Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
electron vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2020-12079
Beaker prior to 0.8.9 allows a sandbox escape, enabling system access and code execution. This occurs because Electron context isolation is not used, and therefore an attacker can conduct a prototype-pollution attack against the Electron internal messaging API.
Beakerbrowser Beaker
NA
CVE-2023-29059
3CX DesktopApp up to and including 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, a...
3cx 3cx 18.12.407
3cx 3cx 18.12.416
3cx 3cx 18.12.402
3cx 3cx 18.11.1213
1 Github repository
4.6
CVSSv2
CVE-2021-36668
URL injection in Driva inSync 6.9.0 for MacOS, allows malicious users to force a visit to an arbitrary url via the port parameter to the Electron App.
Druva Insync Client
NA
CVE-2024-23755
ClickUp Desktop prior to 3.3.77 on macOS and Windows allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode.
4.3
CVSSv2
CVE-2021-33041
vmd up to and including 1.34.0 allows 'div class="markdown-body"' XSS, as demonstrated by Electron remote code execution via require('child_process').execSync('calc.exe') on Windows and a similar attack on macOS.
Vmd Project Vmd
NA
CVE-2024-1648
electron-pdf version 20.0.0 allows an external malicious user to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user.
4.3
CVSSv2
CVE-2020-9443
Zulip Desktop prior to 4.0.3 loaded untrusted content in an Electron webview with web security disabled, which can be exploited for XSS in a number of ways. This especially affects Zulip Desktop 2.3.82.
Zulipchat Zulip Desktop
4.3
CVSSv2
CVE-2021-32772
Poddycast is a podcast app made with Electron. Prior to version 0.8.1, an attacker can create a podcast or episode with malicious characters and execute commands on the client machine. The application does not clean the HTML characters of the podcast information obtained from the...
Electronjs Poddycast 0.8.0
NA
CVE-2023-42222
WebCatalog prior to 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances.
Webcatalog Webcatalog
1 Github repository
NA
CVE-2022-48482
3CX prior to 18 Update 2 Security Hotfix build 18.0.2.315 on Windows allows unauthenticated remote malicious users to read certain files via /Electron/download directory traversal. Files may have credentials, full backups, call recordings, and chat logs.
3cx 3cx
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »