connecting to streamableHttp MCP servers. The issue arises from the server’s implicit trust in the oauth auth redirecti...

9.6CVSS8.1AI score0.05449EPSS
Exploits1References1
CVE
CVE
added 2025/08/13 1:31 p.m.26 views

CVE-2025-54382

Cherry Studio (desktop client) version 1.5.1 is affected by an RCE vulnerability when connecting to streamableHttp MCP servers due to the server’s implicit trust in OAuth redirection URLs and improper URL sanitization. The issue is mitigated by upgrading to version 1.5.2. Exploitation status is n...

9.6CVSS8.1AI score0.05449EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/08/13 1:31 p.m.17 views

CVE-2025-54382 Cherry Studio RCE Vulnerability Disclosure

Cherry Studio is a desktop client that supports for multiple LLM providers. In version 1.5.1, a remote code execution RCE vulnerability exists in the Cherry Studio platform when connecting to streamableHttp MCP servers. The issue arises from the server’s implicit trust in the oauth auth redirecti...

9.6CVSS0.05449EPSS
Exploits1References1
OSV
OSV
added 2025/08/13 1:31 p.m.5 views

CVE-2025-54382 Cherry Studio RCE Vulnerability Disclosure

Cherry Studio is a desktop client that supports for multiple LLM providers. In version 1.5.1, a remote code execution RCE vulnerability exists in the Cherry Studio platform when connecting to streamableHttp MCP servers. The issue arises from the server’s implicit trust in the oauth auth redirecti...

9.6CVSS8.1AI score0.05449EPSS
Exploits1References3
OSV
OSV
added 2025/08/13 1:27 p.m.13 views

CVE-2025-54074 Cherry Studio is Vulnerable to OS Command Injection during Connection with a Malicious MCP Server

Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.2.5 to 1.5.1, Cherry Studio is vulnerable to OS Command Injection during a connection with a malicious MCP server in HTTP Streamable mode. Attackers can setup a malicious MCP server with compatible OAuth...

7.7CVSS7.9AI score0.02144EPSS
Exploits1References4
CVE
CVE
added 2025/08/13 1:27 p.m.25 views

CVE-2025-54074

CVE-2025-54074 affects Cherry Studio desktop client, versions 1.2.5–1.5.1, which are vulnerable to OS command injection when connecting to a malicious MCP server over HTTP Streamable mode. The underlying issue arises during the OAuth-enabled connection process, allowing an attacker-controlled MCP...

9.8CVSS8.1AI score0.02144EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/08/13 1:27 p.m.7 views

CVE-2025-54074 Cherry Studio is Vulnerable to OS Command Injection during Connection with a Malicious MCP Server

Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.2.5 to 1.5.1, Cherry Studio is vulnerable to OS Command Injection during a connection with a malicious MCP server in HTTP Streamable mode. Attackers can setup a malicious MCP server with compatible OAuth...

7.7CVSS8.1AI score0.02144EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/08/13 1:27 p.m.15 views

CVE-2025-54074 Cherry Studio is Vulnerable to OS Command Injection during Connection with a Malicious MCP Server

Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.2.5 to 1.5.1, Cherry Studio is vulnerable to OS Command Injection during a connection with a malicious MCP server in HTTP Streamable mode. Attackers can setup a malicious MCP server with compatible OAuth...

7.7CVSS0.02144EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/08/13 12:0 a.m.10 views

PT-2025-32990 · Unknown · Cherry-Studio

Name of the Vulnerable Software and Affected Versions: Cherry Studio version 1.5.1 Description: Cherry Studio is a desktop client that supports multiple LLM providers. A remote code execution RCE vulnerability exists when connecting to streamableHttp MCP servers. The issue stems from the server’s...

9.6CVSS8.1AI score0.05449EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/08/13 12:0 a.m.6 views

Cherry Studio 操作系统命令注入漏洞

Cherry Studio is a multi-model AI assistant from China Thousand Comets Cherry Studio. An operating system command injection vulnerability exists in Cherry Studio version 1.5.1, which stems from a streamableHttp MCP server connection that does not properly clean up the URL, which could lead to...

9.6CVSS8.4AI score0.05449EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/08/13 12:0 a.m.9 views

Cherry Studio 操作系统命令注入漏洞

Cherry Studio is a multi-model AI assistant from China Thousand Comets Cherry Studio. An OS command injection vulnerability exists in Cherry Studio versions 1.2.5 through 1.5.1, which stems from an OS command injection when connecting to a malicious MCP server...

9.8CVSS7.5AI score0.02144EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/08/13 12:0 a.m.10 views

PT-2025-32989 · Unknown · Cherry-Studio

Name of the Vulnerable Software and Affected Versions: Cherry Studio versions 1.2.5 through 1.5.1 Description: Cherry Studio is vulnerable to OS Command Injection when connecting to a malicious MCP server in HTTP Streamable mode. Attackers can establish a malicious MCP server with compatible OAut...

7.7CVSS7.7AI score0.02144EPSS
Exploits1References7
CVE
CVE
added 2025/08/11 5:59 p.m.24 views

CVE-2025-54063

CVE-2025-54063 affects Cherry Studio desktop client (versions 1.4.8–1.5.0) due to improper handling of custom URLs, enabling remote code execution when a user clicks a crafted link or visits a malicious site. The underlying vulnerability is triggered by the app’s custom URL handler, leading to co...

9.6CVSS8AI score0.00708EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder