CVE-2023-49314

Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode and EnableNodeCliInspectArguments, and thus r3ggi/electroniz3r can be used to perform an attack...

CVE-2025-12843

Code Injection using Electron Fuses in waveterm on MacOS allows TCC Bypass. This issue affects waveterm: 0.12.2...

EUVD-2025-203091

Code Injection using Electron Fuses in waveterm on MacOS allows TCC Bypass. This issue affects waveterm: 0.12.2...

CVE-2025-12843

Code Injection using Electron Fuses in waveterm on MacOS allows TCC Bypass. This issue affects waveterm: 0.12.2...

CVE-2025-12843

Code Injection using Electron Fuses in waveterm on MacOS allows TCC Bypass. This issue affects waveterm: 0.12.2...

CVE-2025-12843 Code Injection in Wave Term v0.12.2 allowing TCC Bypass

Code Injection using Electron Fuses in waveterm on MacOS allows TCC Bypass. This issue affects waveterm: 0.12.2...

CVE-2025-12843

CVE-2025-12843 describes a code injection vulnerability in Wave Term (waveterm) for macOS, affecting version 0.12.2. The issue arises from Electron Fuses code injection and allows a TCC bypass, with CVSS parameters indicating local access, low attack complexity, and low privileges required. The i...

Wave Terminal 代码注入漏洞

Wave Terminal is an enterprise collaboration system from Wave Terminal open source. A code injection vulnerability exists in Wave Terminal version 0.12.2, which stems from Electron Fuses code injection and could lead to a TCC bypass...

PT-2025-50942

Name of the Vulnerable Software and Affected Versions waveterm version 0.12.2 Description Code Injection using Electron Fuses in waveterm on MacOS allows TCC Bypass. The issue allows for code execution by exploiting Electron Fuses. Recommendations At the moment, there is no information about a...

EUVD-2014-9738

Malware in sbrugna...

EUVD-2025-2655

Malicious code in bioql PyPI...

EUVD-2024-49051

Malicious code in bioql PyPI...

EUVD-2024-2893

Malicious code in bioql PyPI...

EUVD-2023-3149

Malicious code in bioql PyPI...

CVE-2025-55305 Electron is vulnerable to Code Injection via resource modification

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions below 35.7.5, 36.0.0-alpha.1 through 36.8.0, 37.0.0-alpha.1 through 37.3.1 and 38.0.0-alpha.1 through 38.0.0-beta.6, ASAR Integrity Bypass via resource modification. This only impac...

GHSA-VMQV-HX8Q-J7MG Electron has ASAR Integrity Bypass via resource modification

Impact This only impacts apps that have the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses enabled. Apps without these fuses enabled are not impacted. Specifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the...

Electron has ASAR Integrity Bypass via resource modification

Impact This only impacts apps that have the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses enabled. Apps without these fuses enabled are not impacted. Specifically this issue can only be exploited if your app is launched from a filesystem the attacker has write access too. i.e. the...

CVE-2025-51387

The GitKraken Desktop 10.8.0 and 11.1.0 is susceptible to code injection due to misconfigured Electron Fuses. Specifically, the following insecure settings were observed: RunAsNode is enabled and EnableNodeCliInspectArguments is not disabled. These configurations allow the application to be...

CVE-2025-54871 Electron Capture is Vulnerable to TCC Bypass via Misconfigured Node Fuses (macOS)

Electron Capture facilitates video playback for screen-sharing and capture. In versions 2.19.1 and below, the elecap app on macOS allows local unprivileged users to bypass macOS TCC privacy protections by enabling ELECTRONRUNASNODE. This environment variable allows arbitrary Node.js code to be...

CVE-2025-51387

The GitKraken Desktop 10.8.0 and 11.1.0 is susceptible to code injection due to misconfigured Electron Fuses. Specifically, the following insecure settings were observed: RunAsNode is enabled and EnableNodeCliInspectArguments is not disabled. These configurations allow the application to be...