CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6 matches found

RedhatCVE•added 2026/04/06 4:46 p.m.•5 views

CVE-2026-34777

A flaw was found in Electron, a framework for building desktop applications. When an embedded iframe requests permissions, such as for fullscreen or media access, the framework incorrectly provides the origin of the main page instead of the requesting iframe's origin. This vulnerability allows a...

5.4CVSS5.8AI score0.00122EPSS

Exploits0References4

Vulnrichment•added 2026/04/03 11:57 p.m.•3 views

CVE-2026-34777 Electron: Incorrect origin passed to permission request handler for iframe requests

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, when an iframe requests fullscreen, pointerLock, keyboardLock, openExternal, or media permissions, the origin passed to...

5.4CVSS5.8AI score0.00122EPSS

Exploits0References1

Snyk•added 2026/04/03 2:44 a.m.•5 views

Origin Validation Error

Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Origin Validation Error in the session.setPermissionRequestHandler function. An attacker can gain unauthorized access to...

5.4CVSS5.9AI score0.00122EPSS

Exploits0References2

OSV•added 2026/04/03 2:44 a.m.•2 views

GHSA-R5P7-GP4J-QHRX Electron: Incorrect origin passed to permission request handler for iframe requests

Impact When an iframe requests fullscreen, pointerLock, keyboardLock, openExternal, or media permissions, the origin passed to session.setPermissionRequestHandler was the top-level page's origin rather than the requesting iframe's origin. Apps that grant permissions based on the origin parameter ...

5.4CVSS5.9AI score0.00122EPSS

Exploits0References3