CVE-2026-8936

Fixed a VM panic caused by unbounded recursion in the grpcfuse kernel module when a container created deeply nested directories on a bind-mounted host folder and triggered a dentry invalidation event. This issue has been fixed in Docker Desktop 4.76.0...

CVE-2024-11399

Files or directories accessible to external parties vulnerability in redis-server component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to conduct denial-of-service attacks via unspecified vectors...

CVE-2026-3340

IBM Langflow Desktop 1.0.0 through 1.8.4 IBM Langflow is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

SUSE CVE-2025-66270

The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets. This affects KDE Connect before 25.12 on desktop, KDE Connect before 0.5.4 on iOS, KDE Connect before 1.34.4 on Android, GSConnect before 68, and Valent before 1.0.0.alpha.49...

EUVD-2025-201337

The KDE Connect verification-code protocol before 2025-04-18 uses only 8 characters and therefore allows brute-force attacks. This affects KDE Connect before 1.33.0 on Android, KDE Connect before 25.04 on desktop, KDE Connect before 0.5 on iOS, Valent before 1.0.0.alpha.47, and GSConnect before 5...

CVE-2025-54159

Missing authorization vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows remote attackers to delete arbitrary files via unspecified vectors...

CVE-2025-60749

Trimble SketchUp Desktop 2025 is affected by a DLL hijacking flaw in sketchup_webhelper.exe via a crafted libcef.dll. Root cause: hijacked DLL loading in SketchUp, allowing code execution within the app context (per PT-2025-44631). Affected component/file: libcef.dll used by sketchup_webhelper.ex...

PT-2025-39690

Name of the Vulnerable Software and Affected Versions Docker Desktop version 4.46.0 Description A software bug in Docker Desktop allowed the configuration for restricting commands to be ignored when passed to Enhanced Container Isolation ECI. This granted excessive privileges by permitting...

Docker Desktop < 4.44.3 Container Escape

The version of Docker Desktop is prior to 4.44.3. It is therefore affected by a container escape vulnerability. The vulnerability allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. This vulnerability occurs with...

Linux Distros Unpatched Vulnerability : CVE-2019-10044

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Telegram Desktop before 1.5.12 on Windows, and the Telegram applications for Android, iOS, and Linux, is vulnerable to an IDN homograph attack when displaying...

CVE-2023-26226

A use after free memory corruption issue exists in Yandex Browser for Desktop prior to version 24.4.0.682...

CVE-2025-27198 Photoshop Desktop | Heap-based Buffer Overflow (CWE-122)

Photoshop Desktop versions 25.12.1, 26.4.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2024-8196

In mintplex-labs/anything-llm v1.5.11 desktop version for Windows, the application opens server port 3001 on 0.0.0.0 with no authentication by default. This vulnerability allows an attacker to gain full backend access, enabling them to perform actions such as deleting all data from the workspace...

anything-llm 访问控制错误漏洞

anything-llm is an all-in-one desktop and Docker AI application open-sourced by Mintplex. An access control error vulnerability exists in the desktop version of anything-llm v1.5.11. The vulnerability stems from the application defaulting to open server port 3001 on 0.0.0.0 with no authentication...

SUSE CVE-2023-28999

Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS app 3.0.5 until 4.8.0, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files,...

Omikron MultiCash 授权问题漏洞

Omikron MultiCash is a one-stop solution for infrastructure, software and services from Omikron Germany. A security vulnerability exists in Omikron MultiCash Desktop 4.00.008.SP5, which allows an attacker to attach a debugger to a process or create a patch to manipulate the behavior of login...

Tencent WeChat 缓冲区错误漏洞

Tencent WeChat 微信 is an online social networking application from the Chinese company Tencent. The program supports sending voice messages, videos, images, and text. A security vulnerability exists in Tencent WeChat 2.9.5 desktop version, which allows remote attackers to disclose sensitive...

Facebook WhatsApp Cross-Site Scripting Vulnerability

Facebook WhatsApp is a suite of mobile applications from the American company Facebook that utilize the web to deliver text messages. The application uses the contact information in a smartphone to find contacts using the program to send texts, pictures, and more. A cross-site scripting...

DLL Hijacking Vulnerability in Desktop Version of 2345 Movie Book

The desktop version of 2345 Movie & TV is a video software promoted by Shanghai 2,3,4,5 Network Technology Co. There is a DLL hijacking vulnerability in the desktop version of 2345 Movie & TV, which can be exploited by an attacker to load a malicious dll and execute malicious code...

Design/Logic Flaw

Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration...