Lucene search
K

10 matches found

CVE
CVE
added 2026/06/24 5:26 p.m.20 views

CVE-2026-54699

Warp contains an OS command injection in the WSL URL-opening fallback. When Warp runs under WSL and cannot open a URL via wslview, it uses a Windows command processor path, and a URL controlled through terminal output can reach this fallback when opened. Affected versions range from 0.2024.03.12....

7.7CVSS5.9AI score0.00436EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.8 views

CVE-2026-43941

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, Electerm's terminal hyperlink handler passes any URL clicked in the terminal directly to shell.openExternal without any protocol validation. An attacker who controls terminal...

9.6CVSS6.3AI score0.00394EPSS
Exploits0References1
OSV
OSV
added 2026/05/08 6:35 p.m.6 views

GHSA-FWF6-J56G-M97C Electerm has an unvalidated shell.openExternal that allows arbitrary protocol execution via terminal link click

Impact Electerm's terminal hyperlink handler passes any URL clicked in the terminal directly to shell.openExternal without any protocol validation. When a user connects to a malicious SSH server, the attacker can print a crafted URI in the terminal output. If the victim clicks the link,...

8.8CVSS6.3AI score0.00394EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/08 6:35 p.m.11 views

EUVD-2026-28513

Electerm has an unvalidated shell.openExternal that allows arbitrary protocol execution via terminal link click...

9.6CVSS6AI score0.00394EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/08 6:35 p.m.11 views

NPM: Electerm has an unvalidated shell.openExternal that allows arbitrary protocol execution via terminal link click

NPM: Electerm has an unvalidated shell.openExternal that allows arbitrary protocol execution via terminal link click vulnerability discovered by ? in WordPress Npm electerm versions = 3.8.15...

9.6CVSS6AI score0.00394EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 6:35 p.m.26 views

Electerm has an unvalidated shell.openExternal that allows arbitrary protocol execution via terminal link click

Impact Electerm's terminal hyperlink handler passes any URL clicked in the terminal directly to shell.openExternal without any protocol validation. When a user connects to a malicious SSH server, the attacker can print a crafted URI in the terminal output. If the victim clicks the link,...

9.6CVSS6.3AI score0.00394EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/05/08 4:16 a.m.14 views

CVE-2026-43941

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, Electerm's terminal hyperlink handler passes any URL clicked in the terminal directly to shell.openExternal without any protocol validation. An attacker who controls terminal...

9.6CVSS0.00394EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/08 3:1 a.m.34 views

CVE-2026-43941 Unvalidated shell.openExternal in electerm allows arbitrary protocol execution via terminal link click

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, Electerm's terminal hyperlink handler passes any URL clicked in the terminal directly to shell.openExternal without any protocol validation. An attacker who controls terminal...

9.6CVSS0.00394EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/08 3:1 a.m.6 views

CVE-2026-43941 Unvalidated shell.openExternal in electerm allows arbitrary protocol execution via terminal link click

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, Electerm's terminal hyperlink handler passes any URL clicked in the terminal directly to shell.openExternal without any protocol validation. An attacker who controls terminal...

9.6CVSS6.4AI score0.00394EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.11 views

PT-2026-38647

Name of the Vulnerable Software and Affected Versions Electerm versions prior to 3.8.16 Description The terminal hyperlink handler passes any URL clicked in the terminal directly to the shell.openExternal function without protocol validation. An attacker controlling terminal output, such as throu...

9.6CVSS6.2AI score0.00394EPSS
Exploits0References9
Rows per page
Query Builder