{"vulnerability": "cve-2026-4574", "sightings": [{"uuid": "7dbda9c0-184b-4c8a-9be2-988f643e5013", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4574", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mhpzdb3iq22k", "content": "", "creation_timestamp": "2026-03-23T12:03:26.828676Z"}, {"uuid": "e75f55f8-c075-469d-8954-0e558786e2ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45747", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mmc3qtiaud2c", "content": "\ud83d\udd17 CVE : CVE-2026-45747, CVE-2026-45751, CVE-2026-45752, CVE-2026-45759, CVE-2026-45761, CVE-2026-45762, CVE-2026-45763, CVE-2026-45764, CVE-2026-45765, CVE-2026-45766, CVE-2026-45767, CVE-2026-45768, CVE-2026-45769, CVE-2026-45770, CVE-2026-46352, CVE-2026-46387", "creation_timestamp": "2026-05-20T14:15:30.867831Z"}, {"uuid": "33f73110-1ba8-4449-bfcb-9a7970af9243", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45740", "type": "seen", "source": "https://gist.github.com/alon710/4e72f2de4fd57f71c04d127b90b84200", "content": "# CVE-2026-45740: CVE-2026-45740: Uncontrolled Recursion in protobufjs Leading to Denial of Service\n\n> **CVSS Score:** 5.3\n> **Published:** 2026-05-19\n> **Full Report:** https://cvereports.com/reports/CVE-2026-45740\n\n## Summary\nAn uncontrolled recursion vulnerability exists in the protobufjs library prior to versions 7.5.8 and 8.2.0. The lack of depth limits in the JSON descriptor parsing logic allows attackers to cause a stack overflow and crash the Node.js process via deeply nested payloads.\n\n## TL;DR\nprotobufjs fails to enforce recursion limits during JSON parsing, allowing remote attackers to crash the Node.js process via deeply nested schema payloads.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-674\n- **Attack Vector**: Network-based\n- **CVSS Base Score**: 5.3 (NVD) / 7.5 (Scanners)\n- **EPSS Score**: 0.00058\n- **Impact**: Denial of Service (Process Crash)\n- **Exploit Status**: Proof-of-Concept\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- Node.js applications utilizing protobufjs < 7.5.8\n- Node.js applications utilizing protobufjs 8.0.0 - 8.1.9\n- **protobufjs**: < 7.5.8 (Fixed in: `7.5.8`)\n- **protobufjs**: >= 8.0.0, < 8.2.0 (Fixed in: `8.2.0`)\n\n## Mitigation\n\n- Upgrade protobufjs to patched versions (7.5.8 or 8.2.0+)\n- Implement application-level pre-validation to restrict JSON nesting depth\n- Reject externally provided schemas if dynamic compilation is not strictly required\n\n**Remediation Steps:**\n1. Identify projects utilizing protobufjs via dependency analysis (e.g., npm audit, package-lock.json review)\n2. Update the package.json to require protobufjs ^7.5.8 or ^8.2.0\n3. Execute package manager update commands to pull the latest versions\n4. Verify the application test suite executes correctly against the patched version\n5. Deploy the updated application build to production environments\n\n## References\n\n- [GitHub Security Advisory: GHSA-jggg-4jg4-v7c6](https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-jggg-4jg4-v7c6)\n- [Protobuf.js Changelog](https://github.com/protobufjs/protobuf.js/blob/master/CHANGELOG.md)\n- [NVD CVE-2026-45740](https://nvd.nist.gov/vuln/detail/CVE-2026-45740)\n- [Fix Commit 9050289](https://github.com/protobufjs/protobuf.js/commit/9050289ad214ea351d3b030cbc74385e81e02d79)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/CVE-2026-45740) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-05-19T16:40:49.000000Z"}, {"uuid": "04f33384-2c67-4899-a587-274837db5f22", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45743", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnkui7pzna2l", "content": "CVE-2026-45743 - Termix has a File-Manager Session Hijack via Missing Ownership Check (IDOR)\nCVE ID : CVE-2026-45743\n \n Published : June 5, 2026, 6:17 p.m. | 57\u00a0minutes ago\n \n Description : Termix is a web-based server management platform with SSH terminal, tunneling, and file...", "creation_timestamp": "2026-06-05T19:24:35.014335Z"}, {"uuid": "f1b9c558-953b-44a0-8e82-ea1fa4c29aca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45748", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnkvyhgz6d2h", "content": "CVE-2026-45748 - Termix Vulnerable to Remote Code Execution via SSH Tunnel Forward Command Injection\nCVE ID : CVE-2026-45748\n \n Published : June 5, 2026, 6:17 p.m. | 57\u00a0minutes ago\n \n Description : Termix is a web-based server management platform with SSH terminal, tunneling, ...", "creation_timestamp": "2026-06-05T19:51:33.672847Z"}, {"uuid": "3f384569-a7e1-4f82-97ec-16363575d268", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45746", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnkwkeenye27", "content": "CVE-2026-45746 - Termix Vulnerable to Arbitrary Command Execution via Session Hijacking\nCVE ID : CVE-2026-45746\n \n Published : June 5, 2026, 6:17 p.m. | 57\u00a0minutes ago\n \n Description : Termix is a web-based server management platform with SSH terminal, tunneling, and file edit...", "creation_timestamp": "2026-06-05T20:01:34.323193Z"}, {"uuid": "19bdb63c-f248-46e0-a560-c0dc6a1f83e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-45742", "type": "published-proof-of-concept", "source": "https://github.com/gotenberg/gotenberg/security/advisories/GHSA-vp73-vjw8-8f32", "content": "", "creation_timestamp": "2026-05-29T16:12:10.000000Z"}, {"uuid": "06c85e8d-865c-4050-a68d-fb2ad1c5fcd5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45745", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnkuqtqm6p2p", "content": "CVE-2026-45745 - Termix has improper certificate validation in Electron desktop client that enables MITM credential/token theft\nCVE ID : CVE-2026-45745\n \n Published : June 5, 2026, 6:17 p.m. | 57\u00a0minutes ago\n \n Description : Termix is a web-based server management platform wit...", "creation_timestamp": "2026-06-05T19:29:24.493193Z"}, {"uuid": "7fcc7822-454c-47fb-af91-2882de845e19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45749", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnkuvqnebc27", "content": "CVE-2026-45749 - Termix's TOTP two-factor authentication can be disabled or bypassed using only the account password\nCVE ID : CVE-2026-45749\n \n Published : June 5, 2026, 6:17 p.m. | 57\u00a0minutes ago\n \n Description : Termix is a web-based server management platform with SSH termi...", "creation_timestamp": "2026-06-05T19:32:09.021900Z"}, {"uuid": "54b14cd1-f807-4d06-979a-7def2df938a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45744", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mns2twfbe422", "content": "\ud83d\udccc CVE-2026-45744 - Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/fil... https://www.cyberhub.blog/cves/CVE-2026-45744", "creation_timestamp": "2026-06-08T16:07:08.381290Z"}, {"uuid": "29b2e89a-ab54-4a72-87bc-239eb003152a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45744", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mnkuarxzqd2g", "content": "CVE-2026-45744 - Termix has an OS Command Injection in File Manager resolvePath endpoint\nCVE ID : CVE-2026-45744\n \n Published : June 5, 2026, 6:17 p.m. | 57\u00a0minutes ago\n \n Description : Termix is a web-based server management platform with SSH terminal, tunneling, and file edi...", "creation_timestamp": "2026-06-05T19:20:25.813443Z"}, {"uuid": "ab0f7839-5516-46b3-8c45-1608bfe11c2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45746", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mnrn2ihwtx2k", "content": "CVE-2026-45746 - Critical RCE in Termix. Broken access control via sessionId manipulation. CVSS 9.0. No patch available. Restrict access immediately. #CVE #infosec #cybersecurity\n\nhttps://www.valtersit.com/cve/CVE-2026-45746/", "creation_timestamp": "2026-06-08T12:00:19.458497Z"}, {"uuid": "04ffdc8c-06fc-4c3c-bca3-08897ab4544d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45748", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mnkzv7od4t25", "content": "\ud83d\udd34 CVE-2026-45748 - Critical (9.8)\n\nTermix is a web-based server management platform with SSH terminal, tunneling, and file editing c...