CVE-2026-34773

CVE-2026-34773 (Electron, Windows): The issue arises when calling app.setAsDefaultProtocolClient() with a protocol name derived from external input; the protocol name is written to HKCU\Software\Classes\ without proper validation, risking hijack of existing protocol handlers. Affected Electron ve...

CVE-2026-34773 Electron: Registry key path injection in app.setAsDefaultProtocolClient on Windows

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, on Windows, app.setAsDefaultProtocolClientprotocol did not validate the protocol name before writing to the registry. Apps that pass...

Oracle MySQL Connectors CVE-2024-7254 (April 2025 CPU)

The 9.0.0 and 9.2.0 versions of MySQL Connectors installed on the remote host is affected by CVE-2024-7254 as referenced in the April 2025 CPU advisory. - Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted ...

DoS (Denial of Service) com.google.protobuf:protobuf-java Dependency in Jira Software Data Center and Server

This High severity com.google.protobuf:protobuf-java Dependency vulnerability was introduced in versions 9.4.0, 9.6.0, 9.7.0, 9.8.0, 9.9.0, 9.10.0, 9.11.0, 9.12.0, 9.13.0, 9.14.0, 9.15.0, 9.16.1, 9.17.0, 10.0.0, and 10.1.1 of Jira Software Data Center and Server. This...