Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
electron vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2008-5090
Electron Inc. Advanced Electron Forum prior to 1.0.7 allows remote malicious users to execute arbitrary PHP code via PHP code embedded in bbcode in the email parameter, which is processed by the preg_replace function with the eval switch.
Anelectron Advanced Electron Forum 1.0.2
Anelectron Advanced Electron Forum 1.0.1
Anelectron Advanced Electron Forum 1.0.4
Anelectron Advanced Electron Forum 1.0.3
Anelectron Advanced Electron Forum
Anelectron Advanced Electron Forum 1.0.5
1 EDB exploit
4.3
CVSSv2
CVE-2016-10534
electron-packager is a command line tool that packages Electron source code into `.app` and `.exe` packages. along with Electron. The `--strict-ssl` command line option in electron-packager >= 5.2.1 <= 6.0.0 || >=6.0.0 <= 6.0.2 defaults to false if not explicitly set ...
Electron-packager Project Electron-packager
2.1
CVSSv2
CVE-2020-4075
In Electron prior to 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. As a workaround, ensure you are calling `event.preventDefault()` on all new-window events where the `url` or `opt...
Electronjs Electron
Electronjs Electron 9.0.0
3.6
CVSSv2
CVE-2020-4076
In Electron prior to 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using contextIsolation are affected. This is fixed in...
Electronjs Electron
Electronjs Electron 9.0.0
6.5
CVSSv2
CVE-2020-4077
In Electron prior to 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using both `contextIsolation` and `contextBridge` are...
Electronjs Electron
Electronjs Electron 9.0.0
NA
CVE-2023-1005
A vulnerability was found in JP1016 Markdown-Electron and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to code injection. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Cont...
Markdown-electron Project Markdown-electron -
4
CVSSv2
CVE-2020-15096
In Electron prior to 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using "contextIsolation"...
Electronjs Electron
Electronjs Electron 9.0.0
9.3
CVSSv2
CVE-2018-1000118
Github Electron version Electron 1.8.2-beta.4 and previous versions contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This v...
Electronjs Electron 1.8.2
Electronjs Electron
1 Github repository
6.8
CVSSv2
CVE-2018-1000136
Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0.0-beta.3 contains an improper handling of values vulnerability in Webviews that can result in remote code execution. This attack appear to be exploitable via an app which allows execution of 3rd party code AND...
Electronjs Electron 2.0.0
Electronjs Electron
1 Article
4
CVSSv2
CVE-2022-21718
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` allows renderers to obtain access to a bluetooth device via the web bluetooth ...
Electronjs Electron
Electronjs Electron 17.0.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »