These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-45749 is a high-severity vulnerability in Termix, a web-based server management platform. The vulnerability allows an attacker to bypass two-factor authentication (2FA) by using only a user's password to disable Time-Based One-Time Password (TOTP) or regenerate backup codes. This issue affects Termix versions prior to 2.3.2.
CVE-2026-45748 is a critical OS command injection vulnerability in Termix, a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The `POST /ssh/tunnel/connect` endpoint in Termix prior to version 2.3.2 builds an SSH tunnel command by interpolating user-controlled host record fields (`endpointIP`, `endpointUsername`, `password`) directly into a shell command wi [truncated]
CVE-2026-45746 is a critical Broken Access Control vulnerability in the Termix web-based server management platform. The vulnerability exists in the File Manager functionality prior to version 2.3.2. An attacker can manipulate the sessionId parameter to access active File Manager sessions belonging to other users, allowing unauthorized interaction with another user's remote filesystem and enabling direct [truncated]
CVE-2026-45745 is a HIGH severity vulnerability in Termix Desktop (Electron) that disables TLS certificate validation. This vulnerability, which has a CVSS score of 8, was published on 2026-06-05T18:17:30.180Z and last modified on 2026-06-08T15:02:28.243Z. The vulnerability affects Termix versions starting from 1.7.0. An attacker can exploit this vulnerability to intercept and modify HTTPS traffic to the [truncated]
CVE-2026-45744 is a critical OS command injection vulnerability in Termix, a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The vulnerability exists in the GET /ssh/file_manager/ssh/resolvePath endpoint, which uses double-quote escaping for shell command construction. This does not prevent $(...) and backtick command substitution, allowing an authenticate [truncated]
CVE-2026-45743 is a high-severity vulnerability in Termix, a web-based server management platform. The issue affects 16 file-manager endpoints in Termix versions prior to 2.3.2. These endpoints do not properly verify that the requesting user owns the SSH session identified by `sessionId`. This weakness allows an authenticated attacker who knows or guesses another user's active `sessionId` to perform vario [truncated]