|
2751
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's expression evaluation engine makes it possible for a malici…
|
CWE-94
Code Injection
|
CVE-2026-41645
|
2026-05-9 00:58 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2752
|
5.5 |
MEDIUM
Local
|
-
|
-
|
Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's JavaScript protocol runtime allows JavaScript templates to …
|
CWE-284
Improper Access Control
|
CVE-2026-41646
|
2026-05-9 00:58 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2753
|
9.8 |
CRITICAL
Network
|
-
|
-
|
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.3.8, a command injection vulnerability exists in github.com/elcterm/electerm/npm/install.j…
|
CWE-77
Command Injection
|
CVE-2026-41500
|
2026-05-9 00:54 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2754
|
9.8 |
CRITICAL
Network
|
-
|
-
|
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.3.8, a command injection vulnerability exists in github.com/elcterm/electerm/npm/install.j…
|
CWE-77
Command Injection
|
CVE-2026-41501
|
2026-05-9 00:54 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2755
|
8.4 |
HIGH
Local
|
-
|
-
|
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.16, the runWidget function in src/app/widgets/load-widget.js constructs a file path by d…
|
CWE-22
CWE-829
Path Traversal
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2026-43940
|
2026-05-9 00:54 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2756
|
9.6 |
CRITICAL
Network
|
-
|
-
|
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, Electerm's terminal hyperlink handler passes any URL clicked in the terminal di…
|
CWE-88
CWE-601
Argument Injection
Open Redirect
|
CVE-2026-43941
|
2026-05-9 00:54 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2757
|
5.5 |
MEDIUM
Local
|
-
|
-
|
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, the getConstants() IPC handler in src/app/lib/ipc-sync.js serialises the entire…
|
CWE-200
CWE-312
Information Exposure
Cleartext Storage of Sensitive Information
|
CVE-2026-43942
|
2026-05-9 00:54 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2758
|
7.8 |
HIGH
Local
|
-
|
-
|
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.9, a code execution (RCE) vulnerability exists in electerm's SFTP open with system edito…
|
CWE-78
CWE-88
OS Command
Argument Injection
|
CVE-2026-43943
|
2026-05-9 00:54 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2759
|
9.8 |
CRITICAL
Network
|
-
|
-
|
PraisonAI is a multi-agent teams system. Prior to version 4.6.9, the fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parse_mcp_command(), allowing …
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-41497
|
2026-05-9 00:53 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2760
|
8.4 |
HIGH
Local
|
-
|
-
|
PraisonAI is a multi-agent teams system. From version 4.5.139 to before version 4.6.32, CVE-2026-40287's fix gated tools.py auto-import behind PRAISONAI_ALLOW_LOCAL_TOOLS=true in two files (tool_reso…
|
CWE-94
Code Injection
|
CVE-2026-44334
|
2026-05-9 00:53 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
