CVE-2026-34769

CVE-2026-34769 (Electron) affects Electron versions prior to 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8. An undocumented commandLineSwitches webPreference allowed arbitrary switches to be appended to the renderer process command line. When apps construct webPreferences from external or untrusted i...

CVE-2020-35717

zonote through 0.4.0 allows XSS via a crafted note, with resultant Remote Code Execution because nodeIntegration in webPreferences is true...

CVE-2024-3166

A Cross-Site Scripting XSS vulnerability exists in mintplex-labs/anything-llm, affecting both the desktop application version 1.2.0 and the latest version of the web application. The vulnerability arises from the application's feature to fetch and embed content from websites into workspaces, whic...

CVE-2024-3166 Cross-Site Scripting (XSS) Vulnerability in mintplex-labs/anything-llm

A Cross-Site Scripting XSS vulnerability exists in mintplex-labs/anything-llm, affecting both the desktop application version 1.2.0 and the latest version of the web application. The vulnerability arises from the application's feature to fetch and embed content from websites into workspaces, whic...

PT-2024-24179 · Mintplex · Mintplex-Labs/Anything-Llm

Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm versions 1.2.0 through 1.4.1 mintplex-labs/anything-llm web application affected versions not specified Description: A Cross-Site Scripting XSS vulnerability exists in the application, affecting both the desktop and...

Design/Logic Flaw

zonote through 0.4.0 allows XSS via a crafted note, with resultant Remote Code Execution because nodeIntegration in webPreferences is true...

CVE-2020-35717

zonote through 0.4.0 allows XSS via a crafted note, with resultant Remote Code Execution because nodeIntegration in webPreferences is true...

Design/Logic Flaw

Notable 1.8.4 allows XSS via crafted Markdown text, with resultant remote code execution because nodeIntegration in webPreferences is true...

CVE-2020-8548

massCode 1.0.0-alpha.6 allows XSS via crafted Markdown text, with resultant remote code execution because nodeIntegration in webPreferences is true...

CVE-2020-8548

massCode 1.0.0-alpha.6 allows XSS via crafted Markdown text, with resultant remote code execution because nodeIntegration in webPreferences is true...

CVE-2020-8548

massCode 1.0.0-alpha.6 allows XSS via crafted Markdown text, with resultant remote code execution because nodeIntegration in webPreferences is true...

Remote Code Execution

Overview GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution. More information to...

Electron WebPreferences - Remote Code Execution Exploit

Exploit for multiple platform in category remote exploits CVE-2018-15685 - Electron WebPreferences Remote Code Execution This is a minimal Electron application with a POC for CVE-2018-15685. A remote code execution vulnerability has been discovered affecting apps with the ability to open nested...

Electron webPreferences vulnerability can be used to perform remote code execution

GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a webPreferences vulnerability that can be leveraged to perform remote code execution. More information to determine if yo...

CVE-2018-15685

GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution...

Remote code execution

GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution...

CVE-2018-15685

GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution...

CVE-2018-15685

GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution...

CVE-2018-15685

GitHub Electron versions 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6 are affected by a WebPreferences vulnerability when using IFRAME with nativeWindowOpen: true or sandbox: true, enabling remote code execution. The issue arises in Electron’s WebPreferences handling and can be triggered in nested wind...

Electron WebPreferences Remote Command Execution Vulnerability

Electron is an open source library developed by Github to build cross-platform desktop applications using HTML, CSS and JavaScript.Electron accomplishes this by merging Chromium and Node.js into the same runtime environment and applications for Mac, Windows and Linux systems. A remote command...