exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 2

CVE-2026-23733

21 день назад

LobeChat is an open source chat application platform. Prior to version 2.0.0-next.180, a stored Cross-Site Scripting (XSS) vulnerability in the Mermaid artifact renderer allows attackers to execute arbitrary JavaScript within the application context. This XSS can be escalated to Remote Code Execution (RCE) by leveraging the exposed `electronAPI` IPC bridge, allowing attackers to run arbitrary system commands on the victim's machine. Version 2.0.0-next.180 patches the issue.

CVSS3: 6.4

EPSS: Низкий

GHSA-4gpc-rhpj-9443

20 дней назад

Lobe Chat affected by Cross-Site Scripting(XSS) that can escalate to Remote Code Execution(RCE)

CVSS3: 9.6

EPSS: Низкий

Уязвимостей на страницу

	Уязвимость	CVSS	EPSS	Опубликовано
	CVE-2026-23733 LobeChat is an open source chat application platform. Prior to version 2.0.0-next.180, a stored Cross-Site Scripting (XSS) vulnerability in the Mermaid artifact renderer allows attackers to execute arbitrary JavaScript within the application context. This XSS can be escalated to Remote Code Execution (RCE) by leveraging the exposed `electronAPI` IPC bridge, allowing attackers to run arbitrary system commands on the victim's machine. Version 2.0.0-next.180 patches the issue.	CVSS3: 6.4	0% Низкий	21 день назад
	GHSA-4gpc-rhpj-9443 Lobe Chat affected by Cross-Site Scripting(XSS) that can escalate to Remote Code Execution(RCE)	CVSS3: 9.6	0% Низкий	20 дней назад

Уязвимостей на страницу