|
831
|
9.8 |
CRITICAL
Network
|
-
|
-
|
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.3.8, a command injection vulnerability exists in github.com/elcterm/electerm/npm/install.j…
|
CWE-77
Command Injection
|
CVE-2026-41500
|
2026-05-9 00:54 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
832
|
9.8 |
CRITICAL
Network
|
-
|
-
|
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.3.8, a command injection vulnerability exists in github.com/elcterm/electerm/npm/install.j…
|
CWE-77
Command Injection
|
CVE-2026-41501
|
2026-05-9 00:54 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
833
|
- |
|
-
|
-
|
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From versions 3.0.6 to before 3.8.15, electerm is vulnerable to arbitrary local code execution via deep links…
|
CWE-20
CWE-94
CWE-829
Improper Input Validation
Code Injection
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-43944
|
2026-05-9 00:54 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
834
|
8.4 |
HIGH
Local
|
-
|
-
|
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.16, the runWidget function in src/app/widgets/load-widget.js constructs a file path by d…
|
CWE-22
CWE-829
Path Traversal
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-43940
|
2026-05-9 00:54 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
835
|
9.6 |
CRITICAL
Network
|
-
|
-
|
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, Electerm's terminal hyperlink handler passes any URL clicked in the terminal di…
|
CWE-88
CWE-601
Argument Injection
Open Redirect
|
CVE-2026-43941
|
2026-05-9 00:54 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
836
|
5.5 |
MEDIUM
Local
|
-
|
-
|
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, the getConstants() IPC handler in src/app/lib/ipc-sync.js serialises the entire…
|
CWE-200
CWE-312
Information Exposure
Cleartext Storage of Sensitive Information
|
CVE-2026-43942
|
2026-05-9 00:54 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
837
|
7.8 |
HIGH
Local
|
-
|
-
|
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.9, a code execution (RCE) vulnerability exists in electerm's SFTP open with system edito…
|
CWE-78
CWE-88
OS Command
Argument Injection
|
CVE-2026-43943
|
2026-05-9 00:54 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
838
|
9.8 |
CRITICAL
Network
|
-
|
-
|
PraisonAI is a multi-agent teams system. Prior to version 4.6.9, the fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parse_mcp_command(), allowing …
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-41497
|
2026-05-9 00:53 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
839
|
- |
|
-
|
-
|
PraisonAI is a multi-agent teams system. Prior to version 1.6.32, the URL checking logic in PraisonAI has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. This issue has b…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-44335
|
2026-05-9 00:53 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
840
|
6.3 |
MEDIUM
Network
|
-
|
-
|
PraisonAI is a multi-agent teams system. From version 2.4.1 to before version 4.6.34, PraisonAI exposes optional SQL/CQL-backed knowledge-store implementations that build table and index identifiers …
|
CWE-20
CWE-89
Improper Input Validation
SQL Injection
|
CVE-2026-44337
|
2026-05-9 00:53 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
