Lucene search
K

8 matches found

NVD
NVD
added 2026/06/29 6:16 a.m.9 views

CVE-2026-13534

A vulnerability was detected in CherryHQ cherry-studio up to 1.9.7. This affects the function sha256 of the file src/main/services/memory/MemoryService.ts of the component CherryIN Preload API. Performing a manipulation of the argument state results in authorization bypass. The attack can be...

5CVSS0.00199EPSS
Exploits0References7
CVE
CVE
added 2026/06/29 4:15 a.m.20 views

CVE-2026-13534

CherryHQ cherry-studio (up to v1.9.7) contains a memory-access issue in the CherryIN Preload API component: MemoryService.ts sha256 function. According to the CVE entry, manipulating the argument state can bypass authorization, and the attack can be initiated remotely with high complexity; exploi...

5CVSS5.4AI score0.00199EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/29 4:15 a.m.8 views

CVE-2026-13534

A vulnerability was detected in CherryHQ cherry-studio up to 1.9.7. This affects the function sha256 of the file src/main/services/memory/MemoryService.ts of the component CherryIN Preload API. Performing a manipulation of the argument state results in authorization bypass. The attack can be...

5CVSS5.4AI score0.00199EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2026/06/29 4:15 a.m.39 views

CVE-2026-13534 CherryHQ cherry-studio CherryIN Preload API MemoryService.ts sha256 authorization

A vulnerability was detected in CherryHQ cherry-studio up to 1.9.7. This affects the function sha256 of the file src/main/services/memory/MemoryService.ts of the component CherryIN Preload API. Performing a manipulation of the argument state results in authorization bypass. The attack can be...

5CVSS0.00199EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/14 2:51 p.m.7 views

CVE-2026-44482

soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Last.fm and AdBlock support. Prior to 0.1.8, a track title containing an HTML payload executed locally in the Electron app. This means attacker-controlled SoundCloud track metadata can lead to local command execution on...

9.6CVSS6AI score0.00336EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/14 2:51 p.m.17 views

CVE-2026-44482

CVE-2026-44482 affects the SoundCloud Client app (soundcloud-rpc) built on Electron. Before 0.1.8, a track title could contain an HTML payload that, via the preload API window.soundcloudAPI.sendTrackUpdate and IPC to the Electron main process, is rendered as raw HTML in privileged views with Node...

9.6CVSS6AI score0.00336EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/14 2:51 p.m.9 views

CVE-2026-44482 soundcloud-rpc: Remote Code Execution via XSS in Track Title

soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Last.fm and AdBlock support. Prior to 0.1.8, a track title containing an HTML payload executed locally in the Electron app. This means attacker-controlled SoundCloud track metadata can lead to local command execution on...

9.6CVSS6AI score0.00336EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/05/06 6:13 p.m.10 views

CVE-2026-8014

Inappropriate implementation in Preload in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.8AI score0.00163EPSS
Exploits0
Rows per page
Query Builder