CVE-2026-34771

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that register an asynchronous session.setPermissionRequestHandler may be vulnerable to a use-after-free when handling fullscree...

CVE-2026-34768

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, on Windows, app.setLoginItemSettingsopenAtLogin: true wrote the executable path to the Run registry key without quoting. If the app ...

GHSA-JFQG-HF23-QPW2 Electron: Context Isolation bypass via contextBridge VideoFrame transfer

Impact Apps that pass VideoFrame objects from the WebCodecs API across the contextBridge are vulnerable to a context isolation bypass. An attacker who can execute JavaScript in the main world for example, via XSS can use a bridged VideoFrame to gain access to the isolated world, including any...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the request handling flow inside the Docker daemon. An attacker can bypass authorization checks by sending specially-crafted requests that cause the authorization plugin to receive the request without its body...

Off-by-one Error

Overview Affected versions of this package are vulnerable to Off-by-one Error in the plugins privilege validation. An attacker can gain unauthorized access to sensitive plugin privileges by installing a malicious plugin that exploits the privilege comparison logic. - Remediation Upgrade...

Off-by-one Error

Overview Affected versions of this package are vulnerable to Off-by-one Error in the plugins privilege validation. An attacker can gain unauthorized access to sensitive plugin privileges by installing a malicious plugin that exploits the privilege comparison logic. - Remediation Upgrade...

CVE-2025-50184

DbGate is cross-platform database manager. In versions 6.4.3-premium-beta.5 and below, DbGate is vulnerable to a directory traversal flaw. The file parameter is not properly restricted to the intended uploads directory. As a result, the endpoint that lists files within the upload directory can be...

Authorization

CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. In affected versions successful login attempts are recorded with the raw tokens stored in the log table. If a malicious person somehow views the data in the log table they can obtain a raw token which can then b...

Authorization

CodeIgniter Shield is an authentication and authorization provider for CodeIgniter 4. The secretKey value is an important key for HMAC SHA256 authentication and in affected versions was stored in the database in cleartext form. If a malicious person somehow had access to the data in the database,...

com.azure:azure-messaging-eventhubs (>=5.0.0-beta.6 <=5.3.0-beta.1), com.azure:azure-messaging-eventhubs-checkpointstore-blob (>=1.0.0-beta.4 <=1.3.0-beta.1) +13 more potentially affected by CVE-2020-16971 via com.azure:azure-core-amqp (>=1.0.0-beta.8 <=1.6.0-beta.1)

com.azure:azure-core-amqp MAVEN version =1.0.0-beta.8, =5.0.0-beta.6, =1.0.0-beta.4, =7.0.0-beta.1, =1.1.3, =1.1.3, =1.1.3, =1.5.4-bkbase.1, =1.20.0, =1.3.0.Alpha1, =0.5.0, =3.5.0, =3.5.0, =1.1.21, =1.2.01 Source cves: CVE-2020-16971https://vul...

CVE-2022-29281

Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program or theft of NTLM credentials via an SMB relay attack,...

Input validation

Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program or theft of NTLM credentials via an SMB relay attack,...

PT-2022-19521 · Notable +1 · Notable +1

Name of the Vulnerable Software and Affected Versions: Notable versions prior to 1.9.0-beta.8 Description: The issue arises from improper validation of the file URI scheme, allowing the opening of executable files when clicking on a link. This could lead to the execution of an arbitrary program o...

firefox security update

38.0-3.0.1.el71 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 38.0-3 - Enabled system nss - Removed unused patches 38.0-2 - Update to 38.0 ESR 38.0b8-0.11 - Update to 38.0 Beta 8 38.0b6-0.10 - Added patch for mozbz1152515 38.0b6-0.9 - Update to 38.0 Beta 6...