Lucene search
+L

4 matches found

cvelist
cvelist
added 2026/06/09 1:23 p.m.32 views

CVE-2026-47899 Arbitrary File Read, Write, Rename, and Delete in Logseq

The Electron preload script in Logseq exposes an API method that allows the renderer process to invoke IPC handlers without proper path validation. An attacker with JavaScript execution in the renderer e.g. via XSS or a malicious plugin, can read, write, or delete arbitrary files on the user's...

8.7CVSS0.00137EPSS
Exploits0References2
euvd
euvd
added 2026/06/09 1:23 p.m.12 views

EUVD-2026-35436

The Electron preload script in Logseq exposes an API method that allows the renderer process to invoke IPC handlers without proper path validation. An attacker with JavaScript execution in the renderer e.g. via XSS or a malicious plugin, can read, write, or delete arbitrary files on the user's...

8.7CVSS5.8AI score0.0027EPSS
Exploits0References2
osv
osv
added 2026/06/09 1:23 p.m.4 views

CVE-2026-47899 Arbitrary File Read, Write, Rename, and Delete in Logseq

The Electron preload script in Logseq exposes an API method that allows the renderer process to invoke IPC handlers without proper path validation. An attacker with JavaScript execution in the renderer e.g. via XSS or a malicious plugin, can read, write, or delete arbitrary files on the user's...

8.7CVSS6.2AI score0.0027EPSS
Exploits0References5
euvd
euvd
added 2026/05/14 2:51 p.m.14 views

EUVD-2026-30300

soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Last.fm and AdBlock support. Prior to 0.1.8, a track title containing an HTML payload executed locally in the Electron app. This means attacker-controlled SoundCloud track metadata can lead to local command execution on...

9.6CVSS6AI score0.00336EPSS
Exploits0References1
Rows per page
Query Builder