Electron 资源管理错误漏洞

Electron is a JavaScript framework developed by users for creating cross-platform desktop applications under the open-source license. This framework is based on Node.js and Chromium, allowing the development of cross-platform desktop applications using HTML and CSS. Versions of Electron prior to...

CVE-2026-34770 Electron: Use-after-free in PowerMonitor on Windows and macOS

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, apps that use the powerMonitor module may be vulnerable to a use-after-free. After the native PowerMonitor object is...

CVE-2026-34770

CVE-2026-34770 concerns Electron apps using the powerMonitor module. The issue is a use-after-free: after the native PowerMonitor object is garbage-collected, OS-level resources (a Windows message window; a macOS shutdown handler) may still reference freed memory. A subsequent session-change even...

EUVD-2026-18939

Electron: Use-after-free in PowerMonitor on Windows and macOS...

Electron: Use-after-free in PowerMonitor on Windows and macOS

Impact Apps that use the powerMonitor module may be vulnerable to a use-after-free. After the native PowerMonitor object is garbage-collected, the associated OS-level resources a message window on Windows, a shutdown handler on macOS retain dangling references. A subsequent session-change event...

EUVD-2018-11302

Malware in sbrugna...

EUVD-2018-11303

Malware in sbrugna...

EUVD-2023-33598

Malicious code in bioql PyPI...

Rockwell Automation PowerMonitor 1000 Unprotected Alternate Channel (CVE-2024-12371)

A device takeover vulnerability exists in the affected product. This vulnerability allows configuration of a new Policyholder user without any authentication via API. Policyholder user is the most privileged user that can perform edit operations, creating admin users and performing factory reset...

CVE-2024-12373 Rockwell Automation PowerMonitor™ 1000 Denial of Service

A denial-of-service vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in a buffer-overflow, potentially causing denial-of-service...

CVE-2024-12373

CVE-2024-12373 affects Rockwell Automation PowerMonitor 1000. The connected materials confirm a denial-of-service vulnerability caused by a buffer overflow in the device, exploitable over the network with no user interaction required. Public sources (ICS advisory ICSA-24-352-03) detail risk: pote...

CVE-2024-12372

CVE-2024-12372 affects Rockwell Automation PowerMonitor 1000. The issue enables denial-of-service and potentially remote code execution via heap memory corruption, exploitable over the network through the device API that allows unauthenticated policy changes (admin creation, factory resets). Seve...

CVE-2024-12372 Rockwell Automation PowerMonitor™ 1000 Denial of Service

A denial-of-service and possible remote code execution vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in corruption of the heap memory which may compromise the integrity of the system, potentially allowing for remote code execution or a...

CVE-2024-12371

CVE-2024-12371 affects Rockwell Automation Power Monitor 1000. Vulnerability: API allows unauthenticated creation of a Policyholder user with high privileges (edit operations, admin creation, factory reset). Reported impact includes device takeover and potential for remote code execution/DoS via ...

PT-2024-10278

Name of the Vulnerable Software and Affected Versions: Rockwell Automation Power Monitor 1000 affected versions not specified Description: A denial-of-service vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in a buffer overflow, potentially causing...

Rockwell Automation PowerMonitor 1000 Cross Site Scripting Vulnerability

Rockwell Automation PowerMonitor 1000 is a power monitoring device from Rockwell Automation. The Rockwell Automation PowerMonitor 1000 suffers from a cross-site scripting vulnerability that stems from a lack of effective filtering and escaping of user-supplied data, which can be exploited by an...

CISA Releases Nine Industrial Control Systems Advisories

CISA released nine Industrial Control Systems ICS advisories on July 13, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-194-01 Siemens RUGGEDCOM ROX ICSA-23-194-02 Siemens SiPass Integrated ICSA-23-194-03...

Rockwell Automation PowerMonitor 1000

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: PowerMonitor 1000 Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to achieve remote code...

Cross site scripting

The Rockwell Automation PowerMonitor 1000 contains stored cross-site scripting vulnerabilities within the web page of the product. The vulnerable pages do not require privileges to access and can be injected with code by an attacker which could be used to leverage an attack on an authenticated...

CVE-2023-2072

CVE-2023-2072 affects Rockwell Automation PowerMonitor 1000. Stored cross-site scripting in the product’s web pages allows code injection by an unauthenticated attacker to impact an authenticated user, potentially enabling remote code execution and compromising confidentiality, integrity, and ava...