CVE-2025-66562

TUUI is a desktop MCP client designed as a tool unitary utility integration. Prior to 1.3.4, a critical Remote Code Execution RCE vulnerability exists in Tuui due to an unsafe Cross-Site Scripting XSS flaw in the Markdown rendering component. Tuui allows the execution of arbitrary JavaScript with...

CVE-2025-66562 TUUI vulnerable to Remote Code Execution (RCE) via XSS in Markdown ECharts Rendering

TUUI is a desktop MCP client designed as a tool unitary utility integration. Prior to 1.3.4, a critical Remote Code Execution RCE vulnerability exists in Tuui due to an unsafe Cross-Site Scripting XSS flaw in the Markdown rendering component. Tuui allows the execution of arbitrary JavaScript with...

CVE-2025-66562

CVE-2025-66562 concerns TUUI, a desktop MCP client. The vulnerability arises from an unsafe Cross-Site Scripting (XSS) in the Markdown rendering component, allowing arbitrary JavaScript execution within ECharts code blocks. When combined with an exposed IPC interface that can spawn processes, an ...

EUVD-2025-201459

TUUI is a desktop MCP client designed as a tool unitary utility integration. Prior to 1.3.4, a critical Remote Code Execution RCE vulnerability exists in Tuui due to an unsafe Cross-Site Scripting XSS flaw in the Markdown rendering component. Tuui allows the execution of arbitrary JavaScript with...

CVE-2025-66562 TUUI vulnerable to Remote Code Execution (RCE) via XSS in Markdown ECharts Rendering

TUUI is a desktop MCP client designed as a tool unitary utility integration. Prior to 1.3.4, a critical Remote Code Execution RCE vulnerability exists in Tuui due to an unsafe Cross-Site Scripting XSS flaw in the Markdown rendering component. Tuui allows the execution of arbitrary JavaScript with...

CVE-2025-66562 TUUI vulnerable to Remote Code Execution (RCE) via XSS in Markdown ECharts Rendering

TUUI is a desktop MCP client designed as a tool unitary utility integration. Prior to 1.3.4, a critical Remote Code Execution RCE vulnerability exists in Tuui due to an unsafe Cross-Site Scripting XSS flaw in the Markdown rendering component. Tuui allows the execution of arbitrary JavaScript with...

PT-2025-49303

TUUI is a desktop MCP client designed as a tool unitary utility integration. Prior to 1.3.4, a critical Remote Code Execution RCE vulnerability exists in Tuui due to an unsafe Cross-Site Scripting XSS flaw in the Markdown rendering component. Tuui allows the execution of arbitrary JavaScript with...

TUUI 代码注入漏洞

TUUI is an MCP client for AIQL open source. A code injection vulnerability exists in TUUI versions prior to 1.3.4, which stems from an insecure cross-site scripting vulnerability in the Markdown rendering component that could lead to remote code execution...

FreeBSD : Gitlab -- vulnerabilities (4530fc9f-cb47-11f0-85d8-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 4530fc9f-cb47-11f0-85d8-2cf05da270f3 advisory. Gitlab reports: Race condition issue in CI/CD cache impacts GitLab CE/EE Denial of Service iss...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview org.webjars.npm:mdast-util-to-hast is a mdast utility to transform to hast Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the class attribute in rendered markdown code elements. An attacker can cause...

Gitlab -- vulnerabilities

Gitlab reports: Race condition issue in CI/CD cache impacts GitLab CE/EE Denial of Service issue in JSON input validation middleware impacts GitLab CE/EE Authentication bypass issue in account registration impacts GitLab CE/EE Denial of Service issue in HTTP response processing impacts GitLab CE/...

Caido 注入漏洞

Caido is an application from Caido open source. Designed to help security professionals and enthusiasts audit web applications efficiently and easily. An injection vulnerability exists in versions prior to Caido 0.53.0 that stems from mishandling of the Markdown renderer, which could result in an...

EUVD-2018-6508

Malware in sbrugna...

EUVD-2024-0116

Malicious code in bioql PyPI...

EUVD-2023-39090

Malicious code in bioql PyPI...

CVE-2025-59053

AIRI is a self-hosted, artificial intelligence based Grok Companion. In v0.7.2-beta.2 in the packages/stage-ui/src/components/MarkdownRenderer.vue path, the Markdown content is processed using the useMarkdown composable, and the processed HTML is rendered directly into the DOM using v-html. An...

CVE-2025-59053 AIRI's character card/chat UI is vulnerable to XSS and can lead to RCE

AIRI is a self-hosted, artificial intelligence based Grok Companion. In v0.7.2-beta.2 in the packages/stage-ui/src/components/MarkdownRenderer.vue path, the Markdown content is processed using the useMarkdown composable, and the processed HTML is rendered directly into the DOM using v-html. An...

CVE-2025-59053

Affected software and version: AIRI v0.7.2-beta.2 (Grok Companion) with vulnerable Markdown rendering in packages/stage-ui/src/components/MarkdownRenderer.vue and insecure MCP command interface. Root cause: Markdown is processed via useMarkdown and rendered with v-html without escaping, enabling ...

CVE-2025-59053 AIRI's character card/chat UI is vulnerable to XSS and can lead to RCE

AIRI is a self-hosted, artificial intelligence based Grok Companion. In v0.7.2-beta.2 in the packages/stage-ui/src/components/MarkdownRenderer.vue path, the Markdown content is processed using the useMarkdown composable, and the processed HTML is rendered directly into the DOM using v-html. An...

PT-2025-37257

Name of the Vulnerable Software and Affected Versions: AIRI versions 0.7.2-beta.2 Description: AIRI is a self-hosted, artificial intelligence based Grok Companion. The application processes Markdown content using the useMarkdown composable and renders it directly into the DOM using v-html. An...