Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
0.0 NA
CVE-2026-34779 — Electron: AppleScript injection in app.moveToApplicationsFolder on macOS

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, on macOS, app.moveToApplicationsFo…

| Authentication
Apr 04, 2026 Apr 04, 2026
Apr 04, 2026
Apr 04, 2026
0.0 NA
CVE-2026-34778 — Electron: Service worker can spoof executeJavaScript IPC replies

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, a service worker running in a session cou…

| Information Disclosure
Apr 03, 2026 Apr 03, 2026
Apr 03, 2026
Apr 03, 2026
0.0 NA
CVE-2026-34777 — Electron: Incorrect origin passed to permission request handler for iframe requests

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, when an iframe requests fullscreen, point…

| Authorization
Apr 03, 2026 Apr 03, 2026
Apr 03, 2026
Apr 03, 2026
0.0 NA
CVE-2026-34776 — Electron: Out-of-bounds read in second-instance IPC on macOS and Linux

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, on macOS and Linux, apps that call app.re…

| Memory Corruption
Apr 03, 2026 Apr 03, 2026
Apr 03, 2026
Apr 03, 2026
0.0 NA
CVE-2026-34775 — Electron: nodeIntegrationInWorker not correctly scoped in shared renderer processes

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.4, 40.8.4, and 41.0.0, the nodeIntegrationInWorker webPreference…

| Misconfiguration
Apr 03, 2026 Apr 03, 2026
Apr 03, 2026
Apr 03, 2026
0.0 NA
CVE-2026-34774 — Electron: Use-after-free in offscreen child window paint callback

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 39.8.1, 40.7.0, and 41.0.0, apps that use offscreen rendering and allow child…

| Memory Corruption
Apr 03, 2026 Apr 03, 2026
Apr 03, 2026
Apr 03, 2026
0.0 NA
CVE-2026-34773 — Electron: Registry key path injection in app.setAsDefaultProtocolClient on Windows

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, on Windows, app.setAsDefaultProtocolClien…

| Misconfiguration
Apr 03, 2026 Apr 03, 2026
Apr 03, 2026
Apr 03, 2026
0.0 NA
CVE-2026-34772 — Electron: Use-after-free in download save dialog callback

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that allow downloads and prog…

| Memory Corruption
Apr 03, 2026 Apr 03, 2026
Apr 03, 2026
Apr 03, 2026
0.0 NA
CVE-2026-34771 — Electron: Use-after-free in WebContents fullscreen, pointer-lock, and keyboard-lock permi…

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that register an asynchronous…

| Memory Corruption
Apr 03, 2026 Apr 03, 2026
Apr 03, 2026
Apr 03, 2026
0.0 NA
CVE-2026-34770 — Electron: Use-after-free in PowerMonitor on Windows and macOS

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, apps that use the powerMonitor mod…

| Memory Corruption
Apr 03, 2026 Apr 03, 2026
Apr 03, 2026
Apr 03, 2026
0.0 NA
CVE-2026-34768 — Electron: Unquoted executable path in app.setLoginItemSettings on Windows

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, on Windows, app.setLoginItemSettin…

| Misconfiguration
Apr 03, 2026 Apr 03, 2026
Apr 03, 2026
Apr 03, 2026
0.0 NA
CVE-2026-34767 — Electron: HTTP Response Header Injection in custom protocol handlers and webRequest

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.3, 40.8.3, and 41.0.3, apps that register custom protocol handle…

| Injection
Apr 03, 2026 Apr 03, 2026
Apr 03, 2026
Apr 03, 2026
0.0 NA
CVE-2026-34766 — Electron: USB device selection not validated against filtered device list

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, the select-usb-device event callba…

| Authorization
Apr 03, 2026 Apr 03, 2026
Apr 03, 2026
Apr 03, 2026
0.0 NA
CVE-2026-34769 — Electron: Renderer command-line switch injection via undocumented commandLineSwitches web…

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, an undocumented commandLineSwitche…

| Misconfiguration
Apr 03, 2026 Apr 03, 2026
Apr 03, 2026
Apr 03, 2026
5.3 MEDIUM
CVE-2026-35468 — nimiq/core-rs-albatross: Panic in history index request handlers when a full node runs wi…

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, two peer-facing consensus request handlers as…

Remote | Misconfiguration
Apr 03, 2026 Apr 03, 2026
Apr 03, 2026
Apr 03, 2026
8.6 HIGH
CVE-2026-34954 — PraisonAI: SSRF in FileTools.download_file() via Unvalidated URL

PraisonAI is a multi-agent teams system. Prior to version 1.5.95, FileTools.download_file() in praisonaiagents validates the destination path but performs no validation on the url parameter, passing …

Remote | Server-Side Request Forgery
Apr 03, 2026 Apr 03, 2026
Apr 03, 2026
Apr 03, 2026
9.1 CRITICAL
CVE-2026-34953 — PraisonAI: Authentication Bypass in OAuthManager.validate_token()

PraisonAI is a multi-agent teams system. Prior to version 4.5.97, OAuthManager.validate_token() returns True for any token not found in its internal store, which is empty by default. Any HTTP request…

Remote | Authentication
Apr 03, 2026 Apr 03, 2026
Apr 03, 2026
Apr 03, 2026
9.1 CRITICAL
CVE-2026-34952 — PraisonAI: Missing Authentication in WebSocket Gateway

PraisonAI is a multi-agent teams system. Prior to version 4.5.97, the PraisonAI Gateway server accepts WebSocket connections at /ws and serves agent topology at /info with no authentication. Any netw…

Remote | Authentication
Apr 03, 2026 Apr 03, 2026
Apr 03, 2026
Apr 03, 2026
6.5 MEDIUM
CVE-2026-34939 — PraisonAI: ReDoS via Unvalidated User-Controlled Regex in MCPToolIndex.search_tools()

PraisonAI is a multi-agent teams system. Prior to version 4.5.90, MCPToolIndex.search_tools() compiles a caller-supplied string directly as a Python regular expression with no validation, sanitizatio…

Remote | Denial of Service
Apr 03, 2026 Apr 03, 2026
Apr 03, 2026
Apr 03, 2026
10.0 CRITICAL
CVE-2026-34938 — PraisonAI: Python Sandbox Escape via str Subclass startswith() Override in execute_code

PraisonAI is a multi-agent teams system. Prior to version 1.5.90, execute_code() in praisonai-agents runs attacker-controlled Python inside a three-layer sandbox that can be fully bypassed by passing…

Remote | Misconfiguration
Apr 03, 2026 Apr 03, 2026
Apr 03, 2026
Apr 03, 2026
Showing 20 of 6388 Results