CVE-2026-45353 electerm: Local code through electerm's single-instance socket

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From 3.0.6 to 3.8.8, This vulnerability is fixed in 3.9.0...

CVE-2026-45353 electerm: Local code through electerm's single-instance socket

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From 3.0.6 to 3.8.8, This vulnerability is fixed in 3.9.0...

CVE-2026-45353

CVE-2026-45353 affects electerm (3.0.6–3.8.8); the vulnerability arises from the single-instance socket allowing local code execution via a crafted JSON payload, enabling a same-user process to spawn attacker-controlled local processes. The issue is resolved in 3.9.0 (official fix); some sources ...

Electerm 安全漏洞

Electerm is a SSH/SFTP client developed by ZXDong262 from China, based on Electron. Versions 3.0.6 to 3.8.8 of Electerm have security vulnerabilities, which stem from executing local code through Electerm’s single-instance socket...

GHSA-7P5M-V798-F8VV Electerm Local code through electerm's single-instance socket

Impact Local code execution without UI interaction: any same-user process can send a JSON payload to electerm's single-instance socket/pipe, causing the app to create tabs and potentially spawn attacker-controlled local processes. Affects electerm single-instance installs on the machine. Patches ...

Improper Verification of Source of a Communication Channel

Overview electerm is an open-sourced terminal/ssh/telnet/serialport/sftp client Affected versions of this package are vulnerable to Improper Verification of Source of a Communication Channel via the single-instance socket process. An attacker can execute arbitrary code by sending a crafted JSON...

NPM: Electerm Local code through electerm's single-instance socket

NPM: Electerm Local code through electerm's single-instance socket vulnerability discovered by ? in WordPress Npm electerm versions = 3.0.6, = 3.8.8...

Electerm Local code through electerm's single-instance socket

Impact Local code execution without UI interaction: any same-user process can send a JSON payload to electerm's single-instance socket/pipe, causing the app to create tabs and potentially spawn attacker-controlled local processes. Affects electerm single-instance installs on the machine. Patches ...

PT-2026-41182

Name of the Vulnerable Software and Affected Versions electerm versions 3.0.6 through 3.8.8 Description A local code execution issue exists where any process running under the same user can send a JSON payload to the single-instance socket or pipe of the application. This allows an attacker to...

Security update for pcmanfm (moderate)

openSUSE Security Update: Security update for pcmanfm Announcement ID: openSUSE-SU-2022:10001-1 Rating: moderate References: 1039140 Cross-References: CVE-2017-8934 CVSS scores: CVE-2017-8934 NVD : 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Backports SLE-15-SP3 A...