14 matches found
Electron 访问控制错误漏洞
Electron is a JavaScript framework developed by users for creating cross-platform desktop applications under the open-source license. This framework is based on Node.js and Chromium, allowing the development of cross-platform desktop applications using HTML and CSS. Versions of Electron prior to...
CVE-2026-34777 Electron: Incorrect origin passed to permission request handler for iframe requests
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, when an iframe requests fullscreen, pointerLock, keyboardLock, openExternal, or media permissions, the origin passed to...
Electron: Incorrect origin passed to permission request handler for iframe requests
Impact When an iframe requests fullscreen, pointerLock, keyboardLock, openExternal, or media permissions, the origin passed to session.setPermissionRequestHandler was the top-level page's origin rather than the requesting iframe's origin. Apps that grant permissions based on the origin parameter ...
Electron: Use-after-free in WebContents fullscreen, pointer-lock, and keyboard-lock permission callbacks
Impact Apps that register an asynchronous session.setPermissionRequestHandler may be vulnerable to a use-after-free when handling fullscreen, pointer-lock, or keyboard-lock permission requests. If the requesting frame navigates or the window closes while the permission handler is pending, invokin...
PT-2026-30001
Impact Apps that register an asynchronous session.setPermissionRequestHandler may be vulnerable to a use-after-free when handling fullscreen, pointer-lock, or keyboard-lock permission requests. If the requesting frame navigates or the window closes while the permission handler is pending, invokin...
CVE-2024-11486
A vulnerability, which was classified as problematic, was found in Code4Berry Decoration Management System 1.0. This affects an unknown part of the file /decoration/admin/userpermission.php of the component User Permission Handler. The manipulation leads to permission issues. It is possible to...
CVE-2024-11486
A vulnerability, which was classified as problematic, was found in Code4Berry Decoration Management System 1.0. This affects an unknown part of the file /decoration/admin/userpermission.php of the component User Permission Handler. The manipulation leads to permission issues. It is possible to...
CVE-2024-11486 Code4Berry Decoration Management System User Permission user_permission.php
A vulnerability, which was classified as problematic, was found in Code4Berry Decoration Management System 1.0. This affects an unknown part of the file /decoration/admin/userpermission.php of the component User Permission Handler. The manipulation leads to permission issues. It is possible to...
CVE-2024-11486 Code4Berry Decoration Management System User Permission user_permission.php
A vulnerability, which was classified as problematic, was found in Code4Berry Decoration Management System 1.0. This affects an unknown part of the file /decoration/admin/userpermission.php of the component User Permission Handler. The manipulation leads to permission issues. It is possible to...
PT-2024-17024 · Unknown · Code4Berry Decoration Management System
Name of the Vulnerable Software and Affected Versions: Code4Berry Decoration Management System version 1.0 Description: A problematic issue was found in the Code4Berry Decoration Management System, affecting an unknown part of the file /decoration/admin/user permission.php of the component User...
CVE-2020-10858
Zulip Desktop before 5.0.0 allows attackers to perform recording via the webcam and microphone due to a missing permission request handler...
CVE-2020-10858
Zulip Desktop before 5.0.0 allows attackers to perform recording via the webcam and microphone due to a missing permission request handler...
CVE-2020-10858
Zulip Desktop before 5.0.0 is affected by a permission handling flaw that allows recording via the webcam and microphone. The issue arises from a missing permission request handler, enabling potential abuse without requiring user interaction. Public sources in the connected data consistently desc...
Unspecified Vulnerability in Mattermost Desktop App (CNVD-2020-41482)
Mattermost Desktop App is a messaging desktop application from Mattermost USA. A security vulnerability exists in Mattermost Desktop App versions prior to 4.0.0 that stems from the program not properly handling the same-origin policy setPermissionRequestHandler. An attacker could exploit the...