CVE-2026-45745

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Starting in version 1.7.0, Termix Desktop Electron disables TLS certificate validation, allowing a machine-in-the-middle attacker to intercept and modify HTTPS traffic to the configured...

PT-2026-36859

Name of the Vulnerable Software and Affected Versions Notesnook Web/Desktop versions prior to 3.3.15 Notesnook iOS/Android versions prior to 3.3.20 Description A stored Cross-Site Scripting XSS issue exists in the note export flow. The problem occurs because exported note fields, including title,...

CVE-2026-33334

Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper enables nodeIntegration in the renderer process without contextIsolation or sandbox. This means any cross-site scripting XSS vulnerability in...

CVE-2025-14498

CVE-2025-14498 affects TradingView Desktop (Electron) due to an unsecured script loading location in the Electron framework, enabling local privilege escalation via an uncontrolled search path. The root cause is a misconfiguration that allows a low-privilege attacker who can run code on the targe...

PT-2025-50560

Name of the Vulnerable Software and Affected Versions TradingView Desktop affected versions not specified Description A local privilege escalation issue exists in TradingView Desktop due to an uncontrolled search path within the Electron framework. An attacker with low-privileged code execution c...