Lucene search
K

127 matches found

OSV
OSV
added 2026/07/02 7:22 p.m.3 views

GHSA-V5FF-XMFP-P245 electerm has Command Injection in File System Operations (rmrf, mv, cp)

Impact A command injection vulnerability exists in electerm's file system operations rmrf, mv, cp in src/app/lib/fs.js. These functions construct shell commands by interpolating file paths directly into command strings without escaping shell metacharacters. Vulnerable functions: - rmrf - Uses rm...

8.8CVSS6.2AI score0.00072EPSS
Exploits0References3
OSV
OSV
added 2026/07/02 7:20 p.m.2 views

GHSA-38J7-23HF-9MHC electerm has Path Traversal in Zmodem and Trzsz Download Filename Handling

Impact A path traversal vulnerability exists in the Zmodem and Trzsz file download handlers in electerm. When receiving files via Zmodem or Trzsz protocols, electerm uses the remote-supplied filename directly in path.join with the user-selected download directory without sanitization. A malicious...

7.1CVSS6AI score0.00034EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.10 views

CVE-2026-43942

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, the getConstants IPC handler in src/app/lib/ipc-sync.js serialises the entire process.env object and sends it to the renderer. The data is stored as window.pre.env and is...

5.5CVSS5.8AI score0.00103EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.11 views

CVE-2026-43941

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, Electerm's terminal hyperlink handler passes any URL clicked in the terminal directly to shell.openExternal without any protocol validation. An attacker who controls terminal...

9.6CVSS6.3AI score0.00394EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.9 views

CVE-2026-43943

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.9, a code execution RCE vulnerability exists in electerm's SFTP open with system editor or "Edit with custom editor" feature. When a user opts to edit a file using open with system edito...

7.8CVSS6.1AI score0.00167EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.7 views

CVE-2026-41501

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.3.8, a command injection vulnerability exists in github.com/elcterm/electerm/npm/install.js:130. The runLinux function appends attacker-controlled remote version strings directly into an...

9.8CVSS5.4AI score0.01302EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.9 views

CVE-2026-41500

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.3.8, a command injection vulnerability exists in github.com/elcterm/electerm/npm/install.js:150. The runMac function appends attacker-controlled remote releaseInfo.name directly into an...

9.8CVSS5.4AI score0.01572EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.8 views

CVE-2026-45353

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From 3.0.6 to 3.8.8, This vulnerability is fixed in 3.9.0...

9.3CVSS5.4AI score0.00114EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/30 8:13 a.m.17 views

CVE-2026-45058

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In 3.8.8 and earlier, there is persistent local-pty code execution via imported bookmarks or compromised sync targets. Affects users who import bookmark JSON files or who have electerm sync configured...

9.4CVSS6.5AI score0.00234EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.16 views

CVE-2026-45787

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common...

9.1CVSS5.8AI score0.00105EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/28 8:51 p.m.8 views

Arbitrary Code Injection

Overview electerm is an open-sourced terminal/ssh/telnet/serialport/sftp client Affected versions of this package are vulnerable to Arbitrary Code Injection via the import process of bookmark data or during sync operations. An attacker can execute arbitrary code by injecting malicious fields into...

9.6CVSS6AI score0.00234EPSS
Exploits0References2
NVD
NVD
added 2026/05/28 6:16 p.m.22 views

CVE-2026-45787

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common...

9.1CVSS0.00105EPSS
Exploits0References2
NVD
NVD
added 2026/05/28 6:16 p.m.16 views

CVE-2026-45353

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From 3.0.6 to 3.8.8, This vulnerability is fixed in 3.9.0...

9.3CVSS0.00114EPSS
Exploits0References2
NVD
NVD
added 2026/05/28 6:16 p.m.15 views

CVE-2026-45058

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In 3.8.8 and earlier, there is persistent local-pty code execution via imported bookmarks or compromised sync targets. Affects users who import bookmark JSON files or who have electerm sync configured...

9.4CVSS0.00234EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/28 5:20 p.m.33 views

CVE-2026-45058 electerm: Import unsafe bookmark data could lead to unsafe operation when click local type bookmark

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In 3.8.8 and earlier, there is persistent local-pty code execution via imported bookmarks or compromised sync targets. Affects users who import bookmark JSON files or who have electerm sync configured...

9.4CVSS0.00234EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 5:20 p.m.11 views

CVE-2026-45058 electerm: Import unsafe bookmark data could lead to unsafe operation when click local type bookmark

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In 3.8.8 and earlier, there is persistent local-pty code execution via imported bookmarks or compromised sync targets. Affects users who import bookmark JSON files or who have electerm sync configured...

9.4CVSS6.5AI score0.00234EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/28 5:20 p.m.13 views

EUVD-2026-32961

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In 3.8.8 and earlier, there is persistent local-pty code execution via imported bookmarks or compromised sync targets. Affects users who import bookmark JSON files or who have electerm sync configured...

9.4CVSS6.5AI score0.00234EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 5:20 p.m.8 views

CVE-2026-45058

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In 3.8.8 and earlier, there is persistent local-pty code execution via imported bookmarks or compromised sync targets. Affects users who import bookmark JSON files or who have electerm sync configured...

9.4CVSS6.5AI score0.00234EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/28 5:20 p.m.18 views

CVE-2026-45058

The CVE-2026-45058 issue affects electerm (versions 3.8.8 and earlier). The root cause is persistent local-pty code execution via imported bookmarks or compromised sync targets, allowing an attacker to inject exec* fields or global config. This can cause remote code to run when a bookmark is open...

9.4CVSS6.5AI score0.00234EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/28 5:19 p.m.33 views

CVE-2026-45353 electerm: Local code through electerm's single-instance socket

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From 3.0.6 to 3.8.8, This vulnerability is fixed in 3.9.0...

9.3CVSS0.00114EPSS
Exploits0References2
Rows per page
Query Builder