CVE-2026-27802 - Vaultwarden: Privilege Escalation via Bulk Permission Update to Unauthorized Collections by Manager
CVE ID : CVE-2026-27802
Published : March 4, 2026, 10:16 p.m. | 3 hours, 43 minutes ago
Description : Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to version 1.35.4, there is a privilege escalation vulnerability via bulk permission update to unauthorized collections by Manager. This issue has been patched in version 1.35.4.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-27802
Published : March 4, 2026, 10:16 p.m. | 3 hours, 43 minutes ago
Description : Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to version 1.35.4, there is a privilege escalation vulnerability via bulk permission update to unauthorized collections by Manager. This issue has been patched in version 1.35.4.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-27803 - Vaultwarden: Collection Management Operations Allowed Without `manage` Verification for Manager Role
CVE ID : CVE-2026-27803
Published : March 4, 2026, 10:16 p.m. | 3 hours, 43 minutes ago
Description : Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to version 1.35.4, when a Manager has manage=false for a given collection, they can still perform several management operations as long as they have access to the collection. This issue has been patched in version 1.35.4.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-27803
Published : March 4, 2026, 10:16 p.m. | 3 hours, 43 minutes ago
Description : Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to version 1.35.4, when a Manager has manage=false for a given collection, they can still perform several management operations as long as they have access to the collection. This issue has been patched in version 1.35.4.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-27898 - Vaultwarden: Unauthorized Access via Partial Update API on Another User’s Cipher
CVE ID : CVE-2026-27898
Published : March 4, 2026, 10:16 p.m. | 3 hours, 43 minutes ago
Description : Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to version 1.35.4, an authenticated regular user can specify another user’s cipher_id and call "PUT /api/ciphers/{id}/partial" Even though the standard retrieval API correctly denies access to that cipher, the partial update endpoint returns 200 OK and exposes cipherDetails (including name, notes, data, secureNote, etc.). This issue has been patched in version 1.35.4.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-27898
Published : March 4, 2026, 10:16 p.m. | 3 hours, 43 minutes ago
Description : Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to version 1.35.4, an authenticated regular user can specify another user’s cipher_id and call "PUT /api/ciphers/{id}/partial" Even though the standard retrieval API correctly denies access to that cipher, the partial update endpoint returns 200 OK and exposes cipherDetails (including name, notes, data, secureNote, etc.). This issue has been patched in version 1.35.4.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-29000 - pac4j-jwt JwtAuthenticator Authentication Bypass
CVE ID : CVE-2026-29000
Published : March 4, 2026, 10:16 p.m. | 3 hours, 43 minutes ago
Description : pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's RSA public key can create a JWE-wrapped PlainJWT with arbitrary subject and role claims, bypassing signature verification to authenticate as any user including administrators.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-29000
Published : March 4, 2026, 10:16 p.m. | 3 hours, 43 minutes ago
Description : pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator when processing encrypted JWTs that allows remote attackers to forge authentication tokens. Attackers who possess the server's RSA public key can create a JWE-wrapped PlainJWT with arbitrary subject and role claims, bypassing signature verification to authenticate as any user including administrators.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41257 - Suprema BioStar 2 Insecure Password Change
CVE ID : CVE-2025-41257
Published : March 4, 2026, 11:16 p.m. | 2 hours, 44 minutes ago
Description : Suprema’s BioStar 2 in version 2.9.11.6 allows users to set new password without providing the current one. Exploiting this flaw combined with other vulnerabilities can lead to unauthorized account access and potential system compromise.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41257
Published : March 4, 2026, 11:16 p.m. | 2 hours, 44 minutes ago
Description : Suprema’s BioStar 2 in version 2.9.11.6 allows users to set new password without providing the current one. Exploiting this flaw combined with other vulnerabilities can lead to unauthorized account access and potential system compromise.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-26002 - OnDemand susceptible to malicious input when navigating to a directory.
CVE ID : CVE-2026-26002
Published : March 4, 2026, 11:16 p.m. | 2 hours, 44 minutes ago
Description : Open OnDemand is an open-source high-performance computing portal. The Files application in OnDemand versions prior to 4.0.9 and 4.1.3 is susceptible to malicious input when navigating to a directory. This has been patched in versions 4.0.9 and 4.1.3. Versions below this remain susceptible.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-26002
Published : March 4, 2026, 11:16 p.m. | 2 hours, 44 minutes ago
Description : Open OnDemand is an open-source high-performance computing portal. The Files application in OnDemand versions prior to 4.0.9 and 4.1.3 is susceptible to malicious input when navigating to a directory. This has been patched in versions 4.0.9 and 4.1.3. Versions below this remain susceptible.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-29045 - Hono: Arbitrary file access via serveStatic vulnerability
CVE ID : CVE-2026-29045
Published : March 4, 2026, 11:16 p.m. | 2 hours, 44 minutes ago
Description : Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using serveStatic together with route-based middleware protections (e.g. app.use('/admin/*', ...)), inconsistent URL decoding allowed protected static resources to be accessed without authorization. The router used decodeURI, while serveStatic used decodeURIComponent. This mismatch allowed paths containing encoded slashes (%2F) to bypass middleware protections while still resolving to the intended filesystem path. This issue has been patched in version 4.12.4.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-29045
Published : March 4, 2026, 11:16 p.m. | 2 hours, 44 minutes ago
Description : Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using serveStatic together with route-based middleware protections (e.g. app.use('/admin/*', ...)), inconsistent URL decoding allowed protected static resources to be accessed without authorization. The router used decodeURI, while serveStatic used decodeURIComponent. This mismatch allowed paths containing encoded slashes (%2F) to bypass middleware protections while still resolving to the intended filesystem path. This issue has been patched in version 4.12.4.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-29085 - Hono: SSE Control Field Injection via CR/LF in writeSSE()
CVE ID : CVE-2026-29085
Published : March 4, 2026, 11:16 p.m. | 2 hours, 44 