CVE-2026-34780

A flaw was found in Electron, a framework for building cross-platform desktop applications. An attacker capable of executing JavaScript in the main world, for instance through a cross-site scripting XSS vulnerability, could exploit this flaw. By passing VideoFrame objects from the WebCodecs API...

GO-2025-3600 Missing ACLs on JavaScript APIs allowing privilege escalation github.com/nats-io/nats-server

Missing...

Mattermost Desktop < 5.9.0 (Windows / Unix) (MMSA-2024-00372)

The version of Mattermost Desktop installed on the remote host is prior to 5.9.0. It is, therefore, affected by a vulnerability as referenced in the MMSA-2024-00372 advisory. - Mattermost versions 5.9.0 Mattermost Desktop app have a vulnerability in their screen capture functionality, allowing...

Mattermost Desktop < 5.9.0 (macOS) (MMSA-2024-00372)

The version of Mattermost Desktop installed on the remote host is prior to 5.9.0. It is, therefore, affected by a vulnerability as referenced in the MMSA-2024-00372 advisory. - Mattermost versions 5.9.0 Mattermost Desktop app have a vulnerability in their screen capture functionality, allowing...

Mattermost Desktop App fails to safeguard screen capture functionality

Mattermost Desktop App versions =5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture high-quality screenshots via JavaScript APIs...

GHSA-5777-RCJJ-9P22 Mattermost Desktop App fails to safeguard screen capture functionality

Mattermost Desktop App versions =5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture high-quality screenshots via JavaScript APIs...

CVE-2024-39772

Mattermost Desktop App versions =5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture high-quality screenshots via JavaScript APIs...

CVE-2024-39772

Mattermost Desktop App versions =5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture high-quality screenshots via JavaScript APIs...

CVE-2024-39772

Summary: CVE-2024-39772 affects Mattermost Desktop App versions

CVE-2024-39772 Silent Desktop Screenshot Capture

Mattermost Desktop App versions =5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture high-quality screenshots via JavaScript APIs...

CVE-2024-39772 Silent Desktop Screenshot Capture

Mattermost Desktop App versions =5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture high-quality screenshots via JavaScript APIs...

Mozilla Firefox - WebIDL Privileged JavaScript Injection (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex/exploitation/jsobfu' class Metasploit3 HttpClients::FF, :uamaxver = "22.0", :uamaxver = "27.0", :javascript = true, :rank = ExcellentRankin...

Adobe Reader for Android 11.1.3 - Arbitrary JavaScript Execution

No description provided by source. ------------------------------------------------------------------------ Adobe Reader for Android exposes insecure Javascript interfaces ------------------------------------------------------------------------ Yorick Koster, April 2014...

Adobe Reader Multiple Vulnerabilities - 01 (May 2014) - Windows

Adobe Reader is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:acrobatreader";...

Adobe Acrobat Multiple Vulnerabilities - 01 (May 2014) - Windows

Adobe Acrobat is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:acrobat"; ifdescription...

CVE-2014-0521

Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X do not properly implement JavaScript APIs, which allows remote attackers to obtain sensitive information via a crafted PDF document...

Design/Logic Flaw

Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 on Windows and OS X do not properly implement JavaScript APIs, which allows remote attackers to obtain sensitive information via a crafted PDF document...

Adobe Acrobat < 10.1.10 / 11.0.07 Multiple Vulnerabilities (APSB14-15)

The version of Adobe Acrobat installed on the remote host is a version prior to 10.1.10 / 11.0.07. It is, therefore, affected by multiple vulnerabilities : - A heap overflow vulnerability exists that could lead to code execution. CVE-2014-0511 - A security bypass vulnerability exists with input...

Adobe Reader < 10.1.10 / 11.0.07 Multiple Vulnerabilities (APSB14-15)

The version of Adobe Reader installed on the remote host is a version prior to 10.1.10 / 11.0.07. It is, therefore, affected by multiple vulnerabilities : - A heap overflow vulnerability exists that could lead to code execution. CVE-2014-0511 - A security bypass vulnerability exists with input...

Mozilla Foundation Security Advisory 2010-46

Mozilla Foundation Security Advisory 2010-46 Title: Cross-domain data theft using CSS Impact: Moderate Announced: July 20, 2010 Reporter: Chris Evans Products: Firefox, Thunderbird, SeaMonkey Fixed in: Firefox 3.6.7 Firefox 3.5.11 Thunderbird 3.1.1 Thunderbird 3.0.6 SeaMonkey 2.0.6 Description...