Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.5 MEDIUM
CVE-2026-3571 — Pie Register – User Registration, Profiles & Content Restriction <= 3.8.4.8 - Missing Aut…

The Pie Register – User Registration, Profiles & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pie_main() functi…

Remote | Authorization
Apr 04, 2026 Apr 04, 2026
Apr 04, 2026
Apr 04, 2026
9.8 CRITICAL
CVE-2026-35616 — Fortinet FortiClientEMS Remote Code Execution Vulnerability

A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.

Remote | Authorization
Apr 04, 2026 Apr 04, 2026
Apr 04, 2026
Apr 04, 2026
8.3 HIGH
CVE-2026-34780 — Electron: Context Isolation bypass via contextBridge VideoFrame transfer

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 39.0.0-alpha.1 to before 39.8.0, 40.0.0-alpha.1 to before 40.7.0, and 41.0.0-alph…

Remote | Misconfiguration
Apr 04, 2026 Apr 04, 2026
Apr 04, 2026
Apr 04, 2026
8.8 HIGH
CVE-2026-34955 — PraisonAI: Sandbox Escape via shell=True and Bypassable Blocklist in SubprocessSandbox

PraisonAI is a multi-agent teams system. Prior to version 4.5.97, SubprocessSandbox in all modes (BASIC, STRICT, NETWORK_ISOLATED) calls subprocess.run() with shell=True and relies solely on string-p…

| Misconfiguration
Apr 04, 2026 Apr 04, 2026
Apr 04, 2026
Apr 04, 2026
6.5 MEDIUM
CVE-2026-34779 — Electron: AppleScript injection in app.moveToApplicationsFolder on macOS

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, on macOS, app.moveToApplicationsFo…

| Authentication
Apr 04, 2026 Apr 04, 2026
Apr 04, 2026
Apr 04, 2026
5.9 MEDIUM
CVE-2026-34778 — Electron: Service worker can spoof executeJavaScript IPC replies

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, a service worker running in a session cou…

Remote | Information Disclosure
Apr 04, 2026 Apr 04, 2026
Apr 04, 2026
Apr 04, 2026
5.4 MEDIUM
CVE-2026-34777 — Electron: Incorrect origin passed to permission request handler for iframe requests

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, when an iframe requests fullscreen, point…

Remote | Authorization
Apr 04, 2026 Apr 04, 2026
Apr 04, 2026
Apr 04, 2026
5.3 MEDIUM
CVE-2026-34776 — Electron: Out-of-bounds read in second-instance IPC on macOS and Linux

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, on macOS and Linux, apps that call app.re…

| Memory Corruption
Apr 04, 2026 Apr 04, 2026
Apr 04, 2026
Apr 04, 2026
6.8 MEDIUM
CVE-2026-34775 — Electron: nodeIntegrationInWorker not correctly scoped in shared renderer processes

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.4, 40.8.4, and 41.0.0, the nodeIntegrationInWorker webPreference…

Remote | Misconfiguration
Apr 04, 2026 Apr 04, 2026
Apr 04, 2026
Apr 04, 2026
8.1 HIGH
CVE-2026-34774 — Electron: Use-after-free in offscreen child window paint callback

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 39.8.1, 40.7.0, and 41.0.0, apps that use offscreen rendering and allow child…

Remote | Memory Corruption
Apr 04, 2026 Apr 04, 2026
Apr 04, 2026
Apr 04, 2026
4.7 MEDIUM
CVE-2026-34773 — Electron: Registry key path injection in app.setAsDefaultProtocolClient on Windows

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, on Windows, app.setAsDefaultProtocolClien…

| Misconfiguration
Apr 04, 2026 Apr 04, 2026
Apr 04, 2026
Apr 04, 2026
5.8 MEDIUM
CVE-2026-34772 — Electron: Use-after-free in download save dialog callback

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that allow downloads and prog…

| Memory Corruption
Apr 04, 2026 Apr 04, 2026
Apr 04, 2026
Apr 04, 2026
7.5 HIGH
CVE-2026-34771 — Electron: Use-after-free in WebContents fullscreen, pointer-lock, and keyboard-lock permi…

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that register an asynchronous…

Remote | Memory Corruption
Apr 04, 2026 Apr 04, 2026
Apr 04, 2026
Apr 04, 2026
7.0 HIGH
CVE-2026-34770 — Electron: Use-after-free in PowerMonitor on Windows and macOS

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, apps that use the powerMonitor mod…

| Memory Corruption
Apr 04, 2026 Apr 04, 2026
Apr 04, 2026
Apr 04, 2026
7.7 HIGH
CVE-2026-34769 — Electron: Renderer command-line switch injection via undocumented commandLineSwitches web…

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, an undocumented commandLineSwitche…

| Misconfiguration
Apr 04, 2026 Apr 04, 2026
Apr 04, 2026
Apr 04, 2026
3.9 LOW
CVE-2026-34768 — Electron: Unquoted executable path in app.setLoginItemSettings on Windows

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, on Windows, app.setLoginItemSettin…

| Misconfiguration
Apr 04, 2026 Apr 04, 2026
Apr 04, 2026
Apr 04, 2026
5.9 MEDIUM
CVE-2026-34767 — Electron: HTTP Response Header Injection in custom protocol handlers and webRequest

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.3, 40.8.3, and 41.0.3, apps that register custom protocol handle…

Remote | Injection
Apr 04, 2026 Apr 04, 2026
Apr 04, 2026
Apr 04, 2026
3.3 LOW
CVE-2026-34766 — Electron: USB device selection not validated against filtered device list

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, the select-usb-device event callba…

| Authorization
Apr 04, 2026 Apr 04, 2026
Apr 04, 2026
Apr 04, 2026
5.3 MEDIUM
CVE-2026-35468 — nimiq/core-rs-albatross: Panic in history index request handlers when a full node runs wi…

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, two peer-facing consensus request handlers as…

Remote | Misconfiguration
Apr 03, 2026 Apr 03, 2026
Apr 03, 2026
Apr 03, 2026
8.6 HIGH
CVE-2026-34954 — PraisonAI: SSRF in FileTools.download_file() via Unvalidated URL

PraisonAI is a multi-agent teams system. Prior to version 1.5.95, FileTools.download_file() in praisonaiagents validates the destination path but performs no validation on the url parameter, passing …

Remote | Server-Side Request Forgery
Apr 03, 2026 Apr 03, 2026
Apr 03, 2026
Apr 03, 2026
Showing 20 of 6377 Results