CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

90 matches found

RedhatCVE•added 2026/01/22 9:26 p.m.•4 views

CVE-2026-22793

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsing vulnerability in the ECharts Markdown plugin allows any user able to submit ECharts code blocks to execute arbitrary JavaScript code in the...

9.6CVSS6.2AI score0.00492EPSS

Exploits1References1

NVD•added 2026/01/21 9:16 p.m.•3 views

CVE-2026-22793

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsing vulnerability in the ECharts Markdown plugin allows any user able to submit ECharts code blocks to execute arbitrary JavaScript code in the...

9.6CVSS0.00492EPSS

Exploits1References2

EUVD•added 2026/01/21 9:6 p.m.•2 views

EUVD-2026-3779

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsing vulnerability in the ECharts Markdown plugin allows any user able to submit ECharts code blocks to execute arbitrary JavaScript code in the...

9.6CVSS6.2AI score0.00492EPSS

Exploits1References2

Cvelist•added 2026/01/21 9:6 p.m.•12 views

CVE-2026-22793 5ire vulnerable to Remote Code Execution (RCE) via ECharts

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsing vulnerability in the ECharts Markdown plugin allows any user able to submit ECharts code blocks to execute arbitrary JavaScript code in the...

9.6CVSS0.00492EPSS

Exploits1References2

ATTACKERKB•added 2026/01/21 9:6 p.m.•0 views

CVE-2026-22793

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsing vulnerability in the ECharts Markdown plugin allows any user able to submit ECharts code blocks to execute arbitrary JavaScript code in the...

9.6CVSS6AI score0.00492EPSS

Exploits1References3Affected Software1

CVE•added 2026/01/21 9:6 p.m.•8 views

CVE-2026-22793

5ire's CVE-2026-22793 affects versions before 0.15.3, where an unsafe option parsing vulnerability in the ECharts Markdown plugin lets a user submitting ECharts code blocks execute arbitrary JavaScript in the renderer context, potentially enabling Remote Code Execution (RCE) if privileged Electro...

9.6CVSS6.2AI score0.00492EPSS

Exploits1References2Affected Software1

Positive Technologies•added 2026/01/21 12:0 a.m.•1 views

PT-2026-3864

Name of the Vulnerable Software and Affected Versions 5ire versions prior to 0.15.3 Description 5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. A flaw in the ECharts Markdown plugin allows any user capable of submitting ECharts code blocks to...

9.6CVSS6AI score0.00492EPSS

Exploits1References10

CNNVD•added 2026/01/21 12:0 a.m.•1 views

5ire code injection vulnerability

5ire is a cross-platform desktop AI assistant developed by Ironben’s developers. Versions of 5ire prior to 0.15.3 contained a code injection vulnerability. This vulnerability stemmed from insecure option parsing in the ECharts Markdown plugin, allowing users who could submit ECharts code blocks t...

9.6CVSS6.4AI score0.00492EPSS

Exploits1References3

Vulnrichment•added 2025/12/23 10:51 p.m.•2 views

CVE-2025-68669 5ire vulnerable to Remote Code Execution (RCE) via mermaid

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. In versions 0.15.2 and prior, an RCE vulnerability exists in useMarkdown.ts, where the markdown-it-mermaid plugin is initialized with securityLevel: 'loose'. This configuration explicitly permits...

9.6CVSS6.4AI score0.00087EPSS

Exploits1References4

OSV•added 2025/12/23 10:51 p.m.•2 views

CVE-2025-68669 5ire vulnerable to Remote Code Execution (RCE) via mermaid

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. In versions 0.15.2 and prior, an RCE vulnerability exists in useMarkdown.ts, where the markdown-it-mermaid plugin is initialized with securityLevel: 'loose'. This configuration explicitly permits...

9.6CVSS6.7AI score0.00087EPSS

Exploits1References6

Fedora•added 2025/11/25 1:42 a.m.•3 views

[SECURITY] Fedora 42 Update: python-mkdocs-include-markdown-plugin-7.2.0-1.fc42

This package provides an Mkdocs Markdown includer plugin...

6.5CVSS6.7AI score0.00116EPSS

Tenable Nessus•added 2025/11/25 12:0 a.m.•1 views

Fedora 43 : python-mkdocs-include-markdown-plugin (2025-1b1bb708af)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-1b1bb708af advisory. v7.2.0 New features - Add new argument order to sort multiple inclusions. v7.1.8 Bug fixes - Escape substitution placeholders to prevent malformed...

6.5CVSS5.6AI score0.00116EPSS

Exploits0References2

Veracode•added 2025/11/13 7:47 a.m.•4 views

Improper Input Validation

mkdocs-include-markdown-plugin is vulnerable to improper input validation. The vulnerability is due to unvalidated input colliding with substitution placeholders, which allows an attacker to manipulate included Markdown content and potentially inject or alter data...

6.5CVSS7AI score0.00116EPSS

Exploits0References6Affected Software1

EUVD•added 2025/11/13 3:23 a.m.•0 views

EUVD-2025-177069

Malicious code in prettier-plugin-markdown-mantle-hermes-geodynamo npm...

EUVD•added 2025/11/13 3:23 a.m.•1 views

EUVD-2025-175760

Malicious code in ursa-protoplanetarydisk-electron-prettier-plugin-markdown npm...

EUVD•added 2025/11/13 3:23 a.m.•1 views

EUVD-2025-178276

Malicious code in jekyll-reveal-md-redgiant-prettier-plugin-markdown npm...

EUVD•added 2025/11/13 3:23 a.m.•2 views

EUVD-2025-176927

Malicious code in publish-jest-sadr-prettier-plugin-markdown npm...

OSSF Malicious Packages•added 2025/11/13 3:23 a.m.•4 views

Malicious code in eclipse-hercules-europa-prettier-plugin-markdown (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 55c819411e05d0061457e9887c6906e3929d2896491c60dcced2f30818f4ef45 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD•added 2025/11/13 3:23 a.m.•1 views

EUVD-2025-179204

Malicious code in eclipse-hercules-europa-prettier-plugin-markdown npm...

EUVD•added 2025/11/13 3:23 a.m.•1 views

EUVD-2025-178187

Malicious code in kinetic-redshift-pino-pretty-prettier-plugin-markdown npm...

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by