3 matches found
CVE-2026-40501
Cherry Studio versions 1.2.2 through 1.9.12, fixed in commit 1518530, contain a remote code execution vulnerability in SearchService that allows remote attackers to execute arbitrary code by delivering malicious JavaScript through controlled search provider content loaded into an Electron...
CVE-2026-40501
Cherry Studio versions 1.2.2–1.9.12 contain a remote code execution vulnerability in the SearchService due to a nodeIntegration misconfiguration. When an Electron BrowserWindow is created with nodeIntegration enabled and contextIsolation disabled, control over search provider content (provided by...
Joplin Vulnerable to Cross-site Scripting in Note Content
Joplin version prior to 1.0.90 contains a Cross-site Scripting XSS evolving into code execution due to enabled nodeIntegration for that particular BrowserWindow instance where XSS was identified from vulnerability in Note content field - information on the fix can be found here...