CVE-2026-33633

Kitty is a cross-platform GPU based terminal. Versions 0.46.2 and below contain a heap buffer overflow in loadimagedata that allows any process which can write to the terminal's stdin to crash kitty immediately. The vulnerability is triggered by a single APC graphics protocol command with a PNG...

Updated vim packages fix security vulnerabilities

OS Command Injection in netrw affects Vim 9.2.0073. CVE-2026-28417 Heap-based Buffer Overflow in Emacs tags parsing affects Vim 9.2.0074. CVE-2026-28418 Heap-based Buffer Underflow in Emacs tags parsing affects Vim 9.2.0075. CVE-2026-28419 Heap-based Buffer Overflow and OOB Read in :terminal...

CVE-2026-25933 Arduino App Lab has Improper Data Validation in Internal Terminal Interface

Arduino App Lab is a cross-platform IDE for developing Arduino Apps. Prior to 0.4.0, a vulnerability was identified in the Terminal component of the arduino-app-lab application. The issue stems from insufficient sanitization and validation of input data received from connected hardware devices,...

CVE-2024-52005 The sideband payload is passed unfiltered to the terminal in git

Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the remote Git process to the client via the so-called "sideband channel". These messages will be prefixed with "remote:" and printed directly to the...

SUSE CVE-2008-1142

rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that th...

CVE-2021-3769

Vulnerability in pygmalion, pygmalion-virtualenv and refined themes Description: these themes use print -P on user-supplied strings to print them to the terminal. All of them do that on git information, particularly the branch name, so if the branch has a specially-crafted name the vulnerability...

CVE-2019-9535 iTerm2, up to and including version 3.3.5, with tmux integration is vulnerable to remote command execution

A vulnerability exists in the way that iTerm2 integrates with tmux's control mode, which may allow an attacker to execute arbitrary commands by providing malicious output to the terminal. This affects versions of iTerm2 up to and including 3.3.5. This vulnerability may allow an attacker to execut...

vte -- Classic terminal title set+query attack

Kees Cook reports: Janne Snabb discovered that applications using VTE, such as gnome-terminal, did not correctly filter window and icon title request escape codes. If a user were tricked into viewing specially crafted output in their terminal, a remote attacker could execute arbitrary commands wi...

Hafiye 1.0 - Remote Terminal Escape Sequence Injection

Hafiye 1.0 - Remote Terminal Escape Sequence Injection / Remote Exploit for Hafiye-1.0 Terminal Escape Sequence Injection Vulnerability Written by Serkan Akpolat Homepage: http://deicide.siyahsapka.org E-mail: deicide siyahsapka org Greets: Virulent, gorny and all other netricians / include inclu...

CVE-2004-0680

The CVE concerns the Zoom X3 ADSL modem: a terminal on port 254 can be accessed using the default HTML management password even if the HTTP interface password was changed, potentially granting remote attackers unauthorized access. No exploitation details are provided in the connected documents.

[Full-Disclosure] Vulnerability in Terminal.app

There is a vulnerability in Apple's Terminal.app for OS X which affects Apple laptops. When running from the Terminal within the Unix shell, the command sudo normally will not prompt for a password for five minutes after the password was last given. The vulnerability occurs when putting an Apple...