Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12557
Total
848
Critical
3598
High
3936
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-34779 | MEDIUM | 6.5 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, on macOS, app.moveToApplicationsFolder() … | Apr 04, 2026 |
| CVE-2026-34778 | MEDIUM | 5.9 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, a service worker … | Apr 04, 2026 |
| CVE-2026-34777 | MEDIUM | 5.4 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, when an iframe … | Apr 04, 2026 |
| CVE-2026-34776 | MEDIUM | 5.3 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, on macOS and … | Apr 04, 2026 |
| CVE-2026-34775 | MEDIUM | 6.8 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.4, 40.8.4, and 41.0.0, the nodeIntegrationInWorker webPreference … | Apr 04, 2026 |
| CVE-2026-34774 | HIGH | 8.1 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 39.8.1, 40.7.0, and 41.0.0, apps that use offscreen … | Apr 04, 2026 |
| CVE-2026-34773 | MEDIUM | 4.7 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, on Windows, app.setAsDefaultProtocolClient(protocol) … | Apr 04, 2026 |
| CVE-2026-34772 | MEDIUM | 5.8 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that allow … | Apr 04, 2026 |
| CVE-2026-34771 | HIGH | 7.5 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that register … | Apr 04, 2026 |
| CVE-2026-34770 | HIGH | 7.0 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, apps that use … | Apr 04, 2026 |
| CVE-2026-34769 | HIGH | 7.7 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, an undocumented commandLineSwitches … | Apr 04, 2026 |
| CVE-2026-34768 | LOW | 3.9 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, on Windows, app.setLoginItemSettings({openAtLogin: … | Apr 04, 2026 |
| CVE-2026-34767 | MEDIUM | 5.9 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.3, 40.8.3, and 41.0.3, apps that register … | Apr 04, 2026 |
| CVE-2026-34766 | LOW | 3.3 | Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, the select-usb-device event … | Apr 04, 2026 |
| CVE-2026-35468 | MEDIUM | 5.3 | nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, two peer-facing consensus request handlers … | Apr 03, 2026 |
| CVE-2026-34954 | HIGH | 8.6 | PraisonAI is a multi-agent teams system. Prior to version 1.5.95, FileTools.download_file() in praisonaiagents validates the destination path but performs no validation on the url parameter, … | Apr 03, 2026 |
| CVE-2026-34953 | CRITICAL | 9.1 | PraisonAI is a multi-agent teams system. Prior to version 4.5.97, OAuthManager.validate_token() returns True for any token not found in its internal store, which is empty … | Apr 03, 2026 |
| CVE-2026-34952 | CRITICAL | 9.1 | PraisonAI is a multi-agent teams system. Prior to version 4.5.97, the PraisonAI Gateway server accepts WebSocket connections at /ws and serves agent topology at /info … | Apr 03, 2026 |
| CVE-2026-34939 | MEDIUM | 6.5 | PraisonAI is a multi-agent teams system. Prior to version 4.5.90, MCPToolIndex.search_tools() compiles a caller-supplied string directly as a Python regular expression with no validation, sanitization, … | Apr 03, 2026 |
| CVE-2026-34938 | CRITICAL | 10.0 | PraisonAI is a multi-agent teams system. Prior to version 1.5.90, execute_code() in praisonai-agents runs attacker-controlled Python inside a three-layer sandbox that can be fully bypassed … | Apr 03, 2026 |
| CVE-2026-34937 | HIGH | 7.8 | PraisonAI is a multi-agent teams system. Prior to version 1.5.90, run_python() in praisonai constructs a shell command string by interpolating user-controlled code into python3 -c … | Apr 03, 2026 |
| CVE-2026-34936 | HIGH | 7.7 | PraisonAI is a multi-agent teams system. Prior to version 4.5.90, passthrough() and apassthrough() in praisonai accept a caller-controlled api_base parameter that is concatenated with endpoint … | Apr 03, 2026 |
| CVE-2026-34935 | CRITICAL | 9.8 | PraisonAI is a multi-agent teams system. From version 4.5.15 to before version 4.5.69, the --mcp CLI argument is passed directly to shlex.split() and forwarded through … | Apr 03, 2026 |
| CVE-2026-34934 | CRITICAL | 9.8 | PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the get_all_user_threads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from … | Apr 03, 2026 |
| CVE-2026-34933 | MEDIUM | 5.5 | Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc4, any unprivileged local user … | Apr 03, 2026 |