Lucene search
K

157 matches found

RedhatCVE
RedhatCVE
added 2026/04/06 4:22 p.m.3 views

CVE-2026-34775

A flaw was found in Electron, a framework for building desktop applications. In specific scenarios where applications enable Node.js integration, a misconfiguration could allow workers, which are background scripts, to gain Node.js capabilities even when explicitly disabled. This could enable a...

9.8CVSS6.2AI score0.00289EPSS
Exploits0References4
NVD
NVD
added 2026/04/04 12:16 a.m.8 views

CVE-2026-34775

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.4, 40.8.4, and 41.0.0, the nodeIntegrationInWorker webPreference was not correctly scoped in all configurations. In certain process-sharing scenarios, workers...

9.8CVSS0.00289EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/04 12:0 a.m.9 views

Electron 安全漏洞

Electron is an open-source JavaScript framework developed by users for creating cross-platform desktop applications. This framework is based on Node.js and Chromium, allowing the development of cross-platform desktop applications using HTML and CSS. There are security vulnerabilities in versions ...

9.8CVSS5.9AI score0.00289EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/03 11:55 p.m.5 views

CVE-2026-34775 Electron: nodeIntegrationInWorker not correctly scoped in shared renderer processes

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.4, 40.8.4, and 41.0.0, the nodeIntegrationInWorker webPreference was not correctly scoped in all configurations. In certain process-sharing scenarios, workers...

6.8CVSS5.8AI score0.00289EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/03 11:55 p.m.2 views

CVE-2026-34775

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.4, 40.8.4, and 41.0.0, the nodeIntegrationInWorker webPreference was not correctly scoped in all configurations. In certain process-sharing scenarios, workers...

6.8CVSS5.8AI score0.00289EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/04/03 11:55 p.m.15 views

CVE-2026-34775

Electron: nodeIntegrationInWorker was not correctly scoped in shared renderer processes. Affected versions prior to 38.8.6, 39.8.4, 40.8.4, and 41.0.0 may allow workers in frames with nodeIntegrationInWorker: false to gain Node.js integration in certain process-sharing scenarios. This could enabl...

9.8CVSS5.8AI score0.00289EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/03 11:55 p.m.24 views

CVE-2026-34775 Electron: nodeIntegrationInWorker not correctly scoped in shared renderer processes

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.4, 40.8.4, and 41.0.0, the nodeIntegrationInWorker webPreference was not correctly scoped in all configurations. In certain process-sharing scenarios, workers...

6.8CVSS0.00289EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/03 11:55 p.m.9 views

EUVD-2026-18949

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.4, 40.8.4, and 41.0.0, the nodeIntegrationInWorker webPreference was not correctly scoped in all configurations. In certain process-sharing scenarios, workers...

6.8CVSS5.8AI score0.00289EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/03 2:43 a.m.2 views

Improper Isolation or Compartmentalization

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization in the handling of the nodeIntegrationInWorker configuration in...

9.8CVSS5.9AI score0.00289EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/03 2:43 a.m.11 views

Electron: nodeIntegrationInWorker not correctly scoped in shared renderer processes

Impact The nodeIntegrationInWorker webPreference was not correctly scoped in all configurations. In certain process-sharing scenarios, workers spawned in frames configured with nodeIntegrationInWorker: false could still receive Node.js integration. Apps are only affected if they enable...

9.8CVSS5.9AI score0.00289EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/04/03 2:43 a.m.6 views

Improper Isolation or Compartmentalization

Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Improper Isolation or Compartmentalization in the handling of the nodeIntegrationInWorker configuration in shared renderer...

9.8CVSS5.9AI score0.00289EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.12 views

PT-2026-30005

Impact The nodeIntegrationInWorker webPreference was not correctly scoped in all configurations. In certain process-sharing scenarios, workers spawned in frames configured with nodeIntegrationInWorker: false could still receive Node.js integration. Apps are only affected if they enable...

6.8CVSS5.9AI score0.00289EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/02 7:26 p.m.3 views

Arbitrary Code Injection

Overview dbgate-web is a This package is used internally by DbGate Affected versions of this package are vulnerable to Arbitrary Code Injection through the FontIcon rendering path in packages/web/src/icons/FontIcon.svelte. An attacker can execute arbitrary JavaScript in a victim’s browser, or...

8.2CVSS6.5AI score0.00168EPSS
Exploits0References3
CVE
CVE
added 2026/04/02 6:2 p.m.6 views

CVE-2026-34725

DbGate (multi-platform: web and Electron desktop) contains a stored XSS in the icon rendering path impacting versions 7.0.0–7.1.5. Attacker-controlled SVG icons stored as applicationIcon are rendered without sanitization, enabling script execution in another user’s browser (web UI) and, in Electr...

8.2CVSS6.2AI score0.00168EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/02 6:2 p.m.19 views

CVE-2026-34725 dbgate-web: Stored XSS in applicationIcon leads to potential RCE in Electron due to unsafe renderer configuration

DbGate is cross-platform database manager. From version 7.0.0 to before version 7.1.5, a stored XSS vulnerability exists in DbGate because attacker-controlled SVG icon strings are rendered as raw HTML without sanitization. In the web UI this allows script execution in another user's browser; in t...

8.2CVSS0.00168EPSS
Exploits0References3
OSV
OSV
added 2026/04/01 10:19 p.m.3 views

GHSA-35XM-QVJG-8M42 dbgate-web: Stored XSS in applicationIcon leads to potential RCE in Electron due to unsafe renderer configuration

Summary A stored XSS vulnerability exists in DbGate because attacker-controlled SVG icon strings are rendered as raw HTML without sanitization. In the web UI this allows script execution in another user's browser; in the Electron desktop app this can escalate to local code execution because...

8.2CVSS6.3AI score0.00168EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/01 10:19 p.m.5 views

dbgate-web: Stored XSS in applicationIcon leads to potential RCE in Electron due to unsafe renderer configuration

Summary A stored XSS vulnerability exists in DbGate because attacker-controlled SVG icon strings are rendered as raw HTML without sanitization. In the web UI this allows script execution in another user's browser; in the Electron desktop app this can escalate to local code execution because...

8.2CVSS6.3AI score0.00168EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/04/01 12:5 a.m.3 views

GHSA-FF66-236V-P4FG SiYuan Desktop: Stored XSS in imported .sy.zip content leads to arbitrary command execution

Summary A vulnerability allows crafted block attribute values to bypass server-side attribute escaping when an HTML entity is mixed with raw special characters. An attacker can embed a malicious IAL value inside a .sy document, package it as a .sy.zip, and have the victim import it through the...

8.6CVSS6.7AI score0.00343EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/04/01 12:5 a.m.8 views

SiYuan Desktop: Stored XSS in imported .sy.zip content leads to arbitrary command execution

Summary A vulnerability allows crafted block attribute values to bypass server-side attribute escaping when an HTML entity is mixed with raw special characters. An attacker can embed a malicious IAL value inside a .sy document, package it as a .sy.zip, and have the victim import it through the...

8.6CVSS6.7AI score0.00343EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.4 views

PT-2026-29667

Name of the Vulnerable Software and Affected Versions DbGate versions 7.0.0 through 7.1.5 Description DbGate, a cross-platform database manager, contains a stored cross-site scripting XSS issue due to attacker-controlled SVG icon strings being rendered as raw HTML without proper sanitization. In...

8.2CVSS6.2AI score0.00168EPSS
Exploits0References11
Rows per page
Query Builder