Electron 访问控制错误漏洞

Electron is a JavaScript framework developed by users for creating cross-platform desktop applications under the open-source license. This framework is based on Node.js and Chromium, allowing the development of cross-platform desktop applications using HTML and CSS. Versions of Electron prior to...

Electron: Incorrect origin passed to permission request handler for iframe requests

Impact When an iframe requests fullscreen, pointerLock, keyboardLock, openExternal, or media permissions, the origin passed to session.setPermissionRequestHandler was the top-level page's origin rather than the requesting iframe's origin. Apps that grant permissions based on the origin parameter ...

Electron: Use-after-free in WebContents fullscreen, pointer-lock, and keyboard-lock permission callbacks

Impact Apps that register an asynchronous session.setPermissionRequestHandler may be vulnerable to a use-after-free when handling fullscreen, pointer-lock, or keyboard-lock permission requests. If the requesting frame navigates or the window closes while the permission handler is pending, invokin...

PT-2026-30001

Impact Apps that register an asynchronous session.setPermissionRequestHandler may be vulnerable to a use-after-free when handling fullscreen, pointer-lock, or keyboard-lock permission requests. If the requesting frame navigates or the window closes while the permission handler is pending, invokin...

CVE-2024-11486

A vulnerability, which was classified as problematic, was found in Code4Berry Decoration Management System 1.0. This affects an unknown part of the file /decoration/admin/userpermission.php of the component User Permission Handler. The manipulation leads to permission issues. It is possible to...

CVE-2024-11486

A vulnerability, which was classified as problematic, was found in Code4Berry Decoration Management System 1.0. This affects an unknown part of the file /decoration/admin/userpermission.php of the component User Permission Handler. The manipulation leads to permission issues. It is possible to...

CVE-2024-11486 Code4Berry Decoration Management System User Permission user_permission.php

A vulnerability, which was classified as problematic, was found in Code4Berry Decoration Management System 1.0. This affects an unknown part of the file /decoration/admin/userpermission.php of the component User Permission Handler. The manipulation leads to permission issues. It is possible to...

CVE-2024-11486 Code4Berry Decoration Management System User Permission user_permission.php

A vulnerability, which was classified as problematic, was found in Code4Berry Decoration Management System 1.0. This affects an unknown part of the file /decoration/admin/userpermission.php of the component User Permission Handler. The manipulation leads to permission issues. It is possible to...

PT-2024-17024 · Unknown · Code4Berry Decoration Management System

Name of the Vulnerable Software and Affected Versions: Code4Berry Decoration Management System version 1.0 Description: A problematic issue was found in the Code4Berry Decoration Management System, affecting an unknown part of the file /decoration/admin/user permission.php of the component User...

CVE-2020-10858

Zulip Desktop before 5.0.0 allows attackers to perform recording via the webcam and microphone due to a missing permission request handler...

CVE-2020-10858

Zulip Desktop before 5.0.0 allows attackers to perform recording via the webcam and microphone due to a missing permission request handler...

CVE-2020-10858

Zulip Desktop before 5.0.0 is affected by a permission handling flaw that allows recording via the webcam and microphone. The issue arises from a missing permission request handler, enabling potential abuse without requiring user interaction. Public sources in the connected data consistently desc...

Unspecified Vulnerability in Mattermost Desktop App (CNVD-2020-41482)

Mattermost Desktop App is a messaging desktop application from Mattermost USA. A security vulnerability exists in Mattermost Desktop App versions prior to 4.0.0 that stems from the program not properly handling the same-origin policy setPermissionRequestHandler. An attacker could exploit the...