CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

17 matches found

EUVD-2026-32961

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In 3.8.8 and earlier, there is persistent local-pty code execution via imported bookmarks or compromised sync targets. Affects users who import bookmark JSON files or who have electerm sync configured...

9.4CVSS6.5AI score0.00036EPSS

Exploits0References1

Vulnrichment•added 6 days ago•7 views

CVE-2026-45353 electerm: Local code through electerm's single-instance socket

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From 3.0.6 to 3.8.8, This vulnerability is fixed in 3.9.0...

9.3CVSS5.8AI score0.0002EPSS

Exploits0References2

Snyk•added 2026/05/14 8:30 p.m.•5 views

Use of Password Hash With Insufficient Computational Effort

Overview electerm is an open-sourced terminal/ssh/telnet/serialport/sftp client Affected versions of this package are vulnerable to Use of Password Hash With Insufficient Computational Effort due to the encrypt process. An attacker can compromise the confidentiality and integrity of synced bookma...

6CVSS5.8AI score0.00013EPSS

Exploits0References6

Patchstack•added 2026/05/14 8:29 p.m.•4 views

NPM: Electerm Local code through electerm's single-instance socket

NPM: Electerm Local code through electerm's single-instance socket vulnerability discovered by ? in WordPress Npm electerm versions = 3.0.6, = 3.8.8...

9.3CVSS5.9AI score0.0002EPSS

Exploits0References2Affected Software1

Patchstack•added 2026/05/14 8:15 p.m.•2 views

NPM: Electerm: Importing unsafe bookmark data could lead to unsafe operation when clicking local type bookmark

NPM: Electerm: Importing unsafe bookmark data could lead to unsafe operation when clicking local type bookmark vulnerability discovered by ? in WordPress Npm electerm versions = 3.8.8...

9.4CVSS5.8AI score0.00036EPSS

Exploits0References2Affected Software1

Patchstack•added 2026/05/08 6:43 p.m.•6 views

NPM: Electerm Security Vulnerability: RCE via malicious SSH server filename in openFileWithEditor

NPM: Electerm Security Vulnerability: RCE via malicious SSH server filename in openFileWithEditor discovered by ? in WordPress Npm electerm versions = 3.7.8...

7.8CVSS5.8AI score0.00032EPSS

Exploits0References5Affected Software1

Patchstack•added 2026/05/08 6:37 p.m.•3 views

NPM: Electerm's full process.env exposed to renderer via window.pre.env

NPM: Electerm's full process.env exposed to renderer via window.pre.env vulnerability discovered by ? in WordPress Npm electerm versions = 3.8.15...

5.5CVSS5.8AI score0.00004EPSS

Exploits0References3Affected Software1

Snyk•added 2026/05/08 6:37 p.m.•5 views

Cleartext Storage of Sensitive Information

Overview electerm is an open-sourced terminal/ssh/telnet/serialport/sftp client Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information in the getConstants process, which serializes the entire process.env object and exposes it to the renderer context as...

7.1CVSS5.8AI score0.00004EPSS

Exploits0References2

EUVD•added 2026/05/08 6:37 p.m.•4 views

EUVD-2026-28514

Electerm's full process.env exposed to renderer via window.pre.env...

5.5CVSS5.8AI score0.00004EPSS

Exploits0References2

NVD•added 2026/05/08 4:16 a.m.•6 views

CVE-2026-43944

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From versions 3.0.6 to before 3.8.15, electerm is vulnerable to arbitrary local code execution via deep links, CLI --opts, or crafted shortcuts. Exploit requires clicking a crafted electerm://... link or...

9.6CVSS0.00147EPSS

Exploits0References5

NVD•added 2026/05/08 4:16 a.m.•3 views

CVE-2026-41500

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.3.8, a command injection vulnerability exists in github.com/elcterm/electerm/npm/install.js:150. The runMac function appends attacker-controlled remote releaseInfo.name directly into an...

9.8CVSS0.00194EPSS

Exploits0References3

ATTACKERKB•added 2026/05/08 3:3 a.m.•3 views

CVE-2026-43942

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, the getConstants IPC handler in src/app/lib/ipc-sync.js serialises the entire process.env object and sends it to the renderer. The data is stored as window.pre.env and is...

5.5CVSS6AI score0.00004EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/05/08 2:53 a.m.•23 views

CVE-2026-41500 electerm has Command Injection Vulnerability via runMac function

9.8CVSS0.00194EPSS

Exploits0References3

EUVD•added 2026/05/08 2:51 a.m.•5 views

EUVD-2026-28497

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.3.8, a command injection vulnerability exists in github.com/elcterm/electerm/npm/install.js:130. The runLinux function appends attacker-controlled remote version strings directly into an...

9.8CVSS5.8AI score0.00753EPSS

Exploits0References3

Positive Technologies•added 2026/05/08 12:0 a.m.•6 views

PT-2026-38648

Name of the Vulnerable Software and Affected Versions electerm versions 3.x and earlier Description The getConstants IPC handler in src/app/lib/ipc-sync.js serializes the entire process.env object and sends it to the renderer, where it is stored as window.pre.env. This data is accessible to any...

6.5CVSS5.8AI score0.00004EPSS

Exploits0References5