Lucene search
K

103 matches found

CNNVD
CNNVD
added 2026/05/08 12:0 a.m.8 views

Termix 操作系统命令注入漏洞

Termix is a server management platform developed by Karmaa’s individual developers. Versions of Termix prior to 2.1.0 contained a vulnerability related to operating system command injection. This vulnerability stemmed from the Docker container management endpoint not properly cleaning or verifyin...

9.9CVSS6.1AI score0.00652EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.16 views

PT-2026-39220

Name of the Vulnerable Software and Affected Versions Termix versions prior to 2.1.0 Description Termix is a web-based server management platform providing SSH terminal, tunneling, and file editing capabilities. All Docker container management endpoints interpolate the containerId URL path...

9.9CVSS6AI score0.00652EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.11 views

Termix 安全漏洞

Termix is a server management platform developed by Karmaa’s individual developers. Versions of Termix prior to 2.1.0 contained security vulnerabilities. These vulnerabilities stemmed from the process of issuing temporary JWT tokens for users using the /users/login endpoint, where the...

8.1CVSS5.8AI score0.00306EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.11 views

Termix 命令注入漏洞

Termix is a server management platform developed by Karmaa’s individual developers. Versions of Termix prior to 2.1.0 contained a command injection vulnerability. This vulnerability stemmed from the use of double-quoted strings in the extractArchive and compressFiles endpoints, which allowed for...

8.7CVSS5.9AI score0.01207EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.14 views

PT-2026-39218

Name of the Vulnerable Software and Affected Versions Termix versions prior to 2.1.0 Description Termix is a web-based server management platform featuring an SSH terminal, tunneling, and file editing. The '/users/login' endpoint issues a temporary JSON Web Token JWT, specifically the temp token,...

8.1CVSS5.8AI score0.00306EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.23 views

PT-2026-39219

Name of the Vulnerable Software and Affected Versions Termix versions prior to 2.1.0 Description Termix is a web-based server management platform providing SSH terminal, tunneling, and file editing capabilities. The 'extractArchive' and 'compressFiles' endpoints in file-manager.ts use double-quot...

8.7CVSS5.8AI score0.01207EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.5 views

CVE-2026-22804

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. From 1.7.0 to 1.9.0, Stored Cross-Site Scripting XSS vulnerability exists in the Termix File Manager component. The application fails to sanitize SVG file content before rendering it. Thi...

8CVSS5.5AI score0.00172EPSS
Exploits2References1
GithubExploit
GithubExploit
added 2026/01/13 5:34 a.m.230 views

Exploit for CVE-2026-22804

Termix Stored XSS PoC GHSA-m3cv-5hgp-hv35 This repository c...

8CVSS5.6AI score0.00172EPSS
Exploits2
NVD
NVD
added 2026/01/12 11:15 p.m.6 views

CVE-2026-22804

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. From 1.7.0 to 1.9.0, Stored Cross-Site Scripting XSS vulnerability exists in the Termix File Manager component. The application fails to sanitize SVG file content before rendering it. Thi...

8CVSS0.00172EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2026/01/12 10:14 p.m.12 views

CVE-2026-22804 Termix has a Stored XSS in File Manager leading to Local File Inclusion (LFI) in Electron and Session Hijacking in Browser

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. From 1.7.0 to 1.9.0, Stored Cross-Site Scripting XSS vulnerability exists in the Termix File Manager component. The application fails to sanitize SVG file content before rendering it. Thi...

8CVSS5.2AI score0.00172EPSS
Exploits2References1
Cvelist
Cvelist
added 2026/01/12 10:14 p.m.25 views

CVE-2026-22804 Termix has a Stored XSS in File Manager leading to Local File Inclusion (LFI) in Electron and Session Hijacking in Browser

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. From 1.7.0 to 1.9.0, Stored Cross-Site Scripting XSS vulnerability exists in the Termix File Manager component. The application fails to sanitize SVG file content before rendering it. Thi...

8CVSS0.00172EPSS
Exploits2References1
CVE
CVE
added 2026/01/12 10:14 p.m.19 views

CVE-2026-22804

CVE-2026-22804 affects Termix versions 1.7.0–1.9.0, where the File Viewer component in the File Manager (src/ui/desktop/apps/file-manager/components/FileViewer.tsx) fails to sanitize SVG content, allowing a stored XSS that can execute arbitrary JavaScript in the app context. If exploited, this ca...

8CVSS5.2AI score0.00172EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/12 12:0 a.m.6 views

PT-2026-2313

Name of the Vulnerable Software and Affected Versions Termix versions 1.7.0 through 1.9.0 Description Termix is a web-based server management platform offering SSH terminal, tunneling, and file editing features. A Stored Cross-Site Scripting XSS issue exists in the Termix File Manager component d...

8CVSS5.6AI score0.00172EPSS
Exploits2References4
CNNVD
CNNVD
added 2026/01/12 12:0 a.m.5 views

Termix 安全漏洞

Termix is a server management platform for Karmaa individual developers. A security vulnerability exists in Termix versions 1.7.0 through 1.9.0, which stems from a file manager component that does not clean up the contents of SVG files before rendering them, which could lead to a stored cross-sit...

8CVSS5.6AI score0.00172EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/10/06 6:14 a.m.5 views

CVE-2025-59951

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The official Docker image for Termix versions 1.5.0 and below, due to being configured with an Nginx reverse proxy, causes the backend to retrieve the proxy's IP instead of the client's I...

9.2CVSS6.6AI score0.0465EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-32061

Malicious code in bioql PyPI...

9.2CVSS6.6AI score0.0465EPSS
Exploits1References2
NVD
NVD
added 2025/10/01 10:15 p.m.7 views

CVE-2025-59951

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The official Docker image for Termix versions 1.5.0 and below, due to being configured with an Nginx reverse proxy, causes the backend to retrieve the proxy's IP instead of the client's I...

9.2CVSS0.0465EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/10/01 9:52 p.m.8 views

CVE-2025-59951 Termix' official Docker image contains an authentication bypass vulnerability

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The official Docker image for Termix versions 1.5.0 and below, due to being configured with an Nginx reverse proxy, causes the backend to retrieve the proxy's IP instead of the client's I...

9.2CVSS0.0465EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/10/01 9:52 p.m.2 views

CVE-2025-59951 Termix' official Docker image contains an authentication bypass vulnerability

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The official Docker image for Termix versions 1.5.0 and below, due to being configured with an Nginx reverse proxy, causes the backend to retrieve the proxy's IP instead of the client's I...

9.2CVSS6.2AI score0.0465EPSS
Exploits1References2
CVE
CVE
added 2025/10/01 9:52 p.m.69 views

CVE-2025-59951

Summary: CVE-2025-59951 concerns Termix’s official Docker image (v1.5.0 and below). A misconfigured Nginx reverse proxy causes the backend to treat the proxy IP as the client IP, making isLocalhost return true and exposing the /ssh/db/host/internal endpoint without login. This endpoint stores SSH...

9.2CVSS6.2AI score0.0465EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder