Desktop
by Desktop
Source repositories
CVEs (23)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-28122 | Hig | 0.51 | 7.8 | 0.00 | Apr 19, 2023 | A local privilege escalation (LPE) vulnerability in UI Desktop for Windows (Version 0.59.1.71 and earlier) allows a malicious actor with local access to a Windows device running said application to submit arbitrary commands as SYSTEM.This vulnerability is fixed in Version 0.62.3… | ||
| CVE-2022-35257 | Hig | 0.51 | 7.8 | 0.00 | Sep 23, 2022 | A local privilege escalation vulnerability in UI Desktop for Windows (Version 0.55.1.2 and earlier) allows a malicious actor with local access to a Windows device with UI Desktop to run arbitrary commands as SYSTEM. | ||
| CVE-2025-23040 | Med | 0.36 | 6.6 | 0.01 | Jan 15, 2025 | GitHub Desktop is an open-source Electron-based GitHub app designed for git development. An attacker convincing a user to clone a repository directly or through a submodule can allow the attacker access to the user's credentials through the use of maliciously crafted remote URL.… | ||
| CVE-2023-28124 | Med | 0.36 | 5.5 | 0.00 | Apr 19, 2023 | Improper usage of symmetric encryption in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow users with access to UI Desktop configuration files to decrypt their content.This vulnerability is fixed in Version 0.62.3 and later. | ||
| CVE-2025-48064 | Low | 0.14 | 3.3 | 0.00 | May 21, 2025 | GitHub Desktop is an open-source, Electron-based GitHub app designed for git development. Prior to version 3.4.20-beta3, an attacker convincing a user to view a file in a commit of their making in the history view can cause information disclosure by means of Git attempting to… | ||
| CVE-2025-66549 | 0.00 | — | 0.00 | Dec 5, 2025 | Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside an end-to-end encrypted directory, the path of the file was sent to the server unencrypted, making it possible for administrators to see it in log files. This… | |||
| CVE-2025-65843 | 0.00 | — | 0.00 | Dec 3, 2025 | Aquarius Desktop 3.0.069 for macOS contains an insecure file handling vulnerability in its support data archive generation feature. The application follows symbolic links placed inside the ~/Library/Logs/Aquarius directory and treats them as regular files. When building the… | |||
| CVE-2025-54347 | 0.00 | — | 0.01 | Nov 24, 2025 | A Directory Traversal vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to write arbitrary files under certain conditions. | |||
| CVE-2025-54338 | 0.00 | — | 0.00 | Nov 24, 2025 | An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to disclose user hashes. | |||
| CVE-2025-54563 | 0.00 | — | 0.00 | Nov 24, 2025 | An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Incorrect Access Control, leading to Remote Information Disclosure. | |||
| CVE-2025-54341 | 0.00 | — | 0.00 | Nov 24, 2025 | A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. There are Hard-coded configuration values. | |||
| CVE-2025-54345 | 0.00 | — | 0.00 | Nov 14, 2025 | An issue was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. Sensitive Information is exposed to an Unauthorized Actor. | |||
| CVE-2025-54559 | 0.00 | — | 0.00 | Nov 14, 2025 | An issue was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows remote Path Traversal for loading arbitrary external content. | |||
| CVE-2025-54343 | 0.00 | — | 0.00 | Nov 14, 2025 | An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 exploitable remotely for Escalation of Privileges. | |||
| CVE-2025-54562 | 0.00 | — | 0.00 | Nov 14, 2025 | A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Technical Information to be Disclosed through stack trace. | |||
| CVE-2025-54342 | 0.00 | — | 0.00 | Nov 14, 2025 | A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. There is Exposure of Sensitive Information because of Incompatible Policies. | |||
| CVE-2025-54348 | 0.00 | — | 0.00 | Nov 14, 2025 | A Stored Cross Site Scripting (XSS) vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to hijack user’s browser, capturing sensitive information. | |||
| CVE-2025-54340 | 0.00 | — | 0.00 | Nov 14, 2025 | A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. There is a Broken or Risky Cryptographic Algorithm. | |||
| CVE-2025-54339 | 0.00 | — | 0.00 | Nov 14, 2025 | An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 exploitable remotely for Escalation of Privileges. | |||
| CVE-2025-54560 | 0.00 | — | 0.00 | Nov 14, 2025 | A Server-side Request Forgery vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Probing of internal infrastructure. |
- risk 0.51cvss 7.8epss 0.00
A local privilege escalation (LPE) vulnerability in UI Desktop for Windows (Version 0.59.1.71 and earlier) allows a malicious actor with local access to a Windows device running said application to submit arbitrary commands as SYSTEM.This vulnerability is fixed in Version 0.62.3…
- risk 0.51cvss 7.8epss 0.00
A local privilege escalation vulnerability in UI Desktop for Windows (Version 0.55.1.2 and earlier) allows a malicious actor with local access to a Windows device with UI Desktop to run arbitrary commands as SYSTEM.
