Lucene search
+L

6 matches found

OSV
OSV
added 2026/04/03 11:49 p.m.6 views

CVE-2026-34772 Electron: Use-after-free in download save dialog callback

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that allow downloads and programmatically destroy sessions may be vulnerable to a use-after-free. If a session is torn down whi...

5.8CVSS5.8AI score0.00209EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/03 2:41 a.m.5 views

Use After Free

Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Use After Free in the download save dialog callback process. An attacker can cause a crash or memory corruption by triggeri...

8.8CVSS5.9AI score0.00209EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/03 2:41 a.m.12 views

EUVD-2026-18943

Electron: Use-after-free in download save dialog callback...

5.8CVSS5.9AI score0.00209EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/03 2:41 a.m.10 views

Electron: Use-after-free in download save dialog callback

Impact Apps that allow downloads and programmatically destroy sessions may be vulnerable to a use-after-free. If a session is torn down while a native save-file dialog is open for a download, dismissing the dialog dereferences freed memory, which may lead to a crash or memory corruption. Apps tha...

8.8CVSS5.8AI score0.00209EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2021/02/02 7:15 p.m.2 views

DEBIAN-CVE-2021-21289

Mechanize is an open-source ruby library that makes automated web interaction easy. In Mechanize from version 2.0.0 and before version 2.7.7 there is a command injection vulnerability. Affected versions of mechanize allow for OS commands to be injected using several classes' methods which...

8.3CVSS7.3AI score0.03507EPSS
Exploits0References1
Snyk
Snyk
added 2021/02/01 12:0 a.m.3 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection. Affected versions of mechanize allow for OS commands to be injected using several classes' methods which implicitly use Ruby's Kernel.open method. Exploitation is possible only if untrusted input is used as a local...

8.3CVSS7AI score0.03507EPSS
Exploits0References3
Rows per page
Query Builder