Desktop

4 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-2664 HIGH This Week

Local privilege escalation via out-of-bounds memory read in Docker Desktop's grpcfuse kernel module (versions up to 4.61.0) on Linux, Windows, and macOS allows authenticated local attackers to achieve complete system compromise through manipulation of /proc/docker entries. The vulnerability requires local access and valid user credentials but enables reading and modifying arbitrary kernel memory with high impact on confidentiality, integrity, and availability. Docker Desktop 4.62.0 and later resolve this issue.

Linux Windows macOS Docker Desktop
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-56803 HIGH POC This Week

Figma Desktop for Windows version 125.6.5 contains a command injection vulnerability in the local plugin loader. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Microsoft Desktop Windows
NVD GitHub
CVSS 3.1
8.4
EPSS
0.1%
CVE-2025-47792 MEDIUM PATCH This Month

Nextcloud Desktop is the desktop sync client for Nextcloud. Rated medium severity (CVSS 5.0).

Authentication Bypass Desktop Nextcloud
NVD GitHub
CVSS 3.1
5.0
EPSS
0.0%
CVE-2025-3224 HIGH This Week

A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. Rated high severity (CVSS 7.3). No vendor patch available.

Microsoft Docker Privilege Escalation Desktop Windows
NVD
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-2664
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation via out-of-bounds memory read in Docker Desktop's grpcfuse kernel module (versions up to 4.61.0) on Linux, Windows, and macOS allows authenticated local attackers to achieve complete system compromise through manipulation of /proc/docker entries. The vulnerability requires local access and valid user credentials but enables reading and modifying arbitrary kernel memory with high impact on confidentiality, integrity, and availability. Docker Desktop 4.62.0 and later resolve this issue.

Linux Windows macOS +2
NVD
CVE-2025-56803
EPSS 0% CVSS 8.4
HIGH POC This Week

Figma Desktop for Windows version 125.6.5 contains a command injection vulnerability in the local plugin loader. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Microsoft Desktop +1
NVD GitHub
CVE-2025-47792
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

Nextcloud Desktop is the desktop sync client for Nextcloud. Rated medium severity (CVSS 5.0).

Authentication Bypass Desktop Nextcloud
NVD GitHub
CVE-2025-3224
EPSS 0% CVSS 7.3
HIGH This Week

A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. Rated high severity (CVSS 7.3). No vendor patch available.

Microsoft Docker Privilege Escalation +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy