314 matches found
Microsoft Azure IoT Explorer ๅฎๅ จๆผๆด
Microsoft Azure IoT Explorer is a free and open-source desktop application developed by Microsoft Corporation. There are security vulnerabilities present in Microsoft Azure IoT Explorer. Attackers can exploit these vulnerabilities to obtain sensitive information...
CVE-2026-1628 Mattermost allows external websites to open within the app, exposing preload functionality to non-trusted sites.
Mattermost Desktop App versions =5.13.3 fail to attach listeners restricting navigation to external sites within the Mattermost app which allows a malicious server to expose preload script functionality to untrusted servers via having a user open an external link in their Mattermost server...
PT-2026-22584
Mattermost Desktop App versions =5.13.3 fail to attach listeners restricting navigation to external sites within the Mattermost app which allows a malicious server to expose preload script functionality to untrusted servers via having a user open an external link in their Mattermost server...
CVE-2026-1046
Mattermost Desktop App versions =6.0 6.2.0 5.2.13.0 fail to validate help links which allows a malicious Mattermost server to execute arbitrary executables on a userโs system via the user clicking on certain items in the Help menu Mattermost Advisory ID: MMSA-2026-00577...
CVE-2026-0534 Stored XSS in the value of a part attribute
A maliciously crafted HTML payload, stored in a partโs attribute and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the...
CVE-2026-0534 Stored XSS in the value of a part attribute
A maliciously crafted HTML payload, stored in a partโs attribute and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the...
Eigent ไปฃ็ ๆณจๅ ฅๆผๆด
Eigent is a multi-agent workflow desktop application open-sourced by Eigent AI. Eigent suffers from a code injection vulnerability that stems from a CI workflow using the pullrequesttarget trigger and checking out untrusted PR code, which could lead to arbitrary code execution...
CVE-2019-7365
DLL preloading vulnerability in Autodesk Desktop Application versions 7.0.16.29 and earlier. An attacker may trick a user into downloading a malicious DLL file into the working directory, which may then leverage a DLL preloading vulnerability and execute code on the system...
CVE-2025-14408
Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must...
PT-2025-51855
Mattermost Desktop App versions 6.0.0 fail to enable the Hardened Runtime on the Mattermost Desktop App when packaged for Mac App Store which allows an attacker to inherit TCC permissions via copying the binary to a tmp folder...
๐ Figma Desktop Application 125.6.5 Remote Code Execution
Figma Desktop Application version 125.6.5 proof of concept remote code execution exploit that leverages the plugin manifest. ============================================================================================================================================= | Title : Figma Desktop...
CVE-2025-54158
Missing authentication for critical function vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows local users to execute arbitrary code via unspecified vectors...
EUVD-2025-201163
Origin validation error vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.3-13973 allows local users to write arbitrary files with non-sensitive information via unspecified vectors...
Lenovo App Store ๅฎๅ จๆผๆด
Lenovo App Store is a desktop application from the Chinese company Lenovo Lenovo. A security vulnerability exists in Lenovo App Store that stems from improper permissions and could lead to code execution...
CVE-2025-56801
The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector IV in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration data. NOTE: the Supplier's position is that...
CVE-2025-56802
The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56801. NOTE: the Supplier's position is...
CVE-2025-56799
Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism via a crafted folder name. NOTE: this is disputed by the Supplier because a crafted folder name would arise only if the local user were attacking himself...
Unspecified Vulnerability in Adobe Creative Cloud Desktop
Adobe Creative Cloud Desktop is a suite of applications for managing applications and services in the Creative Cloud Member Management Center from the American company Audobee Adobe. The program supports synchronizing and sharing files, managing fonts, and accessing asset libraries for commercial...
CVE-2025-56802
The connected Red Hat and NVD entries confirm CVE-2025-56802 affects the Reolink desktop application and centers on a hard-coded and predictable AES encryption key used to encrypt user configuration files. This allows attackers with local access to decrypt sensitive data stored in %APPDATA%. The ...
EUVD-2025-35237
Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism via a crafted folder name...