| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-34781 | Electron crashes in clipboard.readImage() on malformed clipboard image data | electron | electron | Low | 2.8 | 2026-04-07 21:20:13 | Deep Dive |
| CVE-2026-34765 | Electron named window.open targets not scoped to the opener's browsing context | electron | electron | Medium | 6.0 | 2026-04-07 21:18:35 | Deep Dive |
| CVE-2026-34764 | Electron has a use-after-free in offscreen shared texture release() callback | electron | electron | Low | 2.3 | 2026-04-06 15:46:40 | Deep Dive |
| CVE-2026-34780 | Electron: Context Isolation bypass via contextBridge VideoFrame transfer | electron | electron | High | 8.3 | 2026-04-04 00:02:02 | Deep Dive |
| CVE-2026-34779 | Electron: AppleScript injection in app.moveToApplicationsFolder on macOS | electron | electron | Medium | 6.5 | 2026-04-04 00:00:42 | Deep Dive |
| CVE-2026-34778 | Electron: Service worker can spoof executeJavaScript IPC replies | electron | electron | Medium | 5.9 | 2026-04-03 23:59:07 | Deep Dive |
| CVE-2026-34777 | Electron: Incorrect origin passed to permission request handler for iframe requests | electron | electron | Medium | 5.4 | 2026-04-03 23:57:36 | Deep Dive |
| CVE-2026-34776 | Electron: Out-of-bounds read in second-instance IPC on macOS and Linux | electron | electron | Medium | 5.3 | 2026-04-03 23:56:42 | Deep Dive |
| CVE-2026-34775 | Electron: nodeIntegrationInWorker not correctly scoped in shared renderer processes | electron | electron | Medium | 6.8 | 2026-04-03 23:55:21 | Deep Dive |
| CVE-2026-34774 | Electron: Use-after-free in offscreen child window paint callback | electron | electron | High | 8.1 | 2026-04-03 23:52:39 | Deep Dive |
| CVE-2026-34773 | Electron: Registry key path injection in app.setAsDefaultProtocolClient on Windows | electron | electron | Medium | 4.7 | 2026-04-03 23:50:42 | Deep Dive |
| CVE-2026-34772 | Electron: Use-after-free in download save dialog callback | electron | electron | Medium | 5.8 | 2026-04-03 23:49:20 | Deep Dive |
| CVE-2026-34771 | Electron: Use-after-free in WebContents fullscreen, pointer-lock, and keyboard-lock permission callbacks | electron | electron | High | 7.5 | 2026-04-03 23:47:23 | Deep Dive |
| CVE-2026-34770 | Electron: Use-after-free in PowerMonitor on Windows and macOS | electron | electron | High | 7.0 | 2026-04-03 23:46:11 | Deep Dive |
| CVE-2026-34768 | Electron: Unquoted executable path in app.setLoginItemSettings on Windows | electron | electron | Low | 3.9 | 2026-04-03 23:44:56 | Deep Dive |
| CVE-2026-34767 | Electron: HTTP Response Header Injection in custom protocol handlers and webRequest | electron | electron | Medium | 5.9 | 2026-04-03 23:43:09 | Deep Dive |
| CVE-2026-34766 | Electron: USB device selection not validated against filtered device list | electron | electron | Low | 3.3 | 2026-04-03 23:35:10 | Deep Dive |
| CVE-2026-34769 | Electron: Renderer command-line switch injection via undocumented commandLineSwitches webPreference | electron | electron | High | 7.7 | 2026-04-03 23:33:56 | Deep Dive |
| CVE-2025-5805 | WordPress Electron theme <= 1.8.2 - Broken Access Control vulnerability | Ninetheme | Electron | Medium | 6.5 | 2026-01-22 16:51:46 | Deep Dive |
| CVE-2025-55305 | Electron is vulnerable to Code Injection via resource modification | electron | electron | Medium | 6.1 | 2025-09-04 23:05:07 | Deep Dive |