CVE-2026-34778

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, a service worker running in a session could spoof reply messages on the internal IPC channel used by webContents.executeJavaScript and...

CVE-2026-34778

Electron: Service worker spoof IPC replies flaw allows a session service worker to spoof internal IPC replies used by webContents.executeJavaScript, causing the main-process promise to resolve with attacker-controlled data. Affected only if service workers are registered and the result of execute...

CVE-2026-34776 Electron: Out-of-bounds read in second-instance IPC on macOS and Linux

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, on macOS and Linux, apps that call app.requestSingleInstanceLock were vulnerable to an out-of-bounds heap read when parsing a crafted...

Insufficient Verification of Data Authenticity

Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the webContents.executeJavaScript function. An attacker can manipulate t...

Insufficient Verification of Data Authenticity

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the webContents.executeJavaScript function. An attacker...

GHSA-XJ5X-M3F3-5X3H Electron: Service worker can spoof executeJavaScript IPC replies

Impact A service worker running in a session could spoof reply messages on the internal IPC channel used by webContents.executeJavaScript and related methods, causing the main-process promise to resolve with attacker-controlled data. Apps are only affected if they have service workers registered...

CVE-2026-4722

Privilege escalation in the IPC component. This vulnerability was fixed in Firefox 149 and Thunderbird 149...

UBUNTU-CVE-2026-4722

Privilege escalation in the IPC component. This vulnerability was fixed in Firefox 149 and Thunderbird 149...

CVE-2026-4722

Privilege escalation in the IPC component. This vulnerability was fixed in Firefox 149 and Thunderbird 149...

CVE-2026-29111

A flaw was found in systemd, a system and service manager. An unprivileged user can exploit this vulnerability by making an Inter-Process Communication IPC API call with spurious data. In older versions v249 and earlier, this can lead to stack overwriting with attacker-controlled content,...

CVE-2026-29111 systemd: Local unprivileged user can trigger an assert

systemd, a system and service manager, as PID 1 hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this i...

CVE-2026-29111 systemd: Local unprivileged user can trigger an assert

systemd, a system and service manager, as PID 1 hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this i...

CVE-2026-4476 Yi Technology YI Home Camera CGI Endpoint ipc missing authentication

A vulnerability was found in Yi Technology YI Home Camera 2 2.1.120171024151200. The impacted element is an unknown function of the file home/web/ipc of the component CGI Endpoint. Performing a manipulation results in missing authentication. Access to the local network is required for this attack...

Trend Micro Apex One Security Agent iCore Service Origin Validation Error Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

CVE-2026-25087

Use After Free vulnerability in Apache Arrow C++. This issue affects Apache Arrow C++ from 15.0.0 through 23.0.0. It can be triggered when reading an Arrow IPC file but not an IPC stream with pre-buffering enabled, if the IPC file contains data with variadic buffers such as Binary View and String...

PT-2026-20319

Name of the Vulnerable Software and Affected Versions Apache Arrow C++ versions 15.0.0 through 23.0.0 Description A use-after-free issue exists in Apache Arrow C++ when reading an Arrow IPC file with pre-buffering enabled, if the file contains data with variadic buffers like Binary View and Strin...

firefox: thunderbird: Use-after-free in the IPC component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the IPC component...

firefox: thunderbird: Use-after-free in the IPC component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the IPC component...

firefox: thunderbird: Use-after-free in the IPC component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the IPC component...

firefox: thunderbird: Use-after-free in the IPC component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the IPC component...