CVE-2026-34772

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that allow downloads and programmatically destroy sessions may be vulnerable to a use-after-free. If a session is torn down whi...

CVE-2026-34772

CVE-2026-34772 – Electron Use-After-Free in download save dialog callback . The issue affects Electron applications that allow downloads and programmatically destroy sessions. If the session is torn down while a native save-file dialog for a download is open, dismissing the dialog may dereference...

CVE-2026-34772 Electron: Use-after-free in download save dialog callback

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that allow downloads and programmatically destroy sessions may be vulnerable to a use-after-free. If a session is torn down whi...

CVE-2026-34772

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that allow downloads and programmatically destroy sessions may be vulnerable to a use-after-free. If a session is torn down whi...

CVE-2026-34772 Electron: Use-after-free in download save dialog callback

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that allow downloads and programmatically destroy sessions may be vulnerable to a use-after-free. If a session is torn down whi...

Electron: Use-after-free in download save dialog callback

Impact Apps that allow downloads and programmatically destroy sessions may be vulnerable to a use-after-free. If a session is torn down while a native save-file dialog is open for a download, dismissing the dialog dereferences freed memory, which may lead to a crash or memory corruption. Apps tha...

Use After Free

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Use After Free in the download save dialog callback process. An attacker can cause a crash or memory...

GHSA-9W97-2464-8783 Electron: Use-after-free in download save dialog callback

Impact Apps that allow downloads and programmatically destroy sessions may be vulnerable to a use-after-free. If a session is torn down while a native save-file dialog is open for a download, dismissing the dialog dereferences freed memory, which may lead to a crash or memory corruption. Apps tha...

EUVD-2026-18943

Electron: Use-after-free in download save dialog callback...

Use After Free

Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Use After Free in the download save dialog callback process. An attacker can cause a crash or memory corruption by triggeri...

PT-2026-30002

Impact Apps that allow downloads and programmatically destroy sessions may be vulnerable to a use-after-free. If a session is torn down while a native save-file dialog is open for a download, dismissing the dialog dereferences freed memory, which may lead to a crash or memory corruption. Apps tha...

Astra Linux – Vulnerability in Chromium

The use of free after WindowDialog in Google Chrome before version 146.0.7680.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page. Chromium security severity: High...

CVE-2019-25655 Device Monitoring Studio 8.10.00.8925 Denial of Service

Device Monitoring Studio 8.10.00.8925 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the server connection dialog. Attackers can trigger the crash by entering a malformed server name or address containing...

CVE-2019-25655

CVE-2019-25655 affects Device Monitoring Studio 8.10.00.8925 and is a Denial of Service vulnerability. The issue arises when a user provides an excessively long string to the server connection dialog, specifically by entering a malformed server name or address containing repeated characters via T...

PT-2026-29011

Name of the Vulnerable Software and Affected Versions Device Monitoring Studio version 8.10.00.8925 Description A denial of service issue exists that allows local attackers to crash the application by providing a long string to the server connection dialog. Attackers can trigger this by entering ...

HDD Device Monitoring Studio 安全漏洞

HDD Device Monitoring Studio is a device communication monitoring and debugging tool developed by the American company HDD. Version 8.10.00.8925 of HDD Device Monitoring Studio contains a security vulnerability. This vulnerability stems from a denial-of-service vulnerability in the server...

EUVD-2018-21692

PDF Explorer 1.5.66.2 contains a structured exception handler SEH overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH records with malicious data. Attackers can craft a payload with buffer overflow, NSEH jump, and ROP gadget chains that execute when the...

CVE-2026-32367

Improper Control of Generation of Code 'Code Injection' vulnerability in Yannick Lefebvre Modal Dialog modal-dialog allows Remote Code Inclusion.This issue affects Modal Dialog: from n/a through = 3.5.16...

CVE-2019-25484

WinMPG iPod Convert 3.0 contains a buffer overflow vulnerability in the Register dialog that allows local attackers to crash the application by supplying an oversized payload. Attackers can paste a large string of characters into the User Name and User Code field to trigger a denial of service...

CVE-2018-25217

PDF Explorer 1.5.66.2 contains a structured exception handler SEH overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH records with malicious data. Attackers can craft a payload with buffer overflow, NSEH jump, and ROP gadget chains that execute when the...