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-45748/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-05T21:01:21.257192Z"}, {"uuid": "cc012ac8-16c6-49c3-929f-28764f9c9814", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45749", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mnl57gryph26", "content": "\ud83d\udfe0 CVE-2026-45749 - High (8.1)\n\nTermix is a web-based server management platform with SSH terminal, tunneling, and file editing c...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-45749/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-05T22:00:45.257081Z"}, {"uuid": "78ad1924-557d-4716-9279-7a677d03a44d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45745", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mnl57o6vuw2r", "content": "\ud83d\udfe0 CVE-2026-45745 - High (8)\n\nTermix is a web-based server management platform with SSH terminal, tunneling, and file editing c...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-45745/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-05T22:00:52.774695Z"}, {"uuid": "3aeab3bc-f8bf-4230-978a-59b45b49b54f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45746", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mnl57vous72p", "content": "\ud83d\udd34 CVE-2026-45746 - Critical (9)\n\nTermix is a web-based server management platform with SSH terminal, tunneling, and file editing c...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-45746/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-05T22:01:01.021817Z"}, {"uuid": "1760da5e-0b08-4705-9c98-e0b5f94d3c1e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45744", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mnlakzkxz22k", "content": "\ud83d\udd34 CVE-2026-45744 - Critical (9.9)\n\nTermix is a web-based server management platform with SSH terminal, tunneling, and file editing c...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-45744/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-05T23:00:55.813187Z"}, {"uuid": "7cc99c1e-832b-43b4-a0f6-137412cdb8fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45743", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mnlalbga3t2r", "content": "\ud83d\udfe0 CVE-2026-45743 - High (8.1)\n\nTermix is a web-based server management platform with SSH terminal, tunneling, and file editing c...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-45743/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-05T23:01:03.158952Z"}, {"uuid": "a72edd29-64dc-43d8-8993-96027e37efde", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45748", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mns4jicuab2p", "content": "\ud83d\udccc CVE-2026-45748 - Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The `POST /ssh/tunnel/connect` endpoint ... https://www.cyberhub.blog/cves/CVE-2026-45748", "creation_timestamp": "2026-06-08T16:37:06.195811Z"}, {"uuid": "2b863fa9-1006-4488-a691-58833566c56f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45745", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mnt7q2wnct2i", "content": "\ud83d\udccc CVE-2026-45745 - Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Starting in version 1.7.0, Termix Deskto... https://www.cyberhub.blog/cves/CVE-2026-45745", "creation_timestamp": "2026-06-09T03:07:08.279422Z"}, {"uuid": "a93704d7-441d-4a33-b4df-6c56f4d2bd17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45746", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mnsda4ozn322", "content": "\ud83d\udccc CVE-2026-45746 - Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the File Manager... https://www.cyberhub.blog/cves/CVE-2026-45746", "creation_timestamp": "2026-06-08T18:37:07.861166Z"}, {"uuid": "d3632974-14bf-4d56-a26b-623979883d61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-45749", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mnsqna34532z", "content": "\ud83d\udccc CVE-2026-45749 - Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The `POST /users/totp/disable` and `POST... https://www.cyberhub.blog/cves/CVE-2026-45749", "creation_timestamp": "2026-06-08T22:37:06.196702Z"}]}