Electerm

Electerm versions 3.0.6 through 3.8.14 are vulnerable to arbitrary local code execution via crafted electerm:// URIs or command-line arguments, requiring a user to click a malicious link or open a malicious shortcut file.

A remote code execution vulnerability exists in Electerm versions 3.7.8 and earlier, where a malicious SSH server can inject arbitrary commands into a victim's system by crafting filenames with shell metacharacters that are executed when the user attempts to open or edit the file using the 'open with system editor' or 'edit with custom editor' feature.

Electerm versions 3.8.15 and earlier are vulnerable to arbitrary code execution due to improper validation of URLs, allowing attackers to execute commands by tricking users into clicking malicious links in the terminal.

Electerm versions prior to 3.7.16 are vulnerable to path traversal, leading to arbitrary code execution through unsanitized widget identifiers.