Lucene search
K

224 matches found

EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42722

Hermes WebUI before 0.51.788 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary shell commands by accessing the embedded terminal API endpoints without credentials. Attackers can create a session, attach a PTY shell, and write arbitra...

9.8CVSS6.8AI score0.00928EPSS
Exploits0References5
NVD
NVD
added 2026/06/17 5:16 p.m.11 views

CVE-2025-71322

PickleScan before 0.0.33 fails to include the pty.spawn function in its unsafe globals list, allowing attackers to bypass security checks. Malicious actors can craft pickle payloads using pty.spawn to achieve arbitrary code execution when files are processed by PickleScan...

8.8CVSS0.00384EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 3:4 p.m.10 views

EUVD-2025-210269

PickleScan before 0.0.33 fails to include the pty.spawn function in its unsafe globals list, allowing attackers to bypass security checks. Malicious actors can craft pickle payloads using pty.spawn to achieve arbitrary code execution when files are processed by PickleScan...

8.8CVSS6AI score0.00384EPSS
Exploits0References2
CVE
CVE
added 2026/06/17 3:4 p.m.18 views

CVE-2025-71322

CVE-2025-71322 affects PickleScan prior to 0.0.33, where the unsafe-globals check omits pty.spawn. Attackers can craft pickle payloads using pty.spawn to bypass checks and achieve arbitrary code execution during file processing. The connected records confirm the root cause (missing pty.spawn in u...

8.8CVSS6.1AI score0.00384EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/17 3:4 p.m.22 views

CVE-2025-71322 PickleScan - Unsafe Globals Check Bypass via pty.spawn Function

PickleScan before 0.0.33 fails to include the pty.spawn function in its unsafe globals list, allowing attackers to bypass security checks. Malicious actors can craft pickle payloads using pty.spawn to achieve arbitrary code execution when files are processed by PickleScan...

8.8CVSS0.00384EPSS
Exploits0References2
OSV
OSV
added 2026/06/17 3:4 p.m.2 views

CVE-2025-71322 PickleScan - Unsafe Globals Check Bypass via pty.spawn Function

PickleScan before 0.0.33 fails to include the pty.spawn function in its unsafe globals list, allowing attackers to bypass security checks. Malicious actors can craft pickle payloads using pty.spawn to achieve arbitrary code execution when files are processed by PickleScan...

8.7CVSS6.6AI score0.00384EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/30 8:13 a.m.19 views

CVE-2026-45058

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In 3.8.8 and earlier, there is persistent local-pty code execution via imported bookmarks or compromised sync targets. Affects users who import bookmark JSON files or who have electerm sync configured...

9.4CVSS6.5AI score0.00234EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 5:20 p.m.13 views

CVE-2026-45058 electerm: Import unsafe bookmark data could lead to unsafe operation when click local type bookmark

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In 3.8.8 and earlier, there is persistent local-pty code execution via imported bookmarks or compromised sync targets. Affects users who import bookmark JSON files or who have electerm sync configured...

9.4CVSS6.5AI score0.00234EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 5:20 p.m.9 views

CVE-2026-45058

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In 3.8.8 and earlier, there is persistent local-pty code execution via imported bookmarks or compromised sync targets. Affects users who import bookmark JSON files or who have electerm sync configured...

9.4CVSS6.5AI score0.00234EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/28 5:20 p.m.22 views

CVE-2026-45058

The CVE-2026-45058 issue affects electerm (versions 3.8.8 and earlier). The root cause is persistent local-pty code execution via imported bookmarks or compromised sync targets, allowing an attacker to inject exec* fields or global config. This can cause remote code to run when a bookmark is open...

9.4CVSS6.5AI score0.00234EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.32 views

PT-2026-41157

Name of the Vulnerable Software and Affected Versions electerm versions prior to 3.8.9 Description Persistent local-pty code execution is possible through the import of bookmark JSON files or compromised synchronization targets such as gist or WebDAV. An attacker can inject exec fields or global...

9.4CVSS6.4AI score0.00234EPSS
Exploits0References7
NVD
NVD
added 2026/05/08 3:16 p.m.54 views

CVE-2026-43458

In the Linux kernel, the following vulnerability has been resolved: serial: caif: hold tty-link reference in ldiscopen and serrelease A reproducer triggers a KASAN slab-use-after-free in ptywriteroom when caifserial's TX path calls ttywriteroom. The faulting access is on tty-link-port. Hold an...

7.8CVSS0.00117EPSS
Exploits0References8
CVE
CVE
added 2026/05/08 2:22 p.m.21 views

CVE-2026-43458

The CVE affects the Linux kernel’s caif_serial line discipline. A use-after-free (KASAN slab UAF) could be triggered in pty_write_room() when the caif_serial TX path invokes tty_write_room(), accessing tty->link->port. Root cause: improper management of the tty->link reference during ldi...

7.8CVSS5.8AI score0.00117EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/05/08 2:22 p.m.1 views

CVE-2026-43458 serial: caif: hold tty->link reference in ldisc_open and ser_release

In the Linux kernel, the following vulnerability has been resolved: serial: caif: hold tty-link reference in ldiscopen and serrelease A reproducer triggers a KASAN slab-use-after-free in ptywriteroom when caifserial's TX path calls ttywriteroom. The faulting access is on tty-link-port. Hold an...

7.8CVSS5.8AI score0.00117EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.16 views

PT-2026-39119

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A slab-use-after-free issue exists in the Linux kernel's caif serial line discipline. The problem occurs when the TX path calls tty write room, leading to a faulting access on...

5.8AI score0.00117EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/04/23 7:58 p.m.7 views

CVE-2026-39987

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSock...

9.8CVSS7.6AI score0.95645EPSS
Exploits11References1
Fedora
Fedora
added 2026/04/16 11:42 p.m.9 views

[SECURITY] Fedora 44 Update: kf6-kpty-6.25.0-1.fc44

KDE Frameworks 6 tier 2 module providing Pty abstraction...

5.8AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/09 5:16 p.m.4 views

CVE-2026-39987

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSock...

9.3CVSS6.2AI score0.95645EPSS
Exploits11References4Affected Software1
EUVD
EUVD
added 2026/04/09 5:16 p.m.5 views

EUVD-2026-20980

marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticated attacker to obtain a full PTY shell and execute arbitrary system commands. Unlike other WebSock...

9.3CVSS6.2AI score0.95645EPSS
Exploits11References3
CVE
CVE
added 2026/04/09 5:16 p.m.84 views

CVE-2026-39987

CVE-2026-39987 — Marimo WebSocket terminal endpoint unauthenticated pre-auth RCE. The vulnerability resides in the terminal WebSocket at /terminal/ws, which accepts connections without authenticating, unlike the /ws endpoint that invokes validate_auth(). An unauthenticated client can obtain a ful...

9.8CVSS6.2AI score0.95645EPSS
In wildExploits11References5Affected Software1
Rows per page
Query Builder