Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
electron vulnerabilities and exploits
(subscribe to this query)
10
CVSSv3
CVE-2020-12079
Beaker prior to 0.8.9 allows a sandbox escape, enabling system access and code execution. This occurs because Electron context isolation is not used, and therefore an attacker can conduct a prototype-pollution attack against the Electron internal messaging API.
Beakerbrowser Beaker
7.8
CVSSv3
CVE-2023-29059
3CX DesktopApp up to and including 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. This affects versions 18.12.407 and 18.12.416 of the 3CX DesktopApp Electron Windows application shipped in Update 7, and versions 18.11.1213, 18.12.402, 18.12.407, a...
3cx 3cx 18.12.407
3cx 3cx 18.12.416
3cx 3cx 18.12.402
3cx 3cx 18.11.1213
1 Github repository
7.8
CVSSv3
CVE-2021-36668
URL injection in Driva inSync 6.9.0 for MacOS, allows malicious users to force a visit to an arbitrary url via the port parameter to the Electron App.
Druva Insync Client
NA
CVE-2024-23755
ClickUp Desktop prior to 3.3.77 on macOS and Windows allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode.
6.1
CVSSv3
CVE-2021-33041
vmd up to and including 1.34.0 allows 'div class="markdown-body"' XSS, as demonstrated by Electron remote code execution via require('child_process').execSync('calc.exe') on Windows and a similar attack on macOS.
Vmd Project Vmd
7.5
CVSSv3
CVE-2024-1648
electron-pdf version 20.0.0 allows an external malicious user to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user.
8.8
CVSSv3
CVE-2023-42222
WebCatalog prior to 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances.
Webcatalog Webcatalog
1 Github repository
8.8
CVSSv3
CVE-2021-32772
Poddycast is a podcast app made with Electron. Prior to version 0.8.1, an attacker can create a podcast or episode with malicious characters and execute commands on the client machine. The application does not clean the HTML characters of the podcast information obtained from the...
Electronjs Poddycast 0.8.0
6.1
CVSSv3
CVE-2020-9443
Zulip Desktop prior to 4.0.3 loaded untrusted content in an Electron webview with web security disabled, which can be exploited for XSS in a number of ways. This especially affects Zulip Desktop 2.3.82.
Zulipchat Zulip Desktop
7.5
CVSSv3
CVE-2022-48482
3CX prior to 18 Update 2 Security Hotfix build 18.0.2.315 on Windows allows unauthenticated remote malicious users to read certain files via /Electron/download directory traversal. Files may have credentials, full backups, call recordings, and chat logs.
3cx 3cx
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2024-34413
CVE-2024-34089
CVE-2024-33408
local
SQL
CVE-2024-0402
CVE-2024-33910
CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »