Lucene search
K

158 matches found

CVE
CVE
added 2018/06/26 4:0 p.m.41 views

CVE-2018-1000543

CVE-2018-1000543 affects Akiee version 0.0.3. The vulnerability is a cross-site scripting flaw in the Details of a task, caused by an unvalidated node integration context that can lead to arbitrary code execution. Multiple sources (CNVD-2018-12808, NVD entry) describe exploitation via a crafted m...

6.1CVSS6.4AI score0.01203EPSS
Exploits1References1Affected Software1
The Hacker News
The Hacker News
added 2018/05/14 9:46 a.m.2 views

Simple bug could lead to RCE flaw on apps built with Electron Framework

A critical remote code execution vulnerability has been discovered in the popular Electron web application framework that could allow attackers to execute malicious code on victims' computers. Electron is an open source app development framework that powers thousands of widely-used desktop...

8.1CVSS8.1AI score0.05259EPSS
Exploits1
OSV
OSV
added 2018/03/26 4:41 p.m.4 views

GHSA-8XWG-WV7V-4VQP Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration

A vulnerability has been discovered which allows Node.js integration to be re-enabled in some Electron applications that disable it. For the application to be impacted by this vulnerability it must meet all of these conditions - Runs on Electron 1.7, 1.8, or a 2.0.0-beta - Allows execution of...

8.1CVSS6.1AI score0.05259EPSS
Exploits1References10
OSV
OSV
added 2018/03/23 7:29 p.m.31 views

CVE-2018-1000136

Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0.0-beta.3 contains an improper handling of values vulnerability in Webviews that can result in remote code execution. This attack appear to be exploitable via an app which allows execution of 3rd party code AND disallows node...

8.1CVSS8.8AI score0.05259EPSS
Exploits1References2
CVE
CVE
added 2018/03/23 7:0 p.m.84 views

CVE-2018-1000136

CVE-2018-1000136 concerns the Electron framework where Webviews mishandle values, enabling potential remote code execution. Affected are Electron versions: 1.7.x up to 1.7.12, 1.8.x up to 1.8.3, and 2.0.0 up to 2.0.0-beta.3. The issue appears when an application allows execution of third‑party co...

8.1CVSS8.4AI score0.05259EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2018/01/03 6:47 a.m.16 views

Cross-site Scripting (XSS)

shiba is vulnerable to cross-site scripting XSS attacks. These attacks are possible due to the enabled node integration...

6.1CVSS5.8AI score0.01108EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2018/01/03 1:29 a.m.12 views

Design/Logic Flaw

Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration...

4.3CVSS6.3AI score0.01044EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2018/01/03 1:29 a.m.15 views

Design/Logic Flaw

Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration...

4.3CVSS6.3AI score0.01108EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2018/01/03 1:29 a.m.18 views

CVE-2017-1000492

Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration...

6.1CVSS6.4AI score0.01044EPSS
Exploits0References2
OSV
OSV
added 2018/01/03 1:29 a.m.18 views

CVE-2017-1000492

Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration...

6.1CVSS6.5AI score
Exploits0References2
OSV
OSV
added 2018/01/03 1:29 a.m.17 views

CVE-2017-1000491

Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration...

6.1CVSS6.5AI score
Exploits0References2
NVD
NVD
added 2018/01/03 1:29 a.m.23 views

CVE-2017-1000491

Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration...

6.1CVSS6.4AI score0.01108EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/01/03 1:0 a.m.25 views

CVE-2017-1000492

Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration...

6.4AI score0.01044EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/01/03 1:0 a.m.28 views

CVE-2017-1000491

Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration...

6.3AI score0.01108EPSS
Exploits0References2
CVE
CVE
added 2018/01/03 1:0 a.m.40 views

CVE-2017-1000492

CVE-2017-1000492 affects Leanote-desktop v2.5. The vulnerability is a cross-site scripting (XSS) flaw caused by enabled Node integration, which can lead to code execution. Multiple sources (NVD and Red Hat, OSV, CNVD, etc.) corroborate the issue. CVSS details: CVSS2 base 4.3 (I:P) and CVSS3 base ...

6.1CVSS6.3AI score0.01044EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2018/01/03 1:0 a.m.47 views

CVE-2017-1000491

CVE-2017-1000491 affects the Shiba markdown live preview app, version 1.1.0, with a cross-site scripting (XSS) vulnerability that can lead to code execution. The root cause is enabled Node.js integration in the app environment. Exploit specifics, affected platforms, and remediation are not provid...

6.1CVSS6.3AI score0.01108EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2017/08/07 12:0 a.m.6 views

GitHub Electron nodeIntegration Bypass Vulnerability

GitHub Electron is an open source framework for building desktop applications using HTML, CSS and JavaScript. A bypass vulnerability exists in GitHub Electron nodeIntegration. Allows an attacker to perform remote command execution...

9.3CVSS8.4AI score0.06693EPSS
Exploits1References1
OSV
OSV
added 2017/08/06 2:29 a.m.3 views

CVE-2017-12581

GitHub Electron before 1.6.8 allows remote command execution because of a nodeIntegration bypass vulnerability. This also affects all applications that bundle Electron code equivalent to 1.6.8 or earlier. Bypassing the Same Origin Policy SOP is a precondition; however, recent Electron versions do...

8.1CVSS6AI score0.06693EPSS
Exploits1References2
Rows per page
Query Builder