5 matches found
EUVD-2025-14181
Malicious code in bioql PyPI...
CVE-2025-29509
Jan v0.5.14 and before is vulnerable to remote code execution RCE when the user clicks on a rendered link in the conversation, due to opening external website in the app and the exposure of electronAPI, with a lack of filtering of URL when calling shell.openExternal...
CVE-2025-29509
Jan v0.5.14 and before is vulnerable to remote code execution RCE when the user clicks on a rendered link in the conversation, due to opening external website in the app and the exposure of electronAPI, with a lack of filtering of URL when calling shell.openExternal...
CVE-2025-29509
CVE-2025-29509 affects Jan v0.5.14 and earlier. An RCE is possible when a user clicks a rendered link in a conversation, due to the app opening external websites and an exposed electronAPI, with unfiltered URLs in shell.openExternal(). The CVSS v3.1 base score is 8.8 (HIGH) with network attack ve...
CVE-2025-29509
Jan v0.5.14 and before is vulnerable to remote code execution RCE when the user clicks on a rendered link in the conversation, due to opening external website in the app and the exposure of electronAPI, with a lack of filtering of URL when calling shell.openExternal...