42 matches found
Malicious code in hey-base32 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f5bbdc771de9f99f6454831cc2cd8c22f0af88dfeb3ec66a6c4d3b174c860517 The package advertises itself as a zero-dependency base32 encoder/decoder, but its CLI entry point bin/hey-base32.js starts a remote-access tunnel on...
MAL-2026-5398 Malicious code in hey-base32 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f5bbdc771de9f99f6454831cc2cd8c22f0af88dfeb3ec66a6c4d3b174c860517 The package advertises itself as a zero-dependency base32 encoder/decoder, but its CLI entry point bin/hey-base32.js starts a remote-access tunnel on...
CVE-2026-45353 electerm: Local code through electerm's single-instance socket
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From 3.0.6 to 3.8.8, This vulnerability is fixed in 3.9.0...
CVE-2026-45353 electerm: Local code through electerm's single-instance socket
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From 3.0.6 to 3.8.8, This vulnerability is fixed in 3.9.0...
CVE-2026-45353
CVE-2026-45353 affects electerm (3.0.6–3.8.8); the vulnerability arises from the single-instance socket allowing local code execution via a crafted JSON payload, enabling a same-user process to spawn attacker-controlled local processes. The issue is resolved in 3.9.0 (official fix); some sources ...
Electerm 安全漏洞
Electerm is a SSH/SFTP client developed by ZXDong262 from China, based on Electron. Versions 3.0.6 to 3.8.8 of Electerm have security vulnerabilities, which stem from executing local code through Electerm’s single-instance socket...
Improper Verification of Source of a Communication Channel
Overview electerm is an open-sourced terminal/ssh/telnet/serialport/sftp client Affected versions of this package are vulnerable to Improper Verification of Source of a Communication Channel via the single-instance socket process. An attacker can execute arbitrary code by sending a crafted JSON...
NPM: Electerm Local code through electerm's single-instance socket
NPM: Electerm Local code through electerm's single-instance socket vulnerability discovered by ? in WordPress Npm electerm versions = 3.0.6, = 3.8.8...
Electerm Local code through electerm's single-instance socket
Impact Local code execution without UI interaction: any same-user process can send a JSON payload to electerm's single-instance socket/pipe, causing the app to create tabs and potentially spawn attacker-controlled local processes. Affects electerm single-instance installs on the machine. Patches ...
GHSA-7P5M-V798-F8VV Electerm Local code through electerm's single-instance socket
Impact Local code execution without UI interaction: any same-user process can send a JSON payload to electerm's single-instance socket/pipe, causing the app to create tabs and potentially spawn attacker-controlled local processes. Affects electerm single-instance installs on the machine. Patches ...
PT-2026-41182
Name of the Vulnerable Software and Affected Versions electerm versions 3.0.6 through 3.8.8 Description A local code execution issue exists where any process running under the same user can send a JSON payload to the single-instance socket or pipe of the application. This allows an attacker to...
EUVD-2026-24513
KDE Kleopatra before 26.08.0 on Windows allows local users to obtain the privileges of a Kleopatra user, because there is an error in the mechanism KUniqueService for ensuring that only one instance is running...
CVE-2026-41527
KDE Kleopatra before 26.08.0 on Windows allows local users to obtain the privileges of a Kleopatra user, because there is an error in the mechanism KUniqueService for ensuring that only one instance is running...
CVE-2026-41527
KDE Kleopatra before 26.08.0 on Windows allows local users to obtain the privileges of a Kleopatra user, because there is an error in the mechanism KUniqueService for ensuring that only one instance is running...
kleopatra 安全漏洞
Kleopatra is an open-source GnuPG graphical interface client available on the KDE GitHub Mirror. Versions of Kleopatra prior to 26.08.0 contained security vulnerabilities. These vulnerabilities stemmed from a mechanism that ensured only one instance was running, which could allow local users to...
CVE-2026-41527
KDE Kleopatra before 26.08.0 on Windows allows local users to obtain the privileges of a Kleopatra user, because there is an error in the mechanism KUniqueService for ensuring that only one instance is running...
CVE-2026-41527
KDE Kleopatra before 26.08.0 on Windows allows local users to obtain the privileges of a Kleopatra user, because there is an error in the mechanism KUniqueService for ensuring that only one instance is running...
PT-2026-34191
KDE Kleopatra before 26.08.0 on Windows allows local users to obtain the privileges of a Kleopatra user, because there is an error in the mechanism KUniqueService for ensuring that only one instance is running...
CVE-2026-41527
KDE Kleopatra before 26.08.0 on Windows allows local users to obtain the privileges of a Kleopatra user, because there is an error in the mechanism KUniqueService for ensuring that only one instance is running...
CVE-2026-41527
KDE Kleopatra (Windows) is affected by CVE-2026-41527, with the vulnerable component being the single-instance mechanism implemented by KUniqueService. The issue allows local users to escalate privileges to a Kleopatra user by exploiting a flaw that prevents proper enforcement of a single running...