| CVE-2026-41501 |
critical |
9.8 |
9.8 |
|
|
|
21d ago |
electerm has Command Injection via runLinux funtion |
| CVE-2026-41500 |
critical |
9.8 |
9.8 |
|
|
|
21d ago |
electerm: electerm_install_script_CommandInjection Vulnerability Report |
| CVE-2026-43944 |
critical |
9.6 |
9.6 |
|
|
|
21d ago |
Electerm users can run dangrous code through link or command line |
| CVE-2026-43941 |
critical |
9.6 |
9.6 |
|
|
|
21d ago |
Electerm has an unvalidated shell.openExternal that allows arbitrary protocol execution via terminal link click |
| CVE-2026-45353 |
critical |
— |
9.5 |
|
|
|
14d ago |
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From 3.0.6 to 3.8.8, This vulnerability is fixed in 3.9.0. |
| CVE-2026-45058 |
critical |
— |
9.5 |
|
|
|
14d ago |
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In 3.8.8 and earlier, there is persistent local-pty code execution via imported bookmarks or compromised sync… |
| CVE-2020-23256 |
critical |
— |
9.5 |
|
|
|
3y ago |
electerm allows unauthorized users to execute arbitrary commands |
| CVE-2026-43940 |
high |
8.4 |
8.4 |
|
|
|
21d ago |
Electerm runWidget has a path traversal that leads to arbitrary code execution |
| CVE-2026-43943 |
high |
7.8 |
7.8 |
|
|
|
21d ago |
Electerm Security Vulnerability: RCE via malicious SSH server filename in openFileWithEditor |
| CVE-2026-45787 |
medium |
— |
5.5 |
|
|
|
14d ago |
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confid… |
| CVE-2026-43942 |
medium |
5.5 |
5.5 |
|
|
|
21d ago |
Electerm's full process.env exposed to renderer via window.pre.env |