1809 matches found
Exposure of Resource to Wrong Sphere
Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere via the window.open function. An attacker can gain access to or manipulate the browsin...
WebSP-Eval: Evaluating Web Agents on Website Security and Privacy Tasks
Web agents automate browser tasks, ranging from simple form completion to complex workflows like ordering groceries. While current benchmarks evaluate general-purpose performancee.g., WebArena or safety against malicious actionse.g., SafeArena, no existing framework assesses an agent's ability to...
PT-2026-30918
Name of the Vulnerable Software and Affected Versions Electron versions prior to 39.8.5 Electron versions prior to 40.8.5 Electron versions prior to 41.1.0 Electron versions prior to 42.0.0-alpha.5 Description Electron did not correctly scope the named-window lookup to the opener's browsing conte...
thunderbird security update
140.9.0-1.0.1 - Fix prefs for new nss Orabug: 37079820 - Add Oracle prefs file 140.9.0 - Add OpenELA debranding 140.9.0-1 - Update to 140.9.0 ESR...
EUVD-2019-20048
R i386 3.5.0 contains a local buffer overflow vulnerability in the GUI Preferences dialog that allows local attackers to trigger a structured exception handler SEH overwrite by supplying malicious input. Attackers can craft a payload string in the 'Language for menus and messages' field to...
CVE-2019-25656
R i386 3.5.0 contains a local buffer overflow vulnerability in the GUI Preferences dialog that allows local attackers to trigger a structured exception handler SEH overwrite by supplying malicious input. Attackers can craft a payload string in the 'Language for menus and messages' field to...
CVE-2019-25656
R i386 3.5.0 contains a local buffer overflow vulnerability in the GUI Preferences dialog that allows local attackers to trigger a structured exception handler SEH overwrite by supplying malicious input. Attackers can craft a payload string in the 'Language for menus and messages' field to...
UBUNTU-CVE-2019-25656
R i386 3.5.0 contains a local buffer overflow vulnerability in the GUI Preferences dialog that allows local attackers to trigger a structured exception handler SEH overwrite by supplying malicious input. Attackers can craft a payload string in the 'Language for menus and messages' field to...
CVE-2019-25656
R i386 3.5.0 contains a local buffer overflow vulnerability in the GUI Preferences dialog that allows local attackers to trigger a structured exception handler SEH overwrite by supplying malicious input. Attackers can craft a payload string in the 'Language for menus and messages' field to...
CVE-2019-25656
CVE-2019-25656 affects R i386 3.5.0. The vulnerability is a local buffer overflow in the GUI Preferences dialog, allowing a local attacker to trigger a structured exception handler (SEH) overwrite by supplying malicious input. An attacker can craft a payload in the 'Language for menus and message...
CVE-2019-25656 R i386 3.5.0 Local Buffer Overflow SEH
R i386 3.5.0 contains a local buffer overflow vulnerability in the GUI Preferences dialog that allows local attackers to trigger a structured exception handler SEH overwrite by supplying malicious input. Attackers can craft a payload string in the 'Language for menus and messages' field to...
PT-2026-30465
R i386 3.5.0 contains a local buffer overflow vulnerability in the GUI Preferences dialog that allows local attackers to trigger a structured exception handler SEH overwrite by supplying malicious input. Attackers can craft a payload string in the 'Language for menus and messages' field to...
R 缓冲区错误漏洞
R is a statistical computing software developed by The R Foundation. Version 3.5.0 of R i386 contains a buffer overflow vulnerability. This vulnerability stems from a local buffer overflow in the GUI Preferences dialog box, which may allow local attackers to trigger the structured exception handl...
CVE-2026-34769
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, an undocumented commandLineSwitches webPreference allowed arbitrary switches to be appended to the renderer process command line. Ap...
CVE-2026-34769 Electron: Renderer command-line switch injection via undocumented commandLineSwitches webPreference
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, an undocumented commandLineSwitches webPreference allowed arbitrary switches to be appended to the renderer process command line. Ap...
Hidden Functionality
Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Hidden Functionality via the commandLineSwitches webPreference. An attacker can inject arbitrary command-line switches into...
Hidden Functionality
Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Hidden Functionality via the commandLineSwitches webPreference. An attacker can inject arbitrary command-li...
PT-2026-29999
Name of the Vulnerable Software and Affected Versions Electron versions prior to 38.8.6, prior to 39.8.0, prior to 40.7.0, and prior to 41.0.0-beta.8. Description An undocumented commandLineSwitches webPreference allowed arbitrary switches to be appended to the renderer process command line...
thunderbird security update
140.9.0-1.0.1 - Add Oracle prefs 140.9.0-1 - Update to 140.9.0 ESR...
EUVD-2018-21720
HeidiSQL 9.5.0.5196 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long file path in the logging preferences. Attackers can input a buffer-overflow payload through the SQL log file path field in Preferences Logging to...