17 matches found
EUVD-2026-30758
Mattermost Desktop App versions =6.1 6.0.1 5.4.13.0 fail to prevent server-rendered content from closing an underlying application view in the Mattermost Desktop App which allows a malicious server or plugin to crash the desktop client via invoking window.close in the renderer context, leading to...
PT-2026-41654
Mattermost Desktop App versions =6.1 6.0.1 5.4.13.0 fail to prevent server-rendered content from closing an underlying application view in the Mattermost Desktop App which allows a malicious server or plugin to crash the desktop client via invoking window.close in the renderer context, leading to...
CVE-2026-34765
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, when a renderer calls window.open with a target name, Electron did not correctly scope the named-window lookup to the opener's browsing...
CVE-2025-67230
Improper permissions in the handler for the Custom URL Scheme in ToDesktop Builder v0.33.0 allows attackers with renderer-context access to invoke external protocol handlers without sufficient validation...
CVE-2025-67230
Improper permissions in the handler for the Custom URL Scheme in ToDesktop Builder v0.33.0 allows attackers with renderer-context access to invoke external protocol handlers without sufficient validation...
CVE-2025-67230
Improper permissions in the handler for the Custom URL Scheme in ToDesktop Builder v0.33.0 allows attackers with renderer-context access to invoke external protocol handlers without sufficient validation...
PT-2026-4497
Name of the Vulnerable Software and Affected Versions ToDesktop Builder version 0.33.0 Description A flaw exists in the Custom URL Scheme handler within ToDesktop Builder. Insufficient validation when invoking external protocol handlers from the renderer context allows attackers with...
CVE-2025-67230
Improper permissions in the handler for the Custom URL Scheme in ToDesktop Builder v0.33.0 allows attackers with renderer-context access to invoke external protocol handlers without sufficient validation...
CVE-2025-67230
Improper permissions in the handler for the Custom URL Scheme in ToDesktop Builder v0.33.0 allows attackers with renderer-context access to invoke external protocol handlers without sufficient validation...
CVE-2025-67230
Improper permissions in the handler for the Custom URL Scheme in ToDesktop Builder v0.33.0 allows attackers with renderer-context access to invoke external protocol handlers without sufficient validation...
CVE-2025-67230
The CVE-2025-67230 issue affects ToDesktop Builder v0.33.0, where improper permissions in the Custom URL Scheme handler allow attackers with renderer-context access to invoke external protocol handlers without sufficient validation. This creates a risk of abuse via unvalidated external protocol i...
CVE-2026-22793
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsing vulnerability in the ECharts Markdown plugin allows any user able to submit ECharts code blocks to execute arbitrary JavaScript code in the...
CVE-2026-22793 5ire vulnerable to Remote Code Execution (RCE) via ECharts
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsing vulnerability in the ECharts Markdown plugin allows any user able to submit ECharts code blocks to execute arbitrary JavaScript code in the...
CVE-2026-22793 5ire vulnerable to Remote Code Execution (RCE) via ECharts
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsing vulnerability in the ECharts Markdown plugin allows any user able to submit ECharts code blocks to execute arbitrary JavaScript code in the...
CVE-2026-22792 5ire vulnerable to Remote Code Execution (RCE)
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML rendering permits untrusted HTML including on event attributes to execute in the renderer context. An attacker can inject an payload to run arbitrary...
EUVD-2020-1409
Malware in sbrugna...
PT-2023-28991 · Altair · Altair
Name of the Vulnerable Software and Affected Versions: Altair versions prior to 5.2.5 Description: The Altair GraphQL Client Desktop Application does not sanitize external URLs before passing them to the underlying system and does not isolate the context of the renderer process. This issue affect...