Lucene search
+L

134 matches found

euvd
euvd
added yesterday5 views

EUVD-2026-44747

Cherry Studio versions 1.2.2 through 1.9.12, fixed in commit 1518530, contain a remote code execution vulnerability in SearchService that allows remote attackers to execute arbitrary code by delivering malicious JavaScript through controlled search provider content loaded into an Electron...

8.8CVSS6.7AI score
Exploits0References3
cve
cve
added yesterday7 views

CVE-2026-40501

Cherry Studio versions 1.2.2–1.9.12 contain a remote code execution vulnerability in the SearchService due to a nodeIntegration misconfiguration. When an Electron BrowserWindow is created with nodeIntegration enabled and contextIsolation disabled, control over search provider content (provided by...

8.8CVSS6.7AI score
Exploits0References3
nvd
nvd
added 2026/07/08 5:17 p.m.13 views

CVE-2026-59896

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.11.8 before 4.12.27, hono/jsx did not isolate context values per request during server-side rendering, allowing createContext, useContext, jsxRenderer, or useRequestContext data from a different in-flight...

6.5CVSS0.00191EPSS
Exploits0References3
cvelist
cvelist
added 2026/07/08 4:8 p.m.34 views

CVE-2026-59896 hono/jsx does not isolate context per request, leading to cross-request data disclosure

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.11.8 before 4.12.27, hono/jsx did not isolate context values per request during server-side rendering, allowing createContext, useContext, jsxRenderer, or useRequestContext data from a different in-flight...

6.5CVSS0.00191EPSS
Exploits0References3
euvd
euvd
added 2026/07/08 4:8 p.m.6 views

EUVD-2026-42326

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.11.8 before 4.12.27, hono/jsx did not isolate context values per request during server-side rendering, allowing createContext, useContext, jsxRenderer, or useRequestContext data from a different in-flight...

6.5CVSS5.9AI score0.00191EPSS
Exploits0References3
cve
cve
added 2026/07/08 4:8 p.m.9 views

CVE-2026-59896

Hono/jsx in the Hono web framework exposes a cross-request data disclosure during server-side rendering. From version 4.11.8 up to, but not including, 4.12.27, context values created via createContext, useContext, jsxRenderer, or useRequestContext were not isolated per request and could be reused...

6.5CVSS5.9AI score0.00191EPSS
Exploits0References3Affected Software1
ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.7 views

PT-2026-56506

Name of the Vulnerable Software and Affected Versions Hono versions 4.11.8 through 4.12.26 Description During server-side rendering, the hono/jsx module fails to isolate context values on a per-request basis. This allows data from a different in-flight request to be accessed after an await...

6.5CVSS6.1AI score0.00191EPSS
Exploits0References9
redhatcve
redhatcve
added 2026/06/05 7:12 p.m.9 views

CVE-2026-44586

SiYuan is an open-source personal knowledge management system. From 2.1.12 to before 3.7.0. SiYuan's Bazaar marketplace renders package author metadata from the public bazaar stage feed into HTML without escaping. In the desktop app this becomes stored XSS, and because SiYuan's Electron windows a...

8.3CVSS5.7AI score0.00307EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/19 1:56 p.m.11 views

CVE-2026-26462

Offline Hospital Management System 5.3.0 allows remote code execution due to an improper Electron renderer configuration. The application enables Node.js integration while disabling context isolation, allowing JavaScript executed in the renderer process to access Node.js APIs and execute arbitrar...

7.3CVSS6.6AI score0.00318EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/05/18 12:0 a.m.9 views

CVE-2026-26462

Offline Hospital Management System 5.3.0 allows remote code execution due to an improper Electron renderer configuration. The application enables Node.js integration while disabling context isolation, allowing JavaScript executed in the renderer process to access Node.js APIs and execute arbitrar...

