Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
electron vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2021-41392
static/main-preload.js in Boost Note up to and including 0.22.0 allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the dangerous openExternal Electron API.
Boostnote Boostnote
7.5
CVSSv2
CVE-2020-1889
A security feature bypass issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed for sandbox escape in Electron and escalation of privilege if combined with a remote code execution vulnerability inside the sandboxed renderer process.
Whatsapp Whatsapp Desktop
1 Article
NA
CVE-2023-49314
Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode and EnableNodeCliInspectArguments, and thus r3ggi/electroniz3r can be used to perform an attack.
Asana Desktop 2.1.0
2 Github repositories
NA
CVE-2024-23743
Notion up to and including 3.1.0 on macOS might allow code execution because of RunAsNode and enableNodeClilnspectArguments. NOTE: the vendor states "the attacker must launch the Notion Desktop application with nonstandard flags that turn the Electron-based application into ...
Notion Notion
1 Github repository
NA
CVE-2023-50975
The TD Bank TD Advanced Dashboard client up to and including 3.0.3 for macOS allows arbitrary code execution because of the lack of electron::fuses::IsRunAsNodeEnabled (i.e., ELECTRON_RUN_AS_NODE can be used in production). This makes it easier for a compromised process to access...
NA
CVE-2024-23746
Miro Desktop 0.8.18 on macOS allows local Electron code injection via a complex series of steps that might be usable in some environments (bypass a kTCCServiceSystemPolicyAppBundles requirement via a file copy, an app.app/Contents rename, an asar modification, and a rename back t...
Miro Miro 0.8.18
1 Github repository
NA
CVE-2024-27303
electron-builder is a solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux. A vulnerability that only affects eletron-builder before 24.13.2 in Windows, the NSIS installer makes a system call to open cmd.exe via NSExec in...
NA
CVE-2022-48483
3CX prior to 18 Hotfix 1 build 18.0.3.461 on Windows allows unauthenticated remote malicious users to read %WINDIR%\system32 files via /Electron/download directory traversal in conjunction with a path component that has a drive letter and uses backslash characters. NOTE: this iss...
3cx 3cx
7.5
CVSSv2
CVE-2021-44042
An issue exists in UiPath Assistant 21.4.4. User-controlled data supplied to the --process-start argument of the URI handler for uipath-assistant:// is not correctly encoded, resulting in attacker-controlled content being injected into the error message displayed (when the inject...
Uipath Assistant 21.4.4
6.8
CVSSv2
CVE-2019-20374
A mutation cross-site scripting (XSS) issue in Typora up to and including 0.9.9.31.2 on macOS and up to and including 0.9.81 on Linux leads to Remote Code Execution through Mermaid code blocks. To exploit this vulnerability, one must open a file in Typora. The XSS vulnerability i...
Typora Typora
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »