Tag

Electron

4 briefs RSS

SiYuan Bazaar Marketplace Stored XSS Leads to Electron RCE

SiYuan's Bazaar marketplace is vulnerable to stored cross-site scripting (XSS) via unescaped package metadata, leading to arbitrary OS command execution in the desktop Electron client.

github.com/siyuan-note/siyuan/kernel xss rce electron siyuan

2r 1t May 13, 2026

high advisory

Electron VideoFrame Context Isolation Bypass Vulnerability (CVE-2026-34780)

2 rules 2 TTPs 1 CVE

A context isolation bypass vulnerability exists in Electron applications that bridge VideoFrame objects via contextBridge, potentially allowing an attacker with JavaScript execution in the main world to access the isolated world and Node.js APIs.

electron context-isolation javascript xss CVE-2026-34780 defense-evasion privilege-escalation

2r 2t 1c Apr 4, 2026

high advisory

Electron Use-After-Free Vulnerability in Offscreen Rendering with Child Windows

2 rules

A use-after-free vulnerability (CVE-2026-34774) exists in Electron applications using offscreen rendering and allowing child windows, potentially leading to crashes or memory corruption if the parent WebContents is destroyed before the child window.

electron use-after-free vulnerability cve-2026-34774

2r Apr 3, 2026

high advisory

Electron Use-After-Free Vulnerability in PowerMonitor Module

2 rules 1 TTP

A use-after-free vulnerability exists in the `powerMonitor` module of Electron applications on Windows and macOS. When the native `PowerMonitor` object is garbage-collected, dangling references are retained by OS-level resources. Subsequent session-change events on Windows or system shutdowns on macOS may dereference freed memory, potentially leading to a crash or memory corruption.

electron use-after-free vulnerability powermonitor windows macos

2r 1t Apr 3, 2026