6.6AI score0.00318EPSS
Exploits0References2
euvd
euvd
added 2026/05/18 12:0 a.m.13 views

EUVD-2026-30773

Offline Hospital Management System 5.3.0 allows remote code execution due to an improper Electron renderer configuration. The application enables Node.js integration while disabling context isolation, allowing JavaScript executed in the renderer process to access Node.js APIs and execute arbitrar...

6.6AI score0.00318EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/05/18 12:0 a.m.16 views

PT-2026-41672

Offline Hospital Management System 5.3.0 allows remote code execution due to an improper Electron renderer configuration. The application enables Node.js integration while disabling context isolation, allowing JavaScript executed in the renderer process to access Node.js APIs and execute arbitrar...

6.6AI score0.00318EPSS
Exploits0References3
cve
cve
added 2026/05/18 12:0 a.m.17 views

CVE-2026-26462

CVE-2026-26462 affects Offline Hospital Management System 5.3.0. The root cause is an improper Electron renderer configuration that enables Node.js integration while disabling context isolation, allowing JavaScript in the renderer to access Node.js APIs and execute arbitrary operating system comm...

7.3CVSS6.6AI score0.00318EPSS
Exploits0References2
euvd
euvd
added 2026/05/14 6:11 p.m.11 views

EUVD-2026-30354

SiYuan is an open-source personal knowledge management system. From 2.1.12 to before 3.7.0. SiYuan's Bazaar marketplace renders package author metadata from the public bazaar stage feed into HTML without escaping. In the desktop app this becomes stored XSS, and because SiYuan's Electron windows a...

8.3CVSS6AI score0.00307EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/14 12:0 a.m.13 views

PT-2026-41017

SiYuan is an open-source personal knowledge management system. From 2.1.12 to before 3.7.0. SiYuan's Bazaar marketplace renders package author metadata from the public bazaar stage feed into HTML without escaping. In the desktop app this becomes stored XSS, and because SiYuan's Electron windows a...

8.3CVSS6AI score0.00307EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/05/13 12:0 a.m.29 views

PT-2026-40730

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 0.0.0-20260421031503-96dfe0bea474 Description A stored cross-site scripting XSS issue exists in the Bazaar marketplace. The application fails to sanitize the name and version fields in package metadata files such as...

9CVSS6AI score0.00361EPSS
Exploits0References9
osv
osv
added 2026/05/08 4:53 p.m.9 views

GHSA-2H64-C999-C9R6 SiYuan Affected by Stored XSS via Attribute View Name to Electron Renderer RCE

Summary The kernel stores Attribute View AV / database names without any HTML escape, then a render template uses raw strings.ReplaceAlltpl, "$avName", nodeAvName to embed the name in HTML before pushing to all clients via WebSocket. Three independent client paths render.ts:120 → outerHTML,...

9.4CVSS5.9AI score0.00509EPSS
Exploits0References3
snyk
snyk
added 2026/05/04 4:29 p.m.9 views

Arbitrary Code Injection

Overview org.webjars.npm:vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection through the lookupGetter method and improper context isolation. An attacker can execute arbitrary commands o...

9.8CVSS6.3AI score0.00917EPSS
Exploits1References2
snyk
snyk
added 2026/05/04 4:29 p.m.9 views

Arbitrary Code Injection

Overview vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Affected versions of this package are vulnerable to Arbitrary Code Injection through the lookupGetter method and improper context isolation. An attacker can execute arbitrary commands on the host syste...

9.8CVSS6.3AI score0.00917EPSS
Exploits1References2
nvd
nvd
added 2026/04/24 7:17 p.m.16 views

CVE-2026-41421

SiYuan is an open-source personal knowledge management system. Prior to 3.6.5, SiYuan desktop renders notification messages as raw HTML inside an Electron renderer. The notification route POST /api/notification/pushMsg accepts a user-controlled msg value, forwards it through the backend broadcast...

8.8CVSS0.00134EPSS
Exploits0References1
Rows per page
Query Builder