CVE-2026-33633

Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in loadimagedata that allows any process which can write to the terminal's stdin to crash kitty immediately. The vulnerability is triggered by a single APC graphics protocol command with a PNG...

EmTec ZOC Terminal 缓冲区错误漏洞

EmTec ZOC Terminal is a terminal emulation software developed by EmTec Corporation. Version 7.23.4 of Emtec ZOC Terminal contains a buffer error vulnerability. This vulnerability stems from a buffer overflow in the Shell field set by the program, which could allow local attackers to cause the...

Updated vim packages fix security vulnerabilities

OS Command Injection in netrw affects Vim 9.2.0073. CVE-2026-28417 Heap-based Buffer Overflow in Emacs tags parsing affects Vim 9.2.0074. CVE-2026-28418 Heap-based Buffer Underflow in Emacs tags parsing affects Vim 9.2.0075. CVE-2026-28419 Heap-based Buffer Overflow and OOB Read in :terminal...

CVE-2026-25933 Arduino App Lab has Improper Data Validation in Internal Terminal Interface

Arduino App Lab is a cross-platform IDE for developing Arduino Apps. Prior to 0.4.0, a vulnerability was identified in the Terminal component of the arduino-app-lab application. The issue stems from insufficient sanitization and validation of input data received from connected hardware devices,...

V-SOL GPON/EPON OLT Platform 跨站脚本漏洞

V-SOL GPON/EPON OLT Platform is an optical line terminal management platform from China Semiconductor V-SOL. A cross-site scripting vulnerability exists in V-SOL GPON/EPON OLT Platform version v2.03, which stems from improper input cleanup and could lead to a reflected cross-site scripting attack...

EUVD-2008-1151

Malware in sbrugna...

Missing Origin Validation in WebSockets

Overview Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via the CheckOrigin function in the api/terminal.go file. An attacker can execute arbitrary commands on the target system by tricking an authenticated user into visiting a malicious web page that...

NCR Atleos ITM Web terminal 安全漏洞

NCR Atleos ITM Web terminal is a web terminal from NCR Atleos, Inc. A security vulnerability exists in NCR Atleos ITM Web terminal versions 4.4.0 and 4.4.4, which stems from improper handling of specially crafted scripts by the IP camera URL component, which could lead to the execution of arbitra...

CVE-2019-14719

Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow multiple arbitrary command injections, as demonstrated by the file manager...

CVE-2024-52005 The sideband payload is passed unfiltered to the terminal in git

Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the remote Git process to the client via the so-called "sideband channel". These messages will be prefixed with "remote:" and printed directly to the...

SUSE CVE-2008-1142

rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that th...

SUSE-SU-2023:0348-1 Security update for less

This update for less fixes the following issues: - CVE-2022-46663: Fixed denial-of-service by printing specially crafted escape sequences to the terminal bsc1207815...

USN-5580-1 linux-aws vulnerabilities

It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-33655 It was...

CVE-2021-3769

Vulnerability in pygmalion, pygmalion-virtualenv and refined themes Description: these themes use print -P on user-supplied strings to print them to the terminal. All of them do that on git information, particularly the branch name, so if the branch has a specially-crafted name the vulnerability...

The vulnerability of the CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, FD8000 optical line terminals is related to rigid encoding of registration data. This vulnerability allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of optical line terminal devices such as CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS...

CVE-2019-9535 iTerm2, up to and including version 3.3.5, with tmux integration is vulnerable to remote command execution

A vulnerability exists in the way that iTerm2 integrates with tmux's control mode, which may allow an attacker to execute arbitrary commands by providing malicious output to the terminal. This affects versions of iTerm2 up to and including 3.3.5. This vulnerability may allow an attacker to execut...

@screeps/launcher (>=0.0.1 <=4.2.0-beta.8), @screepsunleashed/screeps (>=0.1.3 <=0.1.4) +9 more potentially affected by unknown CVE via jquery.terminal (>=0.10.12 <=0.11.4)

jquery.terminal NPM version =0.10.12, =0.0.1, =0.1.3, =2.0.0, =3.3.2, =0.0.3, =0.1.0, =1.0.0, =1.0.2, =0.0.7, =0.1.0 Source cves: unknown CVE Source advisory: OSV:GHSA-2HWP-G4G7-MWWJ...

Apple OS X Terminal Information Disclosure Vulnerability

Apple OS X is a specialized operating system developed by Apple for Mac computers, of which Terminal is a terminal component. An information disclosure vulnerability exists in Terminal in versions of Apple OS X prior to 10.12, which can be exploited by a local attacker to obtain sensitive...

CVE-2011-2198

The "insert-blank-characters" capability in caps.c in gnome-terminal vte before 0.28.1 allows remote authenticated users to cause a denial of service CPU and memory consumption and crash via a crafted file, as demonstrated by a file containing the string "\033100000000000000000@"...

vte -- Classic terminal title set+query attack

Kees Cook reports: Janne Snabb discovered that applications using VTE, such as gnome-terminal, did not correctly filter window and icon title request escape codes. If a user were tricked into viewing specially crafted output in their terminal, a remote attacker could execute arbitrary commands wi...