Lucene search
K

4841 matches found

EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-44692

Tabby formerly Terminus is a highly configurable terminal emulator. Prior to 1.0.234, Tabby inserts dropped file paths from tabby-electron/src/pathDrop.ts into the active shell without neutralizing command substitution metacharacters such as $… and …, so the incomplete CVE-2026-45038 fix for...

7.8CVSS6.4AI score0.00025EPSS
Exploits0References3
CVE
CVE
added 3 hours ago5 views

CVE-2026-46709

Tabby (Terminus) prior to 1.0.234 is vulnerable to a local RCE via drag-and-drop path injection. The vulnerability occurs because Tabby inserts dropped file paths from tabby-electron/src/pathDrop.ts into the active shell without neutralizing command substitution metacharacters (e.g., $(…) and …)....

7.8CVSS6.4AI score0.00025EPSS
Exploits0References3
CVE
CVE
added yesterday4 views

CVE-2026-54124

CVE-2026-54124 – Windows Terminal RCE via integer overflow . The vulnerability is an integer overflow/wraparound in Windows Terminal that can allow a local attacker to execute code on the target system. Public sources in the provided set confirm this CVE refers to Windows Terminal and describe th...

7.8CVSS6.2AI score
Exploits0References1
Fedora
Fedora
added 3 days ago7 views

[SECURITY] Fedora 43 Update: tmux-3.7b-3.fc43

tmux is a "terminal multiplexer." It enables a number of terminals or windows to be accessed and controlled from a single terminal. tmux is intended to be a simple, modern, BSD-licensed alternative to programs such as GNU Screen...

4.5CVSS6.1AI score0.00124EPSS
Exploits0
OSV
OSV
added 5 days ago3 views

CVE-2026-57850 RustDesk before 1.4.9 Missing Session Scope Enforcement Allows Out-of-Scope Control Message Injection

RustDesk before 1.4.9 does not enforce a session's authorized connection scope on the server side, so a peer granted a limited session type FileTransfer, PortForward, ViewCamera, or Terminal can send control messages and login options reserved for a full Remote session. An authenticated remote pe...

8.7CVSS6.1AI score0.00334EPSS
Exploits0References6
CVE
CVE
added 5 days ago15 views

CVE-2026-57850

RustDesk before 1.4.9 fails to enforce a session’s authorized connection scope on the server side. A peer with a limited session type (FileTransfer, PortForward, ViewCamera, or Terminal) can send control messages and login options intended for a full Remote session, enabling actions outside its g...

8.7CVSS6.1AI score0.00334EPSS
Exploits0References4
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42908

The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication. An unauthenticated attacker with network access can retrieve sensitive device information including the serial number, Device ID DID, Terminal Private Key identifier TPK, MAC address, and exact firmwa...

8.7CVSS6.1AI score0.00592EPSS
Exploits0References3
CVE
CVE
added 5 days ago10 views

CVE-2026-38059

The CVE-2026-38059 entry concerns iDirect iQ200 devices where the /api/identity and /api/ REST endpoints are exposed without authentication. An unauthenticated attacker with network access can retrieve sensitive device data including serial number, Device ID (DID), Terminal Private Key (TPK) iden...

8.7CVSS6.1AI score0.00592EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago28 views

CVE-2026-38059 ST Engineering iDirect iQ-Series Terminals Missing authentication for critical function

The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication. An unauthenticated attacker with network access can retrieve sensitive device information including the serial number, Device ID DID, Terminal Private Key identifier TPK, MAC address, and exact firmwa...

8.7CVSS0.00592EPSS
Exploits0References3
Fedora
Fedora
added 5 days ago6 views

[SECURITY] Fedora 43 Update: tmux-3.7-3.fc43

tmux is a "terminal multiplexer." It enables a number of terminals or windows to be accessed and controlled from a single terminal. tmux is intended to be a simple, modern, BSD-licensed alternative to programs such as GNU Screen...

4.5CVSS5.9AI score0.00124EPSS
Exploits0
Fedora
Fedora
added 5 days ago6 views

[SECURITY] Fedora 44 Update: tmux-3.7-2.fc44

tmux is a "terminal multiplexer." It enables a number of terminals or windows to be accessed and controlled from a single terminal. tmux is intended to be a simple, modern, BSD-licensed alternative to programs such as GNU Screen...

4.5CVSS5.9AI score0.00124EPSS
Exploits0
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42722

Hermes WebUI before 0.51.788 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary shell commands by accessing the embedded terminal API endpoints without credentials. Attackers can create a session, attach a PTY shell, and write arbitra...

9.8CVSS6.8AI score0.00928EPSS
Exploits0References5
NVD
NVD
added 6 days ago12 views

CVE-2026-58123

Hermes WebUI before 0.51.788 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary shell commands by accessing the embedded terminal API endpoints without credentials. Attackers can create a session, attach a PTY shell, and write arbitra...

9.8CVSS0.00928EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-58123

Hermes WebUI before 0.51.788 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary shell commands by accessing the embedded terminal API endpoints without credentials. Attackers can create a session, attach a PTY shell, and write arbitra...

9.8CVSS6.8AI score0.00928EPSS
Exploits0References5
OSV
OSV
added 6 days ago4 views

CVE-2026-58123 Hermes WebUI < 0.51.788 Unauthenticated RCE via Terminal API

Hermes WebUI before 0.51.788 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary shell commands by accessing the embedded terminal API endpoints without credentials. Attackers can create a session, attach a PTY shell, and write arbitra...

9.3CVSS6.7AI score0.00928EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 6 days ago9 views

CVE-2026-58123 Hermes WebUI < 0.51.788 Unauthenticated RCE via Terminal API

Hermes WebUI before 0.51.788 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary shell commands by accessing the embedded terminal API endpoints without credentials. Attackers can create a session, attach a PTY shell, and write arbitra...

9.8CVSS6.7AI score0.00928EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-58123 Hermes WebUI < 0.51.788 Unauthenticated RCE via Terminal API

Hermes WebUI before 0.51.788 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary shell commands by accessing the embedded terminal API endpoints without credentials. Attackers can create a session, attach a PTY shell, and write arbitra...

9.8CVSS0.00928EPSS
Exploits0References4
CVE
CVE
added 6 days ago11 views

CVE-2026-58123

Technical details (affected version 0.51.788, exploit steps, impact) are not publicly available in the provided documents. Monitor for updates.

9.8CVSS6.8AI score0.00928EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-59221 open-webui terminal proxy path traversal guard bypass via 9x encoded traversal

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.6 before 0.10.0, sanitizeproxypath in backend/openwebui/routers/terminals.py decoded proxy paths only eight times, allowing a nine-times percent-encoded ../ traversal value to pass normalization checks...

7.7CVSS0.00362EPSS
Exploits1References4
OSV
OSV
added 6 days ago4 views

CVE-2026-59221 open-webui terminal proxy path traversal guard bypass via 9x encoded traversal

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.6 before 0.10.0, sanitizeproxypath in backend/openwebui/routers/terminals.py decoded proxy paths only eight times, allowing a nine-times percent-encoded ../ traversal value to pass normalization checks...

7.7CVSS6.1AI score0.00362EPSS
Exploits1References6
Rows per page
Query Builder