9 matches found
Electron 代码问题漏洞
Electron is an open-source JavaScript framework developed by users for creating cross-platform desktop applications. This framework is based on Node.js and Chromium, allowing the development of cross-platform desktop applications using HTML and CSS. There were code-related vulnerabilities in...
CVE-2026-34768 Electron: Unquoted executable path in app.setLoginItemSettings on Windows
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, on Windows, app.setLoginItemSettingsopenAtLogin: true wrote the executable path to the Run registry key without quoting. If the app ...
CVE-2026-34768
CVE-2026-34768 affects Electron on Windows prior to 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8. The flaw: app.setLoginItemSettings({openAtLogin: true}) writes the executable path to the Run registry key without quotes. If the installation path contains spaces and an attacker can write to a directo...
EUVD-2026-18935
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, on Windows, app.setLoginItemSettingsopenAtLogin: true wrote the executable path to the Run registry key without quoting. If the app ...
CVE-2026-34768 Electron: Unquoted executable path in app.setLoginItemSettings on Windows
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, on Windows, app.setLoginItemSettingsopenAtLogin: true wrote the executable path to the Run registry key without quoting. If the app ...
GHSA-JFQX-FXH3-C62J Electron: Unquoted executable path in app.setLoginItemSettings on Windows
Impact On Windows, app.setLoginItemSettingsopenAtLogin: true wrote the executable path to the Run registry key without quoting. If the app is installed to a path containing spaces, an attacker with write access to an ancestor directory may be able to cause a different executable to run at login...
Electron: Unquoted executable path in app.setLoginItemSettings on Windows
Impact On Windows, app.setLoginItemSettingsopenAtLogin: true wrote the executable path to the Run registry key without quoting. If the app is installed to a path containing spaces, an attacker with write access to an ancestor directory may be able to cause a different executable to run at login...
PT-2026-29998
Impact On Windows, app.setLoginItemSettingsopenAtLogin: true wrote the executable path to the Run registry key without quoting. If the app is installed to a path containing spaces, an attacker with write access to an ancestor directory may be able to cause a different executable to run at login...
TAU Threat Intelligence Notification – WindTail (OSX)
Summary Dark Matter researcher Taha Karim recently presented his research on the APT group WindShift at Hack in the Box Singapore. This group primarily focuses on highly targeted campaigns directed toward Middle Eastern government and commercial entities. One of the custom macOS backdoors employe...