Lucene search
K

7 matches found

CNNVD
CNNVD
added 2026/04/04 12:0 a.m.7 views

Electron 代码问题漏洞

Electron is an open-source JavaScript framework developed by users for creating cross-platform desktop applications. This framework is based on Node.js and Chromium, allowing the development of cross-platform desktop applications using HTML and CSS. There were code-related vulnerabilities in...

7.8CVSS5.9AI score0.0013EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/03 11:44 p.m.19 views

CVE-2026-34768 Electron: Unquoted executable path in app.setLoginItemSettings on Windows

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, on Windows, app.setLoginItemSettingsopenAtLogin: true wrote the executable path to the Run registry key without quoting. If the app ...

3.9CVSS0.0013EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/03 11:44 p.m.3 views

CVE-2026-34768 Electron: Unquoted executable path in app.setLoginItemSettings on Windows

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, on Windows, app.setLoginItemSettingsopenAtLogin: true wrote the executable path to the Run registry key without quoting. If the app ...

3.9CVSS5.7AI score0.0013EPSS
Exploits0References1
CVE
CVE
added 2026/04/03 11:44 p.m.25 views

CVE-2026-34768

CVE-2026-34768 affects Electron on Windows prior to 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8. The flaw: app.setLoginItemSettings({openAtLogin: true}) writes the executable path to the Run registry key without quotes. If the installation path contains spaces and an attacker can write to a directo...

7.8CVSS5.8AI score0.0013EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/04/03 2:38 a.m.2 views

GHSA-JFQX-FXH3-C62J Electron: Unquoted executable path in app.setLoginItemSettings on Windows

Impact On Windows, app.setLoginItemSettingsopenAtLogin: true wrote the executable path to the Run registry key without quoting. If the app is installed to a path containing spaces, an attacker with write access to an ancestor directory may be able to cause a different executable to run at login...

3.9CVSS5.9AI score0.0013EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/03 2:38 a.m.15 views

Electron: Unquoted executable path in app.setLoginItemSettings on Windows

Impact On Windows, app.setLoginItemSettingsopenAtLogin: true wrote the executable path to the Run registry key without quoting. If the app is installed to a path containing spaces, an attacker with write access to an ancestor directory may be able to cause a different executable to run at login...

7.8CVSS5.8AI score0.0013EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.6 views

PT-2026-29998

Impact On Windows, app.setLoginItemSettingsopenAtLogin: true wrote the executable path to the Run registry key without quoting. If the app is installed to a path containing spaces, an attacker with write access to an ancestor directory may be able to cause a different executable to run at login...

3.9CVSS5.9AI score0.0013EPSS
Exploits0References4
Rows per page
Query Builder