Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
electron vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-5090
Electron Inc. Advanced Electron Forum prior to 1.0.7 allows remote malicious users to execute arbitrary PHP code via PHP code embedded in bbcode in the email parameter, which is processed by the preg_replace function with the eval switch.
Anelectron Advanced Electron Forum 1.0.2
Anelectron Advanced Electron Forum 1.0.1
Anelectron Advanced Electron Forum 1.0.4
Anelectron Advanced Electron Forum 1.0.3
Anelectron Advanced Electron Forum
Anelectron Advanced Electron Forum 1.0.5
1 EDB exploit
6.8
CVSSv3
CVE-2020-15096
In Electron prior to 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using "contextIsolation"...
Electronjs Electron
Electronjs Electron 9.0.0
8.8
CVSSv3
CVE-2018-1000006
GitHub Electron versions 1.8.2-beta.3 and previous versions, 1.7.10 and previous versions, 1.6.15 and previous versions has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that register custom protocol handlers can be tricked i...
Atom Electron 1.8.2
Atom Electron
2 EDB exploits
2 Github repositories
2 Articles
8.8
CVSSv3
CVE-2018-1000118
Github Electron version Electron 1.8.2-beta.4 and previous versions contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their browser. This v...
Electronjs Electron 1.8.2
Electronjs Electron
1 Github repository
8.1
CVSSv3
CVE-2018-1000136
Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to 2.0.0-beta.3 contains an improper handling of values vulnerability in Webviews that can result in remote code execution. This attack appear to be exploitable via an app which allows execution of 3rd party code AND...
Electronjs Electron 2.0.0
Electronjs Electron
1 Article
7.5
CVSSv3
CVE-2020-4075
In Electron prior to 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. As a workaround, ensure you are calling `event.preventDefault()` on all new-window events where the `url` or `opt...
Electronjs Electron
Electronjs Electron 9.0.0
5.9
CVSSv3
CVE-2016-10534
electron-packager is a command line tool that packages Electron source code into `.app` and `.exe` packages. along with Electron. The `--strict-ssl` command line option in electron-packager >= 5.2.1 <= 6.0.0 || >=6.0.0 <= 6.0.2 defaults to false if not explicitly set ...
Electron-packager Project Electron-packager
5
CVSSv3
CVE-2022-21718
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` allows renderers to obtain access to a bluetooth device via the web bluetooth ...
Electronjs Electron
Electronjs Electron 17.0.0
7.8
CVSSv3
CVE-2023-1005
A vulnerability was found in JP1016 Markdown-Electron and classified as critical. Affected by this issue is some unknown functionality. The manipulation leads to code injection. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Cont...
Markdown-electron Project Markdown-electron -
6.6
CVSSv3
CVE-2023-39956
Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Electron apps that are launched as command line executables are impacted. Specifically this issue can only be exploited if the following conditions are met: 1. The app...
Electronjs Electron
Electronjs Electron 26.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »