CVE-2026-43942

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, the getConstants IPC handler in src/app/lib/ipc-sync.js serialises the entire process.env object and sends it to the renderer. The data is stored as window.pre.env and is...

Arbitrary Code Injection

Overview electerm is an open-sourced terminal/ssh/telnet/serialport/sftp client Affected versions of this package are vulnerable to Arbitrary Code Injection via the import process of bookmark data or during sync operations. An attacker can execute arbitrary code by injecting malicious fields into...

CVE-2026-43944

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From versions 3.0.6 to before 3.8.15, electerm is vulnerable to arbitrary local code execution via deep links, CLI --opts, or crafted shortcuts. Exploit requires clicking a crafted electerm://... link or...

EUVD-2026-28516

Electerm users can run dangrous code through link or command line...

Unsafe Dependency Resolution

Overview electerm is an open-sourced terminal/ssh/telnet/serialport/sftp client Affected versions of this package are vulnerable to Unsafe Dependency Resolution in the handling of protocol URLs or command-line options. An attacker can execute arbitrary local code by enticing a user to click a...

NPM: Electerm's full process.env exposed to renderer via window.pre.env

NPM: Electerm's full process.env exposed to renderer via window.pre.env vulnerability discovered by ? in WordPress Npm electerm versions = 3.8.15...

NPM: Electerm has an unvalidated shell.openExternal that allows arbitrary protocol execution via terminal link click

NPM: Electerm has an unvalidated shell.openExternal that allows arbitrary protocol execution via terminal link click vulnerability discovered by ? in WordPress Npm electerm versions = 3.8.15...

CVE-2026-43944

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From versions 3.0.6 to before 3.8.15, electerm is vulnerable to arbitrary local code execution via deep links, CLI --opts, or crafted shortcuts. Exploit requires clicking a crafted electerm://... link or...

CVE-2026-43942

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, the getConstants IPC handler in src/app/lib/ipc-sync.js serialises the entire process.env object and sends it to the renderer. The data is stored as window.pre.env and is...

CVE-2026-43944

The CVE-2026-43944 entry affects the open-source terminal/SSH client electerm, with vulnerable versions 3.0.6 through before 3.8.15. The root cause is arbitrary local code execution triggered by attacker-controlled options when electerm is launched via a crafted electerm:// deep link, a crafted s...

CVE-2026-43944 electerm: dangerous code can be run through links or command line

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From versions 3.0.6 to before 3.8.15, electerm is vulnerable to arbitrary local code execution via deep links, CLI --opts, or crafted shortcuts. Exploit requires clicking a crafted electerm://... link or...

CVE-2026-43944

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From versions 3.0.6 to before 3.8.15, electerm is vulnerable to arbitrary local code execution via deep links, CLI --opts, or crafted shortcuts. Exploit requires clicking a crafted electerm://... link or...

CVE-2026-43942

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, the getConstants IPC handler in src/app/lib/ipc-sync.js serialises the entire process.env object and sends it to the renderer. The data is stored as window.pre.env and is...

CVE-2026-43941

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, Electerm's terminal hyperlink handler passes any URL clicked in the terminal directly to shell.openExternal without any protocol validation. An attacker who controls terminal...

Electerm 输入验证错误漏洞

Electerm is an SSH/SFTP client developed by ZXDong262 from China, based on Electron. Versions of Electerm from 3.0.6 to 3.8.15 contained a vulnerability related to input validation errors. This vulnerability could allow arbitrary local code execution through deep links, CLI options, or custom...

PT-2026-38650

Name of the Vulnerable Software and Affected Versions electerm versions 3.0.6 through 3.8.14 Description Arbitrary local code execution can occur via deep links, CLI --opts, or crafted shortcuts. This happens when a user clicks a crafted electerm://... link or opens a crafted shortcut or command...

CVE-2022-37621

Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the fullPath variable in resolve-shims.js...

EUVD-2025-24716

Malicious code in bioql PyPI...

CVE-2025-54678

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Blind SQL Injection.This issue affects Easy Form Builder: from n/a through = 3.8.15...

CVE-2025-54678 WordPress Easy Form Builder Plugin <= 3.8.15 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Blind SQL Injection.This issue affects Easy Form Builder: from n/a through = 3.8.15...