actual Allows Electron to Run As Node

Summary A electron run as node vulnerability was identified in actual macOS application, version 25.x Electron 39.2.7. Vulnerability Type: Electron Run As Node Description ELECTRONRUNASNODE fuse enabled Electron 39.2.7 — app can be converted to Node.js REPL for arbitrary code execution Impact An...

PT-2026-47558

Summary A electron run as node vulnerability was identified in actual macOS application, version 25.x Electron 39.2.7. Vulnerability Type: Electron Run As Node Description ELECTRON RUN AS NODE fuse enabled Electron 39.2.7 — app can be converted to Node.js REPL for arbitrary code execution Impact ...

PT-2026-47599

Name of the Vulnerable Software and Affected Versions Actual versions prior to 26.5.0 Description In the macOS desktop application, the ELECTRON RUN AS NODE fuse is not disabled. This allows an attacker who can place a file on disk or control command-line arguments to invoke the signed Actual.app...

CVE-2023-50975

The TD Bank TD Advanced Dashboard client through 3.0.3 for macOS allows arbitrary code execution because of the lack of electron::fuses::IsRunAsNodeEnabled i.e., ELECTRONRUNASNODE can be used in production. This makes it easier for a compromised process to access banking information...

TD Bank TD Advanced Dashboard Security Vulnerability

TD Bank TD Advanced Dashboard is a fluid ecosystem from TD where your orders and positions are synchronized in real time between advanced dashboards, online brokers, or TD apps for mobile devices. A security vulnerability exists in TD Bank TD Advanced Dashboard 3.0.3 and prior versions, which ste...

OpenVPN Connect Security Breach

OpenVPN Connect is a VPN Virtual Private Network client application from US-based OpenVPN. A security vulnerability exists in OpenVPN Connect that originates from allowing a local attacker to execute arbitrary code in the context of a nodejs process via the ELECTRONRUNASNODE environment variable...