Lucene search
+L

2151 matches found

NVD
NVD
added 2026/06/05 6:17 p.m.17 views

CVE-2026-45745

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Starting in version 1.7.0, Termix Desktop Electron disables TLS certificate validation, allowing a machine-in-the-middle attacker to intercept and modify HTTPS traffic to the configured...

8CVSS0.00168EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/05 5:53 p.m.38 views

CVE-2026-45745 Termix has improper certificate validation in Electron desktop client that enables MITM credential/token theft

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Starting in version 1.7.0, Termix Desktop Electron disables TLS certificate validation, allowing a machine-in-the-middle attacker to intercept and modify HTTPS traffic to the configured...

8CVSS0.00168EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/05 5:53 p.m.9 views

CVE-2026-45745 Termix has improper certificate validation in Electron desktop client that enables MITM credential/token theft

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Starting in version 1.7.0, Termix Desktop Electron disables TLS certificate validation, allowing a machine-in-the-middle attacker to intercept and modify HTTPS traffic to the configured...

8CVSS5.5AI score0.00168EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/05 5:53 p.m.11 views

EUVD-2026-34871

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Starting in version 1.7.0, Termix Desktop Electron disables TLS certificate validation, allowing a machine-in-the-middle attacker to intercept and modify HTTPS traffic to the configured...

8CVSS5.5AI score0.00168EPSS
Exploits1References1
CVE
CVE
added 2026/06/05 5:53 p.m.56 views

CVE-2026-45745

Termix Desktop (Electron) versions starting with 1.7.0 have disabled TLS certificate validation, enabling network-level MITM to intercept/modify HTTPS traffic to the Termix server and potentially steal credentials and JWT/session data during login and normal use. No patched versions are publicly ...

8CVSS5.5AI score0.00168EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/06/05 5:53 p.m.2 views

CVE-2026-45745 Termix has improper certificate validation in Electron desktop client that enables MITM credential/token theft

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Starting in version 1.7.0, Termix Desktop Electron disables TLS certificate validation, allowing a machine-in-the-middle attacker to intercept and modify HTTPS traffic to the configured...

8CVSS6AI score0.00168EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.18 views

PT-2026-47018

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Starting in version 1.7.0, Termix Desktop Electron disables TLS certificate validation, allowing a machine-in-the-middle attacker to intercept and modify HTTPS traffic to the configured...

8CVSS5.5AI score0.00168EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/29 5:18 p.m.21 views

EUVD-2026-33376

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Prior to 0.102.2, a malicious ZIP archive imported with safe import enabled achieves RCE via docName path traversal and XSS by combining a payload note type: code, mime:...

9.3CVSS5.8AI score0.0017EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 5:18 p.m.7 views

CVE-2026-45668

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Prior to 0.102.2, a malicious ZIP archive imported with safe import enabled achieves RCE via docName path traversal and XSS by combining a payload note type: code, mime:...

9.3CVSS5.8AI score0.0017EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.17 views

PT-2026-44939

Name of the Vulnerable Software and Affected Versions Trilium Notes versions prior to 0.102.2 Description A malicious ZIP archive imported with safe import enabled can lead to remote code execution RCE and cross-site scripting XSS. This occurs by combining a payload note type: code, mime:...

9.3CVSS6.3AI score0.0017EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

Trilium Notes 安全漏洞

Trilium Notes is a hierarchical note application developed by Zadam, a personal developer. It focuses on building large personal knowledge bases. Versions of Trilium Notes prior to 0.102.2 contained a security vulnerability. This vulnerability stemmed from the import of malicious ZIP archives whe...

9.3CVSS6.5AI score0.0017EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

Electerm 安全漏洞

Electerm is a SSH/SFTP client developed by ZXDong262 from China, based on Electron. Versions 3.0.6 to 3.8.8 of Electerm have security vulnerabilities, which stem from executing local code through Electerm’s single-instance socket...

9.3CVSS5.9AI score0.00114EPSS
Exploits0References2
NVD
NVD
added 2026/05/20 8:16 p.m.22 views

CVE-2026-39310

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Clipper API in Trilium Desktop v0.101.3 allows full authentication bypass when running in an Electron environment. When Trilium detects an...

8.6CVSS0.00391EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/20 7:7 p.m.6 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Attribute View Name process. An attacker can execute arbitrary JavaScript code in the context of the Electron renderer process by injecting malicious input. Details Cross-site scripting or XSS is a code...

9.6CVSS5.8AI score0.00509EPSS
Exploits0References3
OSV
OSV
added 2026/05/20 7:7 p.m.21 views

GO-2026-4992 SiYuan Affected by Stored XSS via Attribute View Name to Electron Renderer RCE in github.com/siyuan-note/siyuan/kernel

SiYuan Affected by Stored XSS via Attribute View Name to Electron Renderer RCE in github.com/siyuan-note/siyuan/kernel...

9.4CVSS5.8AI score0.00509EPSS
Exploits0References2
OSV
OSV
added 2026/05/20 7:7 p.m.14 views

GO-2026-4993 SiYuan: Electron Renderer RCE via decodeURIComponent-driven tooltip XSS in aria-label sink (incomplete fix for CVE-2026-34585) in github.com/siyuan-note/siyuan/kernel

SiYuan: Electron Renderer RCE via decodeURIComponent-driven tooltip XSS in aria-label sink incomplete fix for CVE-2026-34585 in github.com/siyuan-note/siyuan/kernel...

9.4CVSS5.8AI score0.00509EPSS
Exploits0References2
OSV
OSV
added 2026/05/20 7:7 p.m.20 views

GO-2026-5001 SiYuan Bazaar marketplace renders unescaped package `name` and `version` metadata, allowing stored XSS and Electron code execution in github.com/siyuan-note/siyuan/kernel

SiYuan Bazaar marketplace renders unescaped package name and version metadata, allowing stored XSS and Electron code execution in github.com/siyuan-note/siyuan/kernel...

9CVSS6.2AI score0.00361EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/20 7:5 p.m.37 views

CVE-2026-39310 Trilium Notes: Authentication Bypass in Clipper API for Electron (Desktop) Builds

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Clipper API in Trilium Desktop v0.101.3 allows full authentication bypass when running in an Electron environment. When Trilium detects an...

8.6CVSS0.00391EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/20 7:5 p.m.11 views

EUVD-2026-31156

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Clipper API in Trilium Desktop v0.101.3 allows full authentication bypass when running in an Electron environment. When Trilium detects an...

8.6CVSS5.8AI score0.00391EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/20 7:5 p.m.10 views

CVE-2026-39310

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Clipper API in Trilium Desktop v0.101.3 allows full authentication bypass when running in an Electron environment. When Trilium detects an...

8.6CVSS5.8AI score0.00391EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder