Lucene search
+L

4865 matches found

Fedora
Fedora
added 2026/07/12 1:0 a.m.10 views

[SECURITY] Fedora 43 Update: tmux-3.7b-3.fc43

tmux is a "terminal multiplexer." It enables a number of terminals or windows to be accessed and controlled from a single terminal. tmux is intended to be a simple, modern, BSD-licensed alternative to programs such as GNU Screen...

4.5CVSS6.1AI score0.00124EPSS
Exploits0
CVE
CVE
added 2026/07/10 7:53 p.m.20 views

CVE-2026-57850

RustDesk before 1.4.9 fails to enforce a session’s authorized connection scope on the server side. A peer with a limited session type (FileTransfer, PortForward, ViewCamera, or Terminal) can send control messages and login options intended for a full Remote session, enabling actions outside its g...

8.7CVSS6.1AI score0.00334EPSS
Exploits0References4
OSV
OSV
added 2026/07/10 7:53 p.m.12 views

CVE-2026-57850 RustDesk before 1.4.9 Missing Session Scope Enforcement Allows Out-of-Scope Control Message Injection

RustDesk before 1.4.9 does not enforce a session's authorized connection scope on the server side, so a peer granted a limited session type FileTransfer, PortForward, ViewCamera, or Terminal can send control messages and login options reserved for a full Remote session. An authenticated remote pe...

8.7CVSS6.1AI score0.00334EPSS
Exploits0References6
OSV
OSV
added 2026/07/10 3:41 p.m.6 views

MGASA-2026-0240 Updated vim packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Arbitrary Code Execution via Python Omni-Completion in Vim 9.1.1783 && Vim = 9.2.0320 && Vim 9.2.0679. CVE-2026-57454 Out-of-bounds Write in SOFO Soundfolding in Vim 9.2.0698. CVE-2026-57455 Arbitrary Code Execution via Python Omni-Completion...

8.4CVSS6.2AI score0.00303EPSS
Exploits0References34
CVE
CVE
added 2026/07/10 2:11 p.m.12 views

CVE-2026-38059

The CVE-2026-38059 entry concerns iDirect iQ200 devices where the /api/identity and /api/ REST endpoints are exposed without authentication. An unauthenticated attacker with network access can retrieve sensitive device data including serial number, Device ID (DID), Terminal Private Key (TPK) iden...

8.7CVSS6.1AI score0.00592EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/10 2:11 p.m.32 views

CVE-2026-38059 ST Engineering iDirect iQ-Series Terminals Missing authentication for critical function

The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication. An unauthenticated attacker with network access can retrieve sensitive device information including the serial number, Device ID DID, Terminal Private Key identifier TPK, MAC address, and exact firmwa...

8.7CVSS0.00592EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/10 2:11 p.m.12 views

EUVD-2026-42908

The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication. An unauthenticated attacker with network access can retrieve sensitive device information including the serial number, Device ID DID, Terminal Private Key identifier TPK, MAC address, and exact firmwa...

8.7CVSS6.1AI score0.00592EPSS
Exploits0References3
Fedora
Fedora
added 2026/07/10 1:6 a.m.7 views

[SECURITY] Fedora 43 Update: tmux-3.7-3.fc43

tmux is a "terminal multiplexer." It enables a number of terminals or windows to be accessed and controlled from a single terminal. tmux is intended to be a simple, modern, BSD-licensed alternative to programs such as GNU Screen...

4.5CVSS5.9AI score0.00124EPSS
Exploits0
Fedora
Fedora
added 2026/07/10 12:53 a.m.6 views

[SECURITY] Fedora 44 Update: tmux-3.7-2.fc44

tmux is a "terminal multiplexer." It enables a number of terminals or windows to be accessed and controlled from a single terminal. tmux is intended to be a simple, modern, BSD-licensed alternative to programs such as GNU Screen...

4.5CVSS5.9AI score0.00124EPSS
Exploits0
EUVD
EUVD
added 2026/07/10 12:31 a.m.10 views

EUVD-2026-42722

Hermes WebUI before 0.51.788 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary shell commands by accessing the embedded terminal API endpoints without credentials. Attackers can create a session, attach a PTY shell, and write arbitra...

9.8CVSS6.8AI score0.00928EPSS
Exploits0References5
NVD
NVD
added 2026/07/09 10:17 p.m.14 views

CVE-2026-58123

Hermes WebUI before 0.51.788 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary shell commands by accessing the embedded terminal API endpoints without credentials. Attackers can create a session, attach a PTY shell, and write arbitra...

9.8CVSS0.00928EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/09 9:14 p.m.7 views

CVE-2026-58123

Hermes WebUI before 0.51.788 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary shell commands by accessing the embedded terminal API endpoints without credentials. Attackers can create a session, attach a PTY shell, and write arbitra...

9.8CVSS6.8AI score0.00928EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/09 9:14 p.m.32 views

CVE-2026-58123 Hermes WebUI < 0.51.788 Unauthenticated RCE via Terminal API

Hermes WebUI before 0.51.788 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary shell commands by accessing the embedded terminal API endpoints without credentials. Attackers can create a session, attach a PTY shell, and write arbitra...

9.8CVSS0.00928EPSS
Exploits0References4
CVE
CVE
added 2026/07/09 9:14 p.m.16 views

CVE-2026-58123

Technical details (affected version 0.51.788, exploit steps, impact) are not publicly available in the provided documents. Monitor for updates.

9.8CVSS6.8AI score0.00928EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/07/09 9:14 p.m.11 views

CVE-2026-58123 Hermes WebUI < 0.51.788 Unauthenticated RCE via Terminal API

Hermes WebUI before 0.51.788 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary shell commands by accessing the embedded terminal API endpoints without credentials. Attackers can create a session, attach a PTY shell, and write arbitra...

9.8CVSS6.7AI score0.00928EPSS
Exploits0References4
OSV
OSV
added 2026/07/09 9:14 p.m.4 views

CVE-2026-58123 Hermes WebUI < 0.51.788 Unauthenticated RCE via Terminal API

Hermes WebUI before 0.51.788 contains an unauthenticated remote code execution vulnerability that allows remote attackers to execute arbitrary shell commands by accessing the embedded terminal API endpoints without credentials. Attackers can create a session, attach a PTY shell, and write arbitra...

9.3CVSS6.7AI score0.00928EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/09 5:13 p.m.33 views

CVE-2026-59221 open-webui terminal proxy path traversal guard bypass via 9x encoded traversal

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.6 before 0.10.0, sanitizeproxypath in backend/openwebui/routers/terminals.py decoded proxy paths only eight times, allowing a nine-times percent-encoded ../ traversal value to pass normalization checks...

7.7CVSS0.00362EPSS
Exploits1References4
OSV
OSV
added 2026/07/09 5:13 p.m.4 views

CVE-2026-59221 open-webui terminal proxy path traversal guard bypass via 9x encoded traversal

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.6 before 0.10.0, sanitizeproxypath in backend/openwebui/routers/terminals.py decoded proxy paths only eight times, allowing a nine-times percent-encoded ../ traversal value to pass normalization checks...

7.7CVSS6.1AI score0.00362EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/07/09 5:9 p.m.7 views

CVE-2026-59224

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, backend/openwebui/routers/terminals.py built the wsterminal upstream URL from an unencoded sessionid and appended userid as a query parameter, allowing query injection to make the terminal backe...

8CVSS6AI score0.00286EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/07/09 5:9 p.m.34 views

CVE-2026-59224 Open WebUI: Terminal proxy forwards a spoofable, integrity-unbound user identity to the upstream (X-User-Id header and ws_terminal session_id query injection)

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. Prior to 0.10.0, backend/openwebui/routers/terminals.py built the wsterminal upstream URL from an unencoded sessionid and appended userid as a query parameter, allowing query injection to make the terminal backe...

8CVSS0.00286EPSS
Exploits0References4
Rows per page
Query Builder