CVE-2026-34774

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 39.8.1, 40.7.0, and 41.0.0, apps that use offscreen rendering and allow child windows via window.open may be vulnerable to a use-after-free. If the parent offscreen WebContent...

CVE-2026-34777 Electron: Incorrect origin passed to permission request handler for iframe requests

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, when an iframe requests fullscreen, pointerLock, keyboardLock, openExternal, or media permissions, the origin passed to...

CVE-2026-34771

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that register an asynchronous session.setPermissionRequestHandler may be vulnerable to a use-after-free when handling fullscree...

CVE-2026-34768

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, on Windows, app.setLoginItemSettingsopenAtLogin: true wrote the executable path to the Run registry key without quoting. If the app ...

GHSA-JFQG-HF23-QPW2 Electron: Context Isolation bypass via contextBridge VideoFrame transfer

Impact Apps that pass VideoFrame objects from the WebCodecs API across the contextBridge are vulnerable to a context isolation bypass. An attacker who can execute JavaScript in the main world for example, via XSS can use a bridged VideoFrame to gain access to the isolated world, including any...

CVE-2025-29093

File Upload vulnerability in Motivian Content Mangment System v.41.0.0 allows a remote attacker to execute arbitrary code via the Content/Gallery/Images component...

Motivian Content Mangment System 安全漏洞

Motivian Content Mangment System is a content management system from Motivian, Inc. A security vulnerability exists in Motivian Content Mangment System version v.41.0.0, which originates in the file upload feature and could lead to remote execution of arbitrary code...

Motivian Content Mangment System 安全漏洞

Motivian Content Mangment System is a content management system from Motivian, Inc. A security vulnerability exists in Motivian Content Mangment System version v.41.0.0, which stems from a cross-site scripting vulnerability that could lead to remote execution of arbitrary code...

📄 Motivian Content Management System 41.0.0 Cross Site Scripting

Motivian Content Management System version 41.0.0 suffers from multiple cross site scripting vulnerabilities. CVE-2025-29094-Multiple-Stored-Cross-Site-Scripting-XSS This repository reveals a security vulnerability discovered in Motivian Content Management System v.41.0.0. - CVE-2025-29094:...

changed-files Security Vulnerabilities

changed-files is used to keep track of the relative paths returned from the project root for all changed files and directories associated with the target branch, previous commits, or the last remote commit. A security vulnerability exists in changed-files versions prior to 41.0.0, which stems fro...

PT-2023-31875 · Github · Tj-Actions/Changed-Files

Name of the Vulnerable Software and Affected Versions: tj-actions/changed-files versions prior to 41.0.0 Description: The tj-actions/changed-files workflow allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. This issue ma...