CVE-2026-34774

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 39.8.1, 40.7.0, and 41.0.0, apps that use offscreen rendering and allow child windows via window.open may be vulnerable to a use-after-free. If the parent offscreen WebContent...

CVE-2026-34771

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that register an asynchronous session.setPermissionRequestHandler may be vulnerable to a use-after-free when handling fullscree...

GHSA-JFQG-HF23-QPW2 Electron: Context Isolation bypass via contextBridge VideoFrame transfer

Impact Apps that pass VideoFrame objects from the WebCodecs API across the contextBridge are vulnerable to a context isolation bypass. An attacker who can execute JavaScript in the main world for example, via XSS can use a bridged VideoFrame to gain access to the isolated world, including any...

Cisco Webex Meetings Scheduled Meeting Template Creation Vulnerability

Cisco Webex Meetings provides affordable enterprise virtual meeting solutions. A scheduled meeting template creation vulnerability exists in Cisco Webex Meetings versions prior to 40.7.0. The vulnerability stems from insufficient execution of authorization for scheduled meeting template creation...

Cisco Webex Meetings Information Disclosure Vulnerability (CNVD-2020-44860)

Cisco Webex Meetings is a set of video conferencing solutions from Cisco USA. An information disclosure vulnerability exists in the Contacts feature in Cisco Webex Meetings versions prior to 40.7.0, which stems from the program failing to perform proper access control when a user is added to a us...