Wojciech Reguła

3 exploits Active since Jan 2024
CVE-2024-23743 WRITEUP LOW WORKING POC
notion/notion < 3.1.0 - Unauthenticated Remote Code Execution via RunAsNode and enableNodeClilnspectArguments
Notion through 3.1.0 on macOS might allow code execution because of RunAsNode and enableNodeClilnspectArguments. NOTE: the vendor states "the attacker must launch the Notion Desktop application with nonstandard flags that turn the Electron-based application into a Node.js execution environment."
CVSS 3.3
CVE-2024-8258 WRITEUP HIGH WORKING POC
Logitech Options Plus <1.60.496306 - Code Injection
Improper Control of Generation of Code ('Code Injection') in Electron Fuses in Logitech Options Plus version 1.60.496306 on macOS allows attackers to execute arbitrary code via insecure Electron Fuses configuration.
CVSS 7.8
CVE-2025-51387 WRITEUP CRITICAL WORKING POC
GitKraken Desktop 10.8.0-11.1.0 - Code Injection
The GitKraken Desktop 10.8.0 and 11.1.0 is susceptible to code injection due to misconfigured Electron Fuses. Specifically, the following insecure settings were observed: RunAsNode is enabled and EnableNodeCliInspectArguments is not disabled. These configurations allow the application to be executed in Node.js mode, enabling attackers to pass arguments that result in arbitrary code execution.
CVSS 9.8