CVE-2026-48545

CVE-2026-48545 : Gradio before 6.15.0 is affected by a cookie injection vulnerability due to a shared module‑level HTTP client used by the reverse proxy endpoint. Attackers controlling any HF Space can return a parent‑domain cookie that the shared client stores and automatically replays into subs...

CVE-2026-28387

Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequenc...

CVE-2026-34773

A flaw was found in Electron, a framework for building desktop applications. On Windows, the app.setAsDefaultProtocolClient function did not properly validate protocol names before writing to the system registry. This vulnerability could allow a local attacker, through an application that process...

CVE-2026-34773

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, on Windows, app.setAsDefaultProtocolClientprotocol did not validate the protocol name before writing to the registry. Apps that pass...

CVE-2026-34773

CVE-2026-34773 (Electron, Windows): The issue arises when calling app.setAsDefaultProtocolClient() with a protocol name derived from external input; the protocol name is written to HKCU\Software\Classes\ without proper validation, risking hijack of existing protocol handlers. Affected Electron ve...

CVE-2026-34773 Electron: Registry key path injection in app.setAsDefaultProtocolClient on Windows

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, on Windows, app.setAsDefaultProtocolClientprotocol did not validate the protocol name before writing to the registry. Apps that pass...

Electron: Registry key path injection in app.setAsDefaultProtocolClient on Windows

Impact On Windows, app.setAsDefaultProtocolClientprotocol did not validate the protocol name before writing to the registry. Apps that pass untrusted input as the protocol name may allow an attacker to write to arbitrary subkeys under HKCU\Software\Classes, potentially hijacking existing protocol...

EUVD-2026-18945

Electron: Registry key path injection in app.setAsDefaultProtocolClient on Windows...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' in the...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' in the...

GHSA-MWMH-MQ4G-G6GR Electron: Registry key path injection in app.setAsDefaultProtocolClient on Windows

Impact On Windows, app.setAsDefaultProtocolClientprotocol did not validate the protocol name before writing to the registry. Apps that pass untrusted input as the protocol name may allow an attacker to write to arbitrary subkeys under HKCU\Software\Classes, potentially hijacking existing protocol...

PT-2026-30003

Impact On Windows, app.setAsDefaultProtocolClientprotocol did not validate the protocol name before writing to the registry. Apps that pass untrusted input as the protocol name may allow an attacker to write to arbitrary subkeys under HKCUSoftwareClasses, potentially hijacking existing protocol...

CVE-2025-11043

An Improper Certificate Validation vulnerability in the OPC-UA client and ANSL over TLS client used in Automation Studio versions before 6.5 could allow an unauthenticated attacker on the network to position themselves to intercept and interfere with data exchanges...

Microsoft Remote Desktop Protocol Client 资源管理错误漏洞

Microsoft Remote Desktop Protocol Client is a client software application for connecting to remote desktops from Microsoft Corporation USA. A resource management error vulnerability exists in Microsoft Remote Desktop Protocol Client, which can be exploited by an attacker to remotely execute code...

PTZOptics PT30X-SDI/NDI-xx 安全漏洞

PTZOptics PT30X-SDI/NDI-xx is a series of HD cameras from PTZOptics. A security vulnerability exists in PTZOptics PT30X-SDI/NDI-xx versions prior to 6.3.40, which stems from insufficient validation of the ntpaddr configuration value. An attacker could use this vulnerability to execute arbitrary...

RHEL 8 : libX11 (RHSA-2024:2973)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2973 advisory. The libX11 packages contain the core X11 protocol client library. Security Fixes: libX11: out-of-bounds memory access in XkbReadKeySyms...

Moderate: libX11 security update

The libX11 packages contain the core X11 protocol client library. Security Fixes: libX11: out-of-bounds memory access in XkbReadKeySyms CVE-2023-43785 libX11: stack exhaustion from infinite recursion in PutSubImage CVE-2023-43786 libX11: integer overflow in XCreateImage leading to a heap overflow...

@jup-ag/core (>=3.0.0-beta.0 <=3.0.0-beta.8-eacba78), @jup-ag/react-hook (>=3.0.0-beta.0 <=3.0.0-beta.8-eacba78) +7 more potentially affected by CVE-2024-30253 via @solana/web3.js (>=1.63.0 <=1.63.1)

@solana/web3.js NPM version =1.63.0, =3.0.0-beta.0, =3.0.0-beta.0, =0.0.1-0d5b39f4.0, =0.0.1-0f199db9.0, =4.0.0-maple-1, =0.1.0, =1.4.8, =1.0.0, =1.7.1-alpha.4 Source cves: CVE-2024-30253 Source advisory: OSV:GHSA-8M45-2RJM-J347...

@hubbleprotocol/hubble-sdk (>=1.0.48 <=2.0.24), @streamflow/stream (>=3.0.14-dev <=3.0.19) +1 more potentially affected by CVE-2024-30253 via @solana/web3.js (=1.42.0)

@solana/web3.js NPM version =1.42.0 is affected by a known vulnerability. The following packages have a transitive dependency on @solana/web3.js and may be impacted: - @hubbleprotocol/hubble-sdk =1.0.48, =3.0.14-dev, =2.0.0, =2.0.2 Source cves: CVE-2024-30253 Source advisory: OSV:GHSA-8M45-2RJM-J...

Moderate: Red Hat Security Advisory: libX11 security update

An update for libX11 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...