Lucene search
+L
ThinkinaiDeepchat

5 matches found

cve
cve
added 2025/08/19 6:26 p.m.33 views

CVE-2025-55733

DeepChat (prior to version 0.3.1) is affected by a remote code execution flaw that is triggered by embedding a specially crafted deepchat: URL on any website. When a user visits the site or clicks the link, the browser invokes the DeepChat app’s custom URL handler, which launches the application ...

9.6CVSS7.8AI score0.00634EPSS
cve
cve
added 2025/12/16 12:42 a.m.23 views

CVE-2025-67744

DeepChat prior to 0.5.3 is affected by a Mermaid diagram rendering vulnerability that allows arbitrary JavaScript execution. The issue arises from the Electron IPC renderer being exposed to the DOM, enabling a Cross-Site Scripting (XSS) flaw that can escalate to Remote Code Execution (RCE) and al...

9.6CVSS6.5AI score0.00536EPSS
cve
cve
added 2025/12/09 12:25 a.m.22 views

CVE-2025-66481

CVE-2025-66481 concerns DeepChat, an open-source AI chat platform. Affected versions: 0.5.1 and earlier. The vulnerability stems from improper sanitization of Mermaid content, making it susceptible to cross-site scripting (XSS). The security patch for MermaidArtifact.vue is insufficient and can b...

9.6CVSS6.3AI score0.0049EPSS
cve
cve
added 2025/09/09 8:19 p.m.21 views

CVE-2025-58768

CVE-2025-58768 affects DeepChat prior to version 0.3.5, specifically in the Mermaid chart rendering component where user content is directly written via innerHTML. This creates an XSS vulnerability that can trigger an exploit chain, potentially allowing arbitrary JavaScript execution and arbitrar...

9.6CVSS6.6AI score0.00558EPSS
cve
cve
added 2025/12/03 6:34 p.m.19 views

CVE-2025-66222

DeepChat (0.5.0 and earlier) is affected by a Stored XSS in the Mermaid diagram renderer, exploitable via the Electron IPC bridge to escalate to RCE by starting a malicious MCP server. Affected product/version: DeepChat prior to 0.5.0. Root cause: XSS within Mermaid rendering allows arbitrary Jav...

9.6CVSS5.2AI score0.00518EPSS