CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

226 matches found

RedhatCVE•added 2026/06/05 7:18 p.m.•6 views

CVE-2026-45037

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.232, Tabby's terminal linkifier passes any detected URI directly to the operating system's protocol handler without validating the protocol scheme. This allows a malicious SSH or Telnet server to send crafted termina...

7.1CVSS5.6AI score0.00054EPSS

Exploits0References1

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в firefox, thunderbird

When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...

6.5CVSS8.7AI score0.00356EPSS

Exploits0References2

NVD•added 2026/05/15 5:16 p.m.•10 views

CVE-2026-45037

7.1CVSS0.00054EPSS

Exploits0References1

EUVD•added 2026/05/15 4:40 p.m.•6 views

EUVD-2026-30569

7.1CVSS6AI score0.00054EPSS

Exploits0References1

Cvelist•added 2026/05/15 4:40 p.m.•39 views

CVE-2026-45037 Tabby: Unsafe protocol handler execution via terminal linkifier allows arbitrary OS protocol invocation

7.1CVSS0.00054EPSS

Exploits0References1

Github Security Blog•added 2026/05/08 6:46 p.m.•8 views

Electerm users can run dangrous code through link or command line

Impact Arbitrary local code execution via deep links, CLI --opts, or crafted shortcuts. Affected users: electerm installs that accept protocol URLs or CLI options affected versions listed in the original report. Exploit requires clicking a crafted electerm://... link or opening a crafted...

9.6CVSS6.2AI score0.0016EPSS

Exploits0References7Affected Software1

NVD•added 2026/04/04 12:16 a.m.•1 views

CVE-2026-34767

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.3, 40.8.3, and 41.0.3, apps that register custom protocol handlers via protocol.handle / protocol.registerSchemesAsPrivileged or modify response headers via...

6.5CVSS0.00013EPSS

Exploits0References1

CNNVD•added 2026/04/04 12:0 a.m.•5 views

Electron 注入漏洞

Electron is an open-source JavaScript framework developed by users for creating cross-platform desktop applications. This framework is based on Node.js and Chromium, allowing the development of cross-platform desktop applications using HTML and CSS. Versions of Electron prior to 38.8.6, 39.8.3,...

6.5CVSS5.8AI score0.00013EPSS

Exploits0References1

Vulnrichment•added 2026/04/03 11:43 p.m.•0 views

CVE-2026-34767 Electron: HTTP Response Header Injection in custom protocol handlers and webRequest

5.9CVSS5.8AI score0.00013EPSS

Exploits0References1

ATTACKERKB•added 2026/04/03 11:43 p.m.•1 views

CVE-2026-34767

5.9CVSS5.8AI score0.00013EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/04/03 11:43 p.m.•18 views

CVE-2026-34767 Electron: HTTP Response Header Injection in custom protocol handlers and webRequest

5.9CVSS0.00013EPSS

Exploits0References1

CVE•added 2026/04/03 11:43 p.m.•11 views

CVE-2026-34767

Summary : Electron apps that register custom protocol handlers (protocol.handle()/protocol.registerSchemesAsPrivileged()) or use webRequest.onHeadersReceived can be vulnerable to HTTP response header injection when untrusted input is reflected into header names or values. Impact : injected header...

6.5CVSS5.8AI score0.00013EPSS

Exploits0References1Affected Software1

Snyk•added 2026/04/03 2:41 a.m.•1 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' in the...

7.5CVSS6AI score0.00026EPSS

Exploits0References3

OSV•added 2026/04/03 2:37 a.m.•2 views

GHSA-4P4R-M79C-WQ3V Electron: HTTP Response Header Injection in custom protocol handlers and webRequest

Impact Apps that register custom protocol handlers via protocol.handle / protocol.registerSchemesAsPrivileged or modify response headers via webRequest.onHeadersReceived may be vulnerable to HTTP response header injection if attacker-controlled input is reflected into a response header name or...

5.9CVSS5.9AI score0.00013EPSS

Exploits0References3

EUVD•added 2026/04/03 2:37 a.m.•2 views

EUVD-2026-18933

Electron: HTTP Response Header Injection in custom protocol handlers and webRequest...

5.9CVSS5.9AI score0.00013EPSS

Exploits0References1

Github Security Blog•added 2026/04/03 2:37 a.m.•3 views

Electron: HTTP Response Header Injection in custom protocol handlers and webRequest

6.5CVSS5.9AI score0.00013EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2026/04/03 12:0 a.m.•2 views

PT-2026-29997

5.9CVSS5.9AI score0.00013EPSS

Exploits0References4

SUSE CVE•added 2026/03/26 2:43 p.m.•3 views

SUSE CVE-2026-23398

In the Linux kernel, the following vulnerability has been resolved: icmp: fix NULL pointer dereference in icmptagvalidation icmptagvalidation unconditionally dereferences the result of rcudereferenceinetprotosproto without checking for NULL. The inetprotos array is sparse -- only about 15 of 256...

5.9CVSS5.8AI score0.00031EPSS

Exploits2References19

ATTACKERKB•added 2026/03/24 3:7 p.m.•2 views

CVE-2026-33335

Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper passes URLs from window.open calls directly to shell.openExternal without any validation or protocol allowlisting. An attacker who can place ...

6.4CVSS5.9AI score0.00051EPSS

Exploits1References3Affected Software1

Positive Technologies•added 2026/03/24 12:0 a.m.•3 views

PT-2026-27443

6.4CVSS5.9AI score0.00051EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by