Lucene search
K

124 matches found

CVE
CVE
added 2026/05/28 5:19 p.m.18 views

CVE-2026-45353

CVE-2026-45353 affects electerm (3.0.6–3.8.8); the vulnerability arises from the single-instance socket allowing local code execution via a crafted JSON payload, enabling a same-user process to spawn attacker-controlled local processes. The issue is resolved in 3.9.0 (official fix); some sources ...

9.3CVSS5.8AI score0.00114EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/28 5:17 p.m.17 views

EUVD-2026-32959

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common...

6CVSS5.8AI score0.00105EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/28 5:17 p.m.12 views

CVE-2026-45787 electerm's encrypt method not safe enough

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common...

6CVSS5.8AI score0.00105EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/28 5:17 p.m.32 views

CVE-2026-45787 electerm's encrypt method not safe enough

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmark/profile data. Attackers can crack common...

6CVSS0.00105EPSS
Exploits0References2
CVE
CVE
added 2026/05/28 5:17 p.m.21 views

CVE-2026-45787

The CVE-2026-45787 entry concerns electerm, an open-source terminal/SSH/etc. client. Technical details in connected sources show that versions prior to 3.9.5 use deterministic AES-192-CBC with a fixed zero IV, a constant KDF salt, and no MAC, causing confidentiality and integrity failures for syn...

9.1CVSS5.8AI score0.00105EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.9 views

Electerm 安全漏洞

Electerm is a SSH/SFTP client developed by ZXDong262 of China, based on Electron. Versions of Electerm prior to 3.9.5 contained security vulnerabilities. These vulnerabilities stemmed from the use of a fixed-zero IV, a constant KDF salt, and no MAC generation in the deterministic AES-192-CBC...

6CVSS5.8AI score0.00105EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.9 views

Electerm 安全漏洞

Electerm is a SSH/SFTP client developed by ZXDong262 from China, based on Electron. Versions 3.0.6 to 3.8.8 of Electerm have security vulnerabilities, which stem from executing local code through Electerm’s single-instance socket...

9.3CVSS5.9AI score0.00114EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

Electerm 安全漏洞

Electerm is a SSH/SFTP client developed by ZXDong262 from China, based on Electron. Versions of Electerm 3.8.8 and earlier have security vulnerabilities. These vulnerabilities stem from the possibility of executing local PTY code when bookmarking or synchronizing targets involves injecting the ex...

9.4CVSS5.9AI score0.00234EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/14 8:30 p.m.7 views

NPM: electerm's encrypt method not safe enough

NPM: electerm's encrypt method not safe enough vulnerability discovered by ? in WordPress Npm electerm versions 3.9.5...

6CVSS5.8AI score0.00105EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/05/14 8:30 p.m.9 views

Use of Password Hash With Insufficient Computational Effort

Overview electerm is an open-sourced terminal/ssh/telnet/serialport/sftp client Affected versions of this package are vulnerable to Use of Password Hash With Insufficient Computational Effort due to the encrypt process. An attacker can compromise the confidentiality and integrity of synced bookma...

6CVSS5.8AI score0.00105EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/05/14 8:29 p.m.10 views

NPM: Electerm Local code through electerm's single-instance socket

NPM: Electerm Local code through electerm's single-instance socket vulnerability discovered by ? in WordPress Npm electerm versions = 3.0.6, = 3.8.8...

9.3CVSS5.9AI score0.00114EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/05/14 8:29 p.m.8 views

Improper Verification of Source of a Communication Channel

Overview electerm is an open-sourced terminal/ssh/telnet/serialport/sftp client Affected versions of this package are vulnerable to Improper Verification of Source of a Communication Channel via the single-instance socket process. An attacker can execute arbitrary code by sending a crafted JSON...

9.3CVSS6.2AI score0.00114EPSS
Exploits0References4
OSV
OSV
added 2026/05/14 8:29 p.m.6 views

GHSA-7P5M-V798-F8VV Electerm Local code through electerm's single-instance socket

Impact Local code execution without UI interaction: any same-user process can send a JSON payload to electerm's single-instance socket/pipe, causing the app to create tabs and potentially spawn attacker-controlled local processes. Affects electerm single-instance installs on the machine. Patches ...

9.3CVSS6.2AI score0.00114EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/14 8:29 p.m.12 views

Electerm Local code through electerm's single-instance socket

Impact Local code execution without UI interaction: any same-user process can send a JSON payload to electerm's single-instance socket/pipe, causing the app to create tabs and potentially spawn attacker-controlled local processes. Affects electerm single-instance installs on the machine. Patches ...

9.3CVSS6.2AI score0.00114EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/05/14 8:15 p.m.7 views

NPM: Electerm: Importing unsafe bookmark data could lead to unsafe operation when clicking local type bookmark

NPM: Electerm: Importing unsafe bookmark data could lead to unsafe operation when clicking local type bookmark vulnerability discovered by ? in WordPress Npm electerm versions = 3.8.8...

9.4CVSS5.8AI score0.00234EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/14 8:15 p.m.5 views

GHSA-JGG9-RW32-44PJ Electerm: Importing unsafe bookmark data could lead to unsafe operation when clicking local type bookmark

Impact Persistent local-pty code execution via imported bookmarks or compromised sync targets. Affects users who import bookmark JSON files or who have electerm sync configured gist/WebDAV. The attacker can inject exec fields or global config to cause remote code to run when a bookmark is opened ...

9.4CVSS6.5AI score0.00234EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.17 views

PT-2026-41182

Name of the Vulnerable Software and Affected Versions electerm versions 3.0.6 through 3.8.8 Description A local code execution issue exists where any process running under the same user can send a JSON payload to the single-instance socket or pipe of the application. This allows an attacker to...

9.3CVSS6.2AI score0.00114EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/05/11 8:26 p.m.8 views

CVE-2026-43944

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From versions 3.0.6 to before 3.8.15, electerm is vulnerable to arbitrary local code execution via deep links, CLI --opts, or crafted shortcuts. Exploit requires clicking a crafted electerm://... link or...

9.6CVSS6.2AI score0.00363EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/08 6:46 p.m.10 views

EUVD-2026-28516

Electerm users can run dangrous code through link or command line...

9.6CVSS5.9AI score0.00363EPSS
Exploits0References5
Snyk
Snyk
added 2026/05/08 6:46 p.m.9 views

Unsafe Dependency Resolution

Overview electerm is an open-sourced terminal/ssh/telnet/serialport/sftp client Affected versions of this package are vulnerable to Unsafe Dependency Resolution in the handling of protocol URLs or command-line options. An attacker can execute arbitrary local code by enticing a user to click a...

9.6CVSS6.1AI score0.00363EPSS
Exploits0References3
Rows per page
Query Builder