31 matches found
CVE-2026-9101
Prototype pollution in csv parsing logic during import can lead to untrusted file paths but not arguments entering shell.openExternal after specific user behavior leading to "1-click" command execution...
CVE-2026-9101
Prototype pollution in csv parsing logic during import can lead to untrusted file paths but not arguments entering shell.openExternal after specific user behavior leading to "1-click" command execution...
CVE-2026-9101 Prototype pollution in csv parsing
Prototype pollution in csv parsing logic during import can lead to untrusted file paths but not arguments entering shell.openExternal after specific user behavior leading to "1-click" command execution...
CVE-2026-9101
Prototype pollution in csv parsing logic during import can lead to untrusted file paths but not arguments entering shell.openExternal after specific user behavior leading to "1-click" command execution...
Prototype pollution in csv parsing
Prototype pollution in csv parsing logic during import can lead to untrusted file paths but not arguments entering shell.openExternal after specific user behavior leading to "1-click" command execution...
CVE-2026-9101
The CVE-2026-9101 entry describes a prototype pollution flaw in CSV parsing during import. The underlying issue can allow untrusted file paths (not arguments) to reach shell.openExternal after specific user actions, potentially enabling a limited form of “1-click” command execution. Documents do ...
CVE-2026-9101 Prototype pollution in csv parsing
Prototype pollution in csv parsing logic during import can lead to untrusted file paths but not arguments entering shell.openExternal after specific user behavior leading to "1-click" command execution...
EUVD-2026-31127
Prototype pollution in csv parsing logic during import can lead to untrusted file paths but not arguments entering shell.openExternal after specific user behavior leading to "1-click" command execution...
MongoDB Compass 安全漏洞
MongoDB Compass is a free interactive tool provided by the American company MongoDB. It is used for querying, optimizing, and analyzing MongoDB data. There is a security vulnerability in MongoDB Compass, which stems from prototype pollution. This vulnerability may allow certain users to access...
PT-2026-42201
Prototype pollution in csv parsing logic during import can lead to untrusted file paths but not arguments entering shell.openExternal after specific user behavior leading to "1-click" command execution...
PT-2026-39859
Name of the Vulnerable Software and Affected Versions DeepChat versions prior to 1.0.4-beta.1 Description An incomplete mitigation for a previous issue allows for an arbitrary protocol execution bypass, which can lead to remote code execution RCE. While restrictions were applied to the...
Open Redirect
Overview electerm is an open-sourced terminal/ssh/telnet/serialport/sftp client Affected versions of this package are vulnerable to Open Redirect in the shell.openExternal process. An attacker can execute arbitrary code or access local files by crafting a malicious URI in terminal output and...
EUVD-2026-28513
Electerm has an unvalidated shell.openExternal that allows arbitrary protocol execution via terminal link click...
CVE-2026-43941
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, Electerm's terminal hyperlink handler passes any URL clicked in the terminal directly to shell.openExternal without any protocol validation. An attacker who controls terminal...
CVE-2026-43941 Unvalidated shell.openExternal in electerm allows arbitrary protocol execution via terminal link click
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, Electerm's terminal hyperlink handler passes any URL clicked in the terminal directly to shell.openExternal without any protocol validation. An attacker who controls terminal...
CVE-2026-43941 Unvalidated shell.openExternal in electerm allows arbitrary protocol execution via terminal link click
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, Electerm's terminal hyperlink handler passes any URL clicked in the terminal directly to shell.openExternal without any protocol validation. An attacker who controls terminal...
PT-2026-38647
Name of the Vulnerable Software and Affected Versions Electerm versions prior to 3.8.16 Description The terminal hyperlink handler passes any URL clicked in the terminal directly to the shell.openExternal function without protocol validation. An attacker controlling terminal output, such as throu...
CVE-2026-34777
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, when an iframe requests fullscreen, pointerLock, keyboardLock, openExternal, or media permissions, the origin passed to...
CVE-2026-34777
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, when an iframe requests fullscreen, pointerLock, keyboardLock, openExternal, or media permissions, the origin passed to...
GHSA-R5P7-GP4J-QHRX Electron: Incorrect origin passed to permission request handler for iframe requests
Impact When an iframe requests fullscreen, pointerLock, keyboardLock, openExternal, or media permissions, the origin passed to session.setPermissionRequestHandler was the top-level page's origin rather than the requesting iframe's origin. Apps that grant permissions based on the origin parameter ...