Lucene search
K
TermixTermix

9 matches found

CVE
CVE
added 2025/10/01 9:52 p.m.69 views

CVE-2025-59951

Summary: CVE-2025-59951 concerns Termix’s official Docker image (v1.5.0 and below). A misconfigured Nginx reverse proxy causes the backend to treat the proxy IP as the client IP, making isLocalhost return true and exposing the /ssh/db/host/internal endpoint without login. This endpoint stores SSH...

9.2CVSS6.2AI score0.0465EPSS
CVE
CVE
added 2026/06/05 5:53 p.m.45 views

CVE-2026-45745

Termix Desktop (Electron) versions starting with 1.7.0 have disabled TLS certificate validation, enabling network-level MITM to intercept/modify HTTPS traffic to the Termix server and potentially steal credentials and JWT/session data during login and normal use. No patched versions are publicly ...

8CVSS5.5AI score0.00168EPSS
CVE
CVE
added 2026/06/05 6:0 p.m.44 views

CVE-2026-45748

Termix includes a vulnerability in its POST /ssh/tunnel/connect endpoint prior to version 2.3.2. The handler builds an SSH tunnel command by directly interpolating user-controlled fields (endpointIP, endpointUsername, password) into a shell command without escaping, enabling persistent OS command...

9.8CVSS5.5AI score0.01729EPSS
Web
CVE
CVE
added 2026/06/05 6:6 p.m.32 views

CVE-2026-45750

Summary: CVE-2026-45750 affects Termix prior to 2.3.2. The flaw is in the GET /ssh/file_manager/ssh/resolvePath endpoint of the Termix File Manager, where the path parameter is embedded into a shell command executed in the active SSH session. User-controlled input is placed inside double quotes w...

9CVSS5.5AI score0.00294EPSS
Web
CVE
CVE
added 2026/06/05 5:59 p.m.30 views

CVE-2026-45746

Termix prior to v2.3.2 exposes a critical Broken Access Control in the File Manager due to improper validation of the sessionId, allowing a client-controlled session identifier to access other users’ File Manager sessions tied to SSH connections. This can lead to unauthorized interaction with rem...

9CVSS5.8AI score0.00387EPSS
CVE
CVE
added 2026/06/05 5:58 p.m.26 views

CVE-2026-45744

Termix web-based server management platform is affected by an OS command injection in the GET /ssh/file_manager/ssh/resolvePath endpoint prior to version 2.3.2. The endpoint uses double-quote escaping for shell command construction, which does not prevent $(...) and backtick command substitution....

9.9CVSS6AI score0.02008EPSS
Web
CVE
CVE
added 2026/06/05 6:5 p.m.26 views

CVE-2026-45749

Termix (web-based server management platform) prior to v2.3.2 exposes MFA risk via POST /users/totp/disable and POST /users/totp/backup-codes, which accept only the account password as authentication for MFA-critical actions. An attacker with a compromised password can disable TOTP or regenerate ...

8.1CVSS5.5AI score0.00324EPSS
Web
CVE
CVE
added 2026/06/05 5:56 p.m.24 views

CVE-2026-45743

Termix before 2.3.2 has an IDOR flaw in 16 file-manager endpoints where the server fails to verify that the requester owns the SSH session identified by sessionId. An authenticated user who can guess another user’s active sessionId can read, write, delete, download, and execute files on the victi...

8.1CVSS5.6AI score0.00282EPSS
CVE
CVE
added 2026/01/12 10:14 p.m.18 views

CVE-2026-22804

CVE-2026-22804 affects Termix versions 1.7.0–1.9.0, where the File Viewer component in the File Manager (src/ui/desktop/apps/file-manager/components/FileViewer.tsx) fails to sanitize SVG content, allowing a stored XSS that can execute arbitrary JavaScript in the app context. If exploited, this ca...

8CVSS5.2AI score0.00172EPSS
Web