By weakness (CWE)

CWE-940: related vulnerabilities

CVEs classified under CWE-940. Understanding the weakness class helps prioritize systemic fixes over one-off patches.

2 published vulnerabilities

  • CVE-2026-44698HIGH 8.3

    Home Assistant Companion apps for iOS and Android contain a vulnerability that allows malicious websites viewed in the app to steal a user's access token and run code as if they were logged into Home Assistant. The flaw stems from improper protection of a JavaScript bridge that connects web content to native app functionality. An attacker can craft a webpage with hidden content that tricks the bridge into executing arbitrary commands with the victim's credentials, effectively compromising their Home Assistant account.

  • CVE-2026-45353HIGH 7.8

    Electerm, an open-source multi-protocol terminal and remote access client supporting SSH, SFTP, Telnet, serial ports, RDP, VNC, Spice, and FTP, contains a high-severity vulnerability affecting versions 3.0.6 through 3.8.8. The issue stems from improper file permissions and unsafe code execution patterns that allow a local attacker with standard user privileges to gain full control over system resources—reading sensitive data, modifying files, and disrupting availability. The vulnerability is resolved in version 3.9.0.