Electerm Project

Electerm

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2026-45353

  • EPSS 0.11%
  • Veröffentlicht 28.05.2026 17:19:17
  • Zuletzt bearbeitet 03.06.2026 17:54:28

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From 3.0.6 to 3.8.8, This vulnerability is fixed in 3.9.0.

9.1

CVE-2026-45787

  • EPSS 0.11%
  • Veröffentlicht 28.05.2026 17:17:56
  • Zuletzt bearbeitet 03.06.2026 17:56:34

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confidentiality and integrity failures for synced bookmar...

9.6

CVE-2026-43944

  • EPSS 0.36%
  • Veröffentlicht 08.05.2026 03:08:09
  • Zuletzt bearbeitet 13.05.2026 14:17:56

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From versions 3.0.6 to before 3.8.15, electerm is vulnerable to arbitrary local code execution via deep links, CLI --opts, or crafted shortcuts. Exploit require...

5.5

CVE-2026-43942

  • EPSS 0.1%
  • Veröffentlicht 08.05.2026 03:03:54
  • Zuletzt bearbeitet 08.05.2026 19:17:15

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, the getConstants() IPC handler in src/app/lib/ipc-sync.js serialises the entire process.env object and sends it to the renderer. T...

9.6

CVE-2026-43941

  • EPSS 0.39%
  • Veröffentlicht 08.05.2026 03:01:12
  • Zuletzt bearbeitet 08.05.2026 19:17:30

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, Electerm's terminal hyperlink handler passes any URL clicked in the terminal directly to shell.openExternal without any protocol v...

8.4

CVE-2026-43940

  • EPSS 0.17%
  • Veröffentlicht 08.05.2026 02:58:05
  • Zuletzt bearbeitet 08.05.2026 19:17:53

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.16, the runWidget function in src/app/widgets/load-widget.js constructs a file path by directly concatenating user‑supplied widget identifi...

7.8

CVE-2026-43943

  • EPSS 0.17%
  • Veröffentlicht 08.05.2026 02:55:51
  • Zuletzt bearbeitet 08.05.2026 19:16:45

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.9, a code execution (RCE) vulnerability exists in electerm's SFTP open with system editor or "Edit with custom editor" feature. When a user...

9.8

CVE-2026-41500

  • EPSS 1.57%
  • Veröffentlicht 08.05.2026 02:53:44
  • Zuletzt bearbeitet 08.05.2026 19:18:38

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.3.8, a command injection vulnerability exists in github.com/elcterm/electerm/npm/install.js:150. The runMac() function appends attacker-contr...

9.8

CVE-2026-41501

  • EPSS 1.3%
  • Veröffentlicht 08.05.2026 02:51:10
  • Zuletzt bearbeitet 08.05.2026 19:18:19

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.3.8, a command injection vulnerability exists in github.com/elcterm/electerm/npm/install.js:130. The runLinux() function appends attacker-con...

9.8

CVE-2020-23256

Exploit
  • EPSS 0.86%
  • Veröffentlicht 20.01.2023 19:15:13
  • Zuletzt bearbeitet 03.04.2025 18:15:40

An issue was discovered in Electerm 1.3.22, allows attackers to execute arbitrary code via unverified request to electerms service.