CVE-2026-39309

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Electron configuration is vulnerable to TCC Bypass via Prompt Spoofing, allowing local attackers to trigger misleading macOS permission...

CVE-2026-39309

CVE-2026-39309 affects Trilium Notes before v0.102.2. The Electron configuration allows a RunAsNode fuse to launch the app in a special Node.js mode (-e) that can execute arbitrary commands with Trilium’s permissions, enabling a local attacker to spoof macOS TCC prompts. An attacker could trigger...

CVE-2023-49314

Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode and EnableNodeCliInspectArguments, and thus r3ggi/electroniz3r can be used to perform an attack...

EUVD-2025-28538

Malicious code in bioql PyPI...

EUVD-2025-25780

Malicious code in bioql PyPI...

CVE-2025-53811

The configuration of Mosh-Pro on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Mosh-Pro TCC Transparency, Consent, and Control permissions. Acquired resource access is limited to previously granted...

CVE-2025-9190

The configuration of Cursor on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Cursor TCC Transparency, Consent, and Control permissions. Acquired resource access is limited to previously granted permission...

CVE-2025-53811

The configuration of Mosh-Pro on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Mosh-Pro TCC Transparency, Consent, and Control permissions. Acquired resource access is limited to previously granted...

CVE-2025-53813

The configuration of Nozbe on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Nozbe TCC Transparency, Consent, and Control permissions. Acquired resource access is limited to previously granted permissions...

CVE-2025-9190

Cursor for macOS 15.4.1 is affected by a RunAsNode fuse misconfiguration that allows a local, unprivileged attacker to execute arbitrary code inheriting Cursor TCC permissions. Access to resources is limited to what the user previously granted; requesting other resources will prompt the user, pot...

CVE-2025-9190 TCC Bypass via misconfigured Node fuses in Cursor

The configuration of Cursor on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Cursor TCC Transparency, Consent, and Control permissions. Acquired resource access is limited to previously granted permission...

CVE-2025-53811 TCC Bypass via misconfigured Node fuses in Mosh-Pro

The configuration of Mosh-Pro on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Mosh-Pro TCC Transparency, Consent, and Control permissions. Acquired resource access is limited to previously granted...

PT-2025-34755 · Mosh Pro +1 · Mosh-Pro +1

Name of the Vulnerable Software and Affected Versions: Mosh-Pro version 1.3.2 Description: The configuration of Mosh-Pro on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Mosh-Pro TCC Transparency, Consent...

CVE-2024-25249

An issue in He3 App for macOS version 2.0.17, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings...

CVE-2024-23755

ClickUp Desktop before 3.3.77 on macOS and Windows allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode...

CVE-2024-25249

An issue in He3 App for macOS version 2.0.17, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings...

CVE-2023-50975

The TD Bank TD Advanced Dashboard client through 3.0.3 for macOS allows arbitrary code execution because of the lack of electron::fuses::IsRunAsNodeEnabled i.e., ELECTRONRUNASNODE can be used in production. This makes it easier for a compromised process to access banking information...

CVE-2023-50975

The TD Bank TD Advanced Dashboard client through 3.0.3 for macOS allows arbitrary code execution because of the lack of electron::fuses::IsRunAsNodeEnabled i.e., ELECTRONRUNASNODE can be used in production. This makes it easier for a compromised process to access banking information...

OpenVPN Connect Security Breach

OpenVPN Connect is a VPN Virtual Private Network client application from US-based OpenVPN. A security vulnerability exists in OpenVPN Connect that originates from allowing a local attacker to execute arbitrary code in the context of a nodejs process via the ELECTRONRUNASNODE environment variable...

Kap security breach

Kap is an open source screen recorder from Wulkano Open Source. Kap 3.6.0 version of the previous security vulnerability , the vulnerability stems from the RunAsNode and enableNodeClilnspectArguments settings can execute arbitrary code...