- risk 0.36cvss 6.6epss 0.01
GitHub Desktop is an open-source Electron-based GitHub app designed for git development. An attacker convincing a user to clone a repository directly or through a submodule can allow the attacker access to the user's credentials through the use of maliciously crafted remote URL.…
- risk 0.36cvss 5.5epss 0.00
Improper usage of symmetric encryption in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow users with access to UI Desktop configuration files to decrypt their content.This vulnerability is fixed in Version 0.62.3 and later.
- risk 0.14cvss 3.3epss 0.00
GitHub Desktop is an open-source, Electron-based GitHub app designed for git development. Prior to version 3.4.20-beta3, an attacker convincing a user to view a file in a commit of their making in the history view can cause information disclosure by means of Git attempting to…
- CVE-2025-66549Dec 5, 2025risk 0.00cvss —epss 0.00
Nextcloud Desktop is the desktop sync client for Nextcloud. Prior to 3.16.5, when trying to manually lock a file inside an end-to-end encrypted directory, the path of the file was sent to the server unencrypted, making it possible for administrators to see it in log files. This…
- CVE-2025-65843Dec 3, 2025risk 0.00cvss —epss 0.00
Aquarius Desktop 3.0.069 for macOS contains an insecure file handling vulnerability in its support data archive generation feature. The application follows symbolic links placed inside the ~/Library/Logs/Aquarius directory and treats them as regular files. When building the…
- CVE-2025-54347Nov 24, 2025risk 0.00cvss —epss 0.01
A Directory Traversal vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to write arbitrary files under certain conditions.
- CVE-2025-54338Nov 24, 2025risk 0.00cvss —epss 0.00
An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to disclose user hashes.
- CVE-2025-54563Nov 24, 2025risk 0.00cvss —epss 0.00
An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Incorrect Access Control, leading to Remote Information Disclosure.
- CVE-2025-54341Nov 24, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. There are Hard-coded configuration values.
- CVE-2025-54345Nov 14, 2025risk 0.00cvss —epss 0.00
An issue was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. Sensitive Information is exposed to an Unauthorized Actor.
- CVE-2025-54559Nov 14, 2025risk 0.00cvss —epss 0.00
An issue was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows remote Path Traversal for loading arbitrary external content.
- CVE-2025-54343Nov 14, 2025risk 0.00cvss —epss 0.00
An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 exploitable remotely for Escalation of Privileges.
- CVE-2025-54562Nov 14, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Technical Information to be Disclosed through stack trace.
- CVE-2025-54342Nov 14, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. There is Exposure of Sensitive Information because of Incompatible Policies.
- CVE-2025-54348Nov 14, 2025risk 0.00cvss —epss 0.00
A Stored Cross Site Scripting (XSS) vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to hijack user’s browser, capturing sensitive information.
- CVE-2025-54340Nov 14, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. There is a Broken or Risky Cryptographic Algorithm.
- CVE-2025-54339Nov 14, 2025risk 0.00cvss —epss 0.00
An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 exploitable remotely for Escalation of Privileges.
- CVE-2025-54560Nov 14, 2025risk 0.00cvss —epss 0.00
A Server-side Request Forgery vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Probing of internal infrastructure.
Page 1 of 2