CVE-2026-41500 electerm has Command Injection Vulnerability via runMac function

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.3.8, a command injection vulnerability exists in github.com/elcterm/electerm/npm/install.js:150. The runMac function appends attacker-controlled remote releaseInfo.name directly into an...

Electerm 命令注入漏洞

Electerm is a SSH/SFTP client developed by ZXDong262 from China, based on Electron. Versions of Electerm prior to 3.3.8 contained a command injection vulnerability. This vulnerability stemmed from the runLinux function, which directly concatenated the remote version string controlled by the...

EUVD-2025-24832

Malicious code in bioql PyPI...

CVE-2025-27847

In ESPEC North America Web Controller 3 before 3.3.8, /api/v4/auth/ users session privileges are not revoked on logout...

LetoDMS suffers from multiple cross-site scripting vulnerabilities (CNVD-2017-35521)

LetoDMS formerly known as MyDMS is a set of PHP and MySQL development of Web-based open source document management system . Multiple cross-site scripting vulnerabilities exist in versions of LetoDMS prior to 3.3.8. Remote attackers can use the parameters in the inc/inc.ClassUI.php or...