CVE-2026-41501 critical 9.8
9.8
21d ago
electerm has Command Injection via runLinux funtion
npm
CVE-2026-41500 critical 9.8
9.8
21d ago
electerm: electerm_install_script_CommandInjection Vulnerability Report
npm
CVE-2026-43944 critical 9.6
9.6
21d ago
Electerm users can run dangrous code through link or command line
npm
CVE-2026-43941 critical 9.6
9.6
21d ago
Electerm has an unvalidated shell.openExternal that allows arbitrary protocol execution via terminal link click
npm
CVE-2026-45353 critical —
9.5
14d ago
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From 3.0.6 to 3.8.8, This vulnerability is fixed in 3.9.0.
npm
CVE-2026-45058 critical —
9.5
14d ago
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In 3.8.8 and earlier, there is persistent local-pty code execution via imported bookmarks or compromised sync…
npm
CVE-2020-23256 critical —
9.5
3y ago
electerm allows unauthorized users to execute arbitrary commands
npm
CVE-2026-43940 high 8.4
8.4
21d ago
Electerm runWidget has a path traversal that leads to arbitrary code execution
npm
CVE-2026-43943 high 7.8
7.8
21d ago
Electerm Security Vulnerability: RCE via malicious SSH server filename in openFileWithEditor
npm
CVE-2026-45787 medium —
5.5
14d ago
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confid…
npm
CVE-2026-43942 medium 5.5
5.5
21d ago
Electerm's full process.env exposed to renderer via window.pre.env
npm