Lucene search
K

106 matches found

CNNVD
CNNVD
added 2026/04/04 12:0 a.m.7 views

Electron 资源管理错误漏洞

Electron is an open-source JavaScript framework developed by users for creating cross-platform desktop applications. This framework is based on Node.js and Chromium, allowing the development of cross-platform desktop applications using HTML and CSS. Versions of Electron prior to 38.8.6, 39.8.0,...

8.8CVSS5.8AI score0.00287EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/03 11:57 p.m.2 views

CVE-2026-34777

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, when an iframe requests fullscreen, pointerLock, keyboardLock, openExternal, or media permissions, the origin passed to...

5.4CVSS5.8AI score0.00122EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/03 11:56 p.m.1 views

CVE-2026-34776 Electron: Out-of-bounds read in second-instance IPC on macOS and Linux

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, on macOS and Linux, apps that call app.requestSingleInstanceLock were vulnerable to an out-of-bounds heap read when parsing a crafted...

5.3CVSS5.8AI score0.00219EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/03 11:55 p.m.2 views

CVE-2026-34775

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.4, 40.8.4, and 41.0.0, the nodeIntegrationInWorker webPreference was not correctly scoped in all configurations. In certain process-sharing scenarios, workers...

6.8CVSS5.8AI score0.00289EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/03 11:52 p.m.2 views

CVE-2026-34774 Electron: Use-after-free in offscreen child window paint callback

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 39.8.1, 40.7.0, and 41.0.0, apps that use offscreen rendering and allow child windows via window.open may be vulnerable to a use-after-free. If the parent offscreen WebContent...

8.1CVSS5.8AI score0.00444EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/03 11:49 p.m.1 views

CVE-2026-34772 Electron: Use-after-free in download save dialog callback

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that allow downloads and programmatically destroy sessions may be vulnerable to a use-after-free. If a session is torn down whi...

5.8CVSS5.8AI score0.00209EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/03 11:49 p.m.2 views

CVE-2026-34772

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that allow downloads and programmatically destroy sessions may be vulnerable to a use-after-free. If a session is torn down whi...

5.8CVSS5.8AI score0.00209EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/04/03 11:46 p.m.13 views

CVE-2026-34770

CVE-2026-34770 concerns Electron apps using the powerMonitor module. The issue is a use-after-free: after the native PowerMonitor object is garbage-collected, OS-level resources (a Windows message window; a macOS shutdown handler) may still reference freed memory. A subsequent session-change even...

8.8CVSS5.8AI score0.00245EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/03 11:46 p.m.5 views

CVE-2026-34770

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, apps that use the powerMonitor module may be vulnerable to a use-after-free. After the native PowerMonitor object is...

7CVSS5.8AI score0.00245EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/03 11:44 p.m.17 views

CVE-2026-34768 Electron: Unquoted executable path in app.setLoginItemSettings on Windows

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, on Windows, app.setLoginItemSettingsopenAtLogin: true wrote the executable path to the Run registry key without quoting. If the app ...

3.9CVSS0.0013EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/03 11:43 p.m.0 views

CVE-2026-34767 Electron: HTTP Response Header Injection in custom protocol handlers and webRequest

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.3, 40.8.3, and 41.0.3, apps that register custom protocol handlers via protocol.handle / protocol.registerSchemesAsPrivileged or modify response headers via...

5.9CVSS5.8AI score0.00211EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/03 11:43 p.m.2 views

CVE-2026-34767

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.3, 40.8.3, and 41.0.3, apps that register custom protocol handlers via protocol.handle / protocol.registerSchemesAsPrivileged or modify response headers via...

5.9CVSS5.8AI score0.00211EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/03 11:35 p.m.0 views

CVE-2026-34766

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, the select-usb-device event callback did not validate the chosen device ID against the filtered list that was presented to the...

3.3CVSS5.8AI score0.00162EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/03 11:33 p.m.2 views

CVE-2026-34769 Electron: Renderer command-line switch injection via undocumented commandLineSwitches webPreference

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, an undocumented commandLineSwitches webPreference allowed arbitrary switches to be appended to the renderer process command line. Ap...

7.7CVSS5.9AI score0.00295EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/03 2:36 a.m.2 views

Missing Authorization

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Missing Authorization in the select-usb-device event callback, which did not validate the chosen device ID...

5.4CVSS5.8AI score0.00162EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/03 2:36 a.m.3 views

Missing Authorization

Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Missing Authorization in the select-usb-device event callback, which did not validate the chosen device ID against the...

5.4CVSS5.8AI score0.00162EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 8:37 a.m.9 views

CVE-2019-20374

A mutation cross-site scripting XSS issue in Typora through 0.9.9.31.2 on macOS and through 0.9.81 on Linux leads to Remote Code Execution through Mermaid code blocks. To exploit this vulnerability, one must open a file in Typora. The XSS vulnerability is then triggered due to improper HTML...

9.6CVSS6.9AI score0.023EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/24 9:19 p.m.5 views

CVE-2025-14498

TradingView Desktop Electron Uncontrolled Search Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of TradingView Desktop. An attacker must first obtain the ability to execute low-privileged code on the target...

7.8CVSS7.5AI score0.00138EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/10/10 2:25 p.m.3 views

Stealit Malware Abuses Node.js Single Executable Feature via Game and VPN Installers

Cybersecurity researchers have disclosed details of an active malware campaign called Stealit that has leveraged Node.js' Single Executable Application SEA feature as a way to distribute its payloads. According to Fortinet FortiGuard Labs, select iterations have also employed the open-source...

7.3AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.11 views

EUVD-2021-2232

Malware in sbrugna...

8.6CVSS8.5AI score0.01017EPSS
Exploits0References7
Rows per page
Query Builder