Lucene search
K

8 matches found

OSV
OSV
added 2026/03/02 6:55 p.m.6 views

CVE-2026-21853 AFFiNE: One-click Remote Code Execution through Custom URL Handling

AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.25.4, there is a one-click remote code execution vulnerability. This vulnerability can be exploited by embedding a specially crafted affine: URL on a website. An attacker can trigger the vulnerability in tw...

8.8CVSS6.6AI score0.00606EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/01/05 5:37 p.m.25 views

CVE-2025-55204 muffon has One-click Remote Code Execution via XSS and Custom URL Handling

muffon is a cross-platform music streaming client for desktop. Versions prior to 2.3.0 have a one-click Remote Code Execution RCE vulnerability in. An attacker can exploit this issue by embedding a specially crafted muffon:// link on any website they control. When a victim visits the site or clic...

8.8CVSS0.00599EPSS
Exploits1References3
OSV
OSV
added 2026/01/05 5:37 p.m.5 views

CVE-2025-55204 muffon has One-click Remote Code Execution via XSS and Custom URL Handling

muffon is a cross-platform music streaming client for desktop. Versions prior to 2.3.0 have a one-click Remote Code Execution RCE vulnerability in. An attacker can exploit this issue by embedding a specially crafted muffon:// link on any website they control. When a victim visits the site or clic...

8.8CVSS7AI score0.00599EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/08/19 6:26 p.m.5 views

CVE-2025-55733 DeepChat One-click Remote Code Execution through Custom URL Handling

DeepChat is a smart assistant that connects powerful AI to your personal world. DeepChat before 0.3.1 has a one-click remote code execution vulnerability. An attacker can exploit this vulnerability by embedding a specially crafted deepchat: URL on any website, including a malicious one they...

9.6CVSS7.8AI score0.00634EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/08/13 6:29 p.m.11 views

CVE-2025-54063

Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.4.8 to 1.5.0, there is a one-click remote code execution vulnerability through the custom URL handling. An attacker can exploit this by hosting a malicious website or embedding a specially crafted URL on a...

8CVSS8.1AI score0.00708EPSS
Exploits1References1
NVD
NVD
added 2025/08/11 6:15 p.m.5 views

CVE-2025-54063

Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.4.8 to 1.5.0, there is a one-click remote code execution vulnerability through the custom URL handling. An attacker can exploit this by hosting a malicious website or embedding a specially crafted URL on a...

9.6CVSS0.00708EPSS
Exploits1References3
CVE
CVE
added 2025/08/11 5:59 p.m.24 views

CVE-2025-54063

CVE-2025-54063 affects Cherry Studio desktop client (versions 1.4.8–1.5.0) due to improper handling of custom URLs, enabling remote code execution when a user clicks a crafted link or visits a malicious site. The underlying vulnerability is triggered by the app’s custom URL handler, leading to co...

9.6CVSS8AI score0.00708EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2025/08/11 5:59 p.m.10 views

CVE-2025-54063 Cherry Studio One-click Remote Code Execution Vulnerability through Custom URL Handling

Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.4.8 to 1.5.0, there is a one-click remote code execution vulnerability through the custom URL handling. An attacker can exploit this by hosting a malicious website or embedding a specially crafted URL on a...

8CVSS0.00708EPSS
Exploits1References3
Rows per page
Query Builder