Lucene search
+L

125 matches found

NVD
NVD
added 2026/04/04 12:16 a.m.6 views

CVE-2026-34772

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that allow downloads and programmatically destroy sessions may be vulnerable to a use-after-free. If a session is torn down whi...

8.8CVSS0.00209EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/03 11:49 p.m.2 views

CVE-2026-34772 Electron: Use-after-free in download save dialog callback

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that allow downloads and programmatically destroy sessions may be vulnerable to a use-after-free. If a session is torn down whi...

5.8CVSS5.8AI score0.00209EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/03 11:49 p.m.23 views

CVE-2026-34772 Electron: Use-after-free in download save dialog callback

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that allow downloads and programmatically destroy sessions may be vulnerable to a use-after-free. If a session is torn down whi...

5.8CVSS0.00209EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/03 2:41 a.m.1 views

Use After Free

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Use After Free in the download save dialog callback process. An attacker can cause a crash or memory...

8.8CVSS5.9AI score0.00209EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.11 views

PT-2026-30002

Impact Apps that allow downloads and programmatically destroy sessions may be vulnerable to a use-after-free. If a session is torn down while a native save-file dialog is open for a download, dismissing the dialog dereferences freed memory, which may lead to a crash or memory corruption. Apps tha...

5.8CVSS5.9AI score0.00209EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2012-4087

Malware in sbrugna...

6.8CVSS6.1AI score0.01309EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2005-2408

Malware in sbrugna...

5.1CVSS6.1AI score0.02721EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.10 views

EUVD-2016-3030

Malware in sbrugna...

6.1CVSS7AI score0.00854EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-12656

Malicious code in bioql PyPI...

6.5CVSS5.5AI score0.00244EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/22 12:7 p.m.11 views

CVE-2012-4143

Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, allows user-assisted remote attackers to trick users into downloading and executing arbitrary files via a small window for the download dialog, a different vulnerability than CVE-2012-1924...

6.8CVSS7AI score0.02325EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/04/30 3:18 a.m.5 views

SUSE CVE-2025-4086

A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected.. This vulnerability was fixed in Firefox 138...

4.3CVSS6AI score0.00244EPSS
Exploits0References4
NVD
NVD
added 2025/04/29 2:15 p.m.14 views

CVE-2025-4086

A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected.. This vulnerability was fixed in Firefox 138...

6.5CVSS0.00244EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/04/29 2:15 p.m.4 views

CVE-2025-4086

A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected. This vulnerability affects Firefox 138 and...

6.5CVSS6.5AI score0.00244EPSS
Exploits0References3
OSV
OSV
added 2025/04/29 2:15 p.m.11 views

UBUNTU-CVE-2025-4086

A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. This bug only affects Firefox for Android. Other versions of Firefox are unaffected. This vulnerability affects Firefox 138 and Thunderbir...

6.5CVSS5.8AI score0.00244EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2025/04/29 1:13 p.m.7 views

CVE-2025-4086 Specially crafted filename could be used to obscure download type

A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected.. This vulnerability was fixed in Firefox 138...

6AI score0.00244EPSS
Exploits0References3
CVE
CVE
added 2025/04/29 1:13 p.m.68 views

CVE-2025-4086

CVE-2025-4086 affects Thunderbird for Android and Firefox/ Thunderbird versions earlier than 138. The issue is triggered by a filename containing a large number of encoded newline characters that can obscure the file extension in the download dialog, potentially misleading users about the downloa...

6.5CVSS6AI score0.00244EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2025/04/29 1:13 p.m.22 views

CVE-2025-4086 Specially crafted filename could be used to obscure download type

A specially crafted filename containing a large number of encoded newline characters could obscure the file's extension when displayed in the download dialog. This bug only affects Thunderbird for Android. Other versions of Thunderbird are unaffected.. This vulnerability was fixed in Firefox 138...

0.00244EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/11/12 12:0 a.m.7 views

The vulnerability of the Mozilla Firefox browser on Android operating systems involves a false representation of critical information to the user’s interface, allowing attackers to perform spear-phishing attacks.

The vulnerability of the Mozilla Firefox browser on Android operating systems is related to incomplete display of file names in the download dialog window. Exploiting this vulnerability allows a remote attacker to perform spearishing attacks...

5CVSS5.5AI score0.00325EPSS
Exploits0References5Affected Software1
CNVD
CNVD
added 2024/10/13 12:0 a.m.15 views

Unspecified Vulnerability in Mozilla Firefox (CNVD-2024-44471)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in versions of Mozilla Firefox prior to 131, which stems from the fact that a specially crafted filename containing a large number of spaces may obscure the file's...

5.3CVSS6.4AI score0.00325EPSS
Exploits0References1
OSV
OSV
added 2024/10/01 4:15 p.m.4 views

CVE-2024-9395

A specially crafted filename containing a large number of spaces could obscure the file's extension when displayed in the download dialog. This bug only affects Firefox for Android. Other versions of Firefox are unaffected. This vulnerability affects Firefox 131...

5.3CVSS5.8AI score0.00325EPSS
Exploits0References2
Rows per page
Query Builder