CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/05/08 4:16 a.m.•7 views

CVE-2026-43944

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From versions 3.0.6 to before 3.8.15, electerm is vulnerable to arbitrary local code execution via deep links, CLI --opts, or crafted shortcuts. Exploit requires clicking a crafted electerm://... link or...

9.6CVSS0.0016EPSS

NVD•added 2026/05/08 4:16 a.m.•22 views

CVE-2026-42150

wlc is a Weblate command-line client using Weblate's REST API. Prior to version 2.0.0, the HTML output format in wlc embeds API response data into HTML without escaping, allowing cross-site scripting when the output is rendered in a browser. This issue has been patched in version 2.0.0...

5.1CVSS0.00039EPSS

Exploits0References4

OSV•added 2026/05/08 4:16 a.m.•2 views

UBUNTU-CVE-2026-42150

Debian CVE•added 2026/05/08 3:23 a.m.•5 views

Exploits0References7

CVE-2026-42150

Cvelist•added 2026/05/08 3:8 a.m.•29 views

CVE-2026-43944 electerm: dangerous code can be run through links or command line

9.4CVSS0.0016EPSS

CVE•added 2026/05/08 3:8 a.m.•8 views

CVE-2026-43944

The CVE-2026-43944 entry affects the open-source terminal/SSH client electerm, with vulnerable versions 3.0.6 through before 3.8.15. The root cause is arbitrary local code execution triggered by attacker-controlled options when electerm is launched via a crafted electerm:// deep link, a crafted s...

9.6CVSS6.3AI score0.0016EPSS

Exploits0References5Affected Software1

Vulnrichment•added 2026/05/08 3:8 a.m.•5 views

CVE-2026-43944 electerm: dangerous code can be run through links or command line

9.4CVSS6.2AI score0.0016EPSS

Chainguard•added 2026/05/08 1:18 a.m.•10 views

CVE-2026-25542 vulnerabilities

Vulnerabilities for packages: tkn, tekton-chains-fips, tkn-fips, tekton-chains, tekton-pipelines-fips, tekton-pipelines...

6.5CVSS5.4AI score0.00039EPSS

Exploits1

CNNVD•added 2026/05/08 12:0 a.m.•5 views

Electerm 输入验证错误漏洞

Electerm is an SSH/SFTP client developed by ZXDong262 from China, based on Electron. Versions of Electerm from 3.0.6 to 3.8.15 contained a vulnerability related to input validation errors. This vulnerability could allow arbitrary local code execution through deep links, CLI options, or custom...

9.6CVSS6.3AI score0.0016EPSS

Exploits0References1

Packet Storm•added 2026/05/08 12:0 a.m.•42 views

📄 telnetd 2.7 Buffer Overflow

telnetd version 2.7 addslc remote buffer overflow exploit that achieves root. Exploit Title: telnetd 2.7 - Buffer Overflow Google Dork: N/A Date: 2026-04-03 Exploit Author: Jeff Barron jeffaf Vendor Homepage: https://www.gnu.org/software/inetutils/ Software Link: https://ftp.gnu.org/gnu/inetutils...

9.8CVSS7.7AI score0.053EPSS

Exploits8

Redos•added 2026/05/08 12:0 a.m.•9 views

ROS-20260508-73-0018

A vulnerability in the ngxmailsmtpmodule module of the NGINX Plus and NGINX Open Source HTTP server is related to the failure to take measures to neutralize CRLF sequences. Exploitation of the vulnerability may allow a remote intruder to affect the integrity of protected information...

6.3CVSS5.8AI score0.00031EPSS

Positive Technologies•added 2026/05/08 12:0 a.m.•26 views

PT-2026-39241

Name of the Vulnerable Software and Affected Versions eventsource-encoder versions prior to 1.0.2 Description The software fails to sanitize the event and id fields of an EventSourceMessage before serialization in the encodeMessage function. An attacker who controls these fields can inject...

5.8CVSS6AI score0.00015EPSS

Exploits1References5

CNNVD•added 2026/05/08 12:0 a.m.•6 views

wlc 跨站脚本漏洞

WLC is an open-source command-line client developed by Weblate. Versions of WLC prior to 2.0.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from HTML output formats that did not escape API response data, which could lead to cross-site scripting attacks...

Tenable Nessus•added 2026/05/08 12:0 a.m.•6 views

Exploits0References1

Linux Distros Unpatched Vulnerability : CVE-2026-42150

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wlc is a Weblate command-line client using Weblate's REST API. Prior to version 2.0.0, the HTML output format in wlc embeds API response data into HTML without...

Packet Storm News•added 2026/05/08 12:0 a.m.•5 views

Exploits0References3

Maestro 0.15.4

Maestro is a cross-platform desktop app for orchestrating your fleet of AI agents and projects. It's a high-velocity solution for hackers who are juggling multiple projects in parallel. Designed for power users who live on the keyboard and rarely touch the mouse. Collaborate with AI to create...

5.9AI score

EUVD•added 2026/05/07 6:30 p.m.•8 views

EUVD-2026-28403

A vulnerability has been found in router-for-me CLIProxyAPI 6.9.29. Affected by this issue is some unknown functionality of the file internal/api/handlers/management/apitools.go of the component API Interface. The manipulation of the argument url leads to server-side request forgery. Remote...

6.5CVSS5.3AI score0.0004EPSS