Every CVE whose affected-product data names Signal Signal-desktop, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2023-24068 — CVSS 7.8 (high): Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to modify conversation attachments within the…
CVE-2019-19954 — CVSS 7.3 (high): Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan horse %SYSTEMDRIVE%\node_modules\.bin\wmi…
CVE-2019-9970 — CVSS 6.5 (medium): Open Whisper Signal (aka Signal-Desktop) through 1.23.1 and the Signal Private Messenger application through 4.35.3 for Android are…
CVE-2018-10994 — CVSS 6.1 (medium): js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) before 1.10.1 allows XSS via a URL.
CVE-2018-11101 — CVSS 6.1 (medium): Open Whisper Signal (aka Signal-Desktop) through 1.10.1 allows XSS via a resource location specified in an attribute of a SCRIPT, IFRAME…
CVE-2023-24069 — CVSS 3.3 (low): Signal Desktop before 6.2.0 on Windows, Linux, and macOS allows an attacker to obtain potentially sensitive attachments sent in messages…