Lucene search
K

1540 matches found

Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.3 views

PT-2026-31500

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.55 Description A flaw in Google Chrome's fullscreen mode allowed an attacker to perform UI spoofing using a specially crafted HTML page. This could potentially trick users into interacting with a fake...

9.6CVSS5.8AI score0.00608EPSS
Exploits0References66
NVD
NVD
added 2026/04/04 12:16 a.m.2 views

CVE-2026-34777

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, when an iframe requests fullscreen, pointerLock, keyboardLock, openExternal, or media permissions, the origin passed to...

5.4CVSS0.00122EPSS
Exploits0References1
NVD
NVD
added 2026/04/04 12:16 a.m.5 views

CVE-2026-34771

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that register an asynchronous session.setPermissionRequestHandler may be vulnerable to a use-after-free when handling fullscree...

8.8CVSS0.00287EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/03 11:57 p.m.2 views

CVE-2026-34777

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, when an iframe requests fullscreen, pointerLock, keyboardLock, openExternal, or media permissions, the origin passed to...

5.4CVSS5.8AI score0.00122EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/03 11:47 p.m.1 views

CVE-2026-34771

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that register an asynchronous session.setPermissionRequestHandler may be vulnerable to a use-after-free when handling fullscree...

8.8CVSS5.8AI score0.00287EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/03 11:47 p.m.21 views

CVE-2026-34771 Electron: Use-after-free in WebContents fullscreen, pointer-lock, and keyboard-lock permission callbacks

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that register an asynchronous session.setPermissionRequestHandler may be vulnerable to a use-after-free when handling fullscree...

7.5CVSS0.00287EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/03 11:47 p.m.5 views

CVE-2026-34771 Electron: Use-after-free in WebContents fullscreen, pointer-lock, and keyboard-lock permission callbacks

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that register an asynchronous session.setPermissionRequestHandler may be vulnerable to a use-after-free when handling fullscree...

7.5CVSS5.8AI score0.00287EPSS
Exploits0References1
CVE
CVE
added 2026/04/03 11:47 p.m.16 views

CVE-2026-34771

CVE-2026-34771 concerns Electron: use-after-free in WebContents when an asynchronous permission request handler is registered and a frame navigates or a window closes while a permission callback is pending for fullscreen, pointer-lock, or keyboard-lock requests. The issue affects apps that regist...

8.8CVSS5.8AI score0.00287EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/03 2:44 a.m.3 views

GHSA-R5P7-GP4J-QHRX Electron: Incorrect origin passed to permission request handler for iframe requests

Impact When an iframe requests fullscreen, pointerLock, keyboardLock, openExternal, or media permissions, the origin passed to session.setPermissionRequestHandler was the top-level page's origin rather than the requesting iframe's origin. Apps that grant permissions based on the origin parameter ...

5.4CVSS5.9AI score0.00122EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/03 2:40 a.m.5 views

Use After Free

Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Use After Free via the session.setPermissionRequestHandler process. An attacker can cause a crash or memory corruption by...

8.8CVSS5.9AI score0.00287EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/03 2:40 a.m.8 views

EUVD-2026-18941

Electron: Use-after-free in WebContents fullscreen, pointer-lock, and keyboard-lock permission callbacks...

7.5CVSS5.9AI score0.00287EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/03 2:40 a.m.4 views

Use After Free

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Use After Free via the session.setPermissionRequestHandler process. An attacker can cause a crash or memory...

8.8CVSS5.9AI score0.00287EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/03 2:40 a.m.5 views

Electron: Use-after-free in WebContents fullscreen, pointer-lock, and keyboard-lock permission callbacks

Impact Apps that register an asynchronous session.setPermissionRequestHandler may be vulnerable to a use-after-free when handling fullscreen, pointer-lock, or keyboard-lock permission requests. If the requesting frame navigates or the window closes while the permission handler is pending, invokin...

8.8CVSS5.8AI score0.00287EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/03 2:40 a.m.1 views

GHSA-8337-3P73-46F4 Electron: Use-after-free in WebContents fullscreen, pointer-lock, and keyboard-lock permission callbacks

Impact Apps that register an asynchronous session.setPermissionRequestHandler may be vulnerable to a use-after-free when handling fullscreen, pointer-lock, or keyboard-lock permission requests. If the requesting frame navigates or the window closes while the permission handler is pending, invokin...

7.5CVSS5.9AI score0.00287EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.2 views

PT-2026-30007

Impact When an iframe requests fullscreen, pointerLock, keyboardLock, openExternal, or media permissions, the origin passed to session.setPermissionRequestHandler was the top-level page's origin rather than the requesting iframe's origin. Apps that grant permissions based on the origin parameter ...

5.4CVSS5.9AI score0.00122EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.4 views

PT-2026-30001

Impact Apps that register an asynchronous session.setPermissionRequestHandler may be vulnerable to a use-after-free when handling fullscreen, pointer-lock, or keyboard-lock permission requests. If the requesting frame navigates or the window closes while the permission handler is pending, invokin...

7.5CVSS5.9AI score0.00287EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/02 12:0 a.m.6 views

PT-2026-38110

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.96 Description A use after free issue in Fullscreen on Windows allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Use...

9.6CVSS5.8AI score0.00344EPSS
Exploits0References138
RedhatCVE
RedhatCVE
added 2026/01/23 9:17 p.m.6 views

CVE-2025-47666

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup Image FullScreen Background lbgfullscreenfullwidthslider allows Reflected XSS.This issue affects Image FullScreen Background: from n/a through = 1.6.7...

7.1CVSS5.4AI score0.00263EPSS
Exploits0References1
NVD
NVD
added 2026/01/22 5:15 p.m.4 views

CVE-2025-47666

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup Image&Video FullScreen Background lbgfullscreenfullwidthslider allows Reflected XSS.This issue affects Image&Video FullScreen Background: from n/a through = 1.6.7...

7.1CVSS0.00263EPSS
Exploits0References1
CVE
CVE
added 2026/01/22 4:51 p.m.10 views

CVE-2025-47666

CVE-2025-47666 is a reflected Cross-Site Scripting vulnerability in LambertGroup Image&Video FullScreen Background (lbg_fullscreen_fullwidth_slider) affecting versions through 1.6.7. The issue, described in multiple sources, arises from improper input neutralization during web page generation and...

7.1CVSS5.4AI score0.00263EPSS
Exploits0References1
Rows per page
Query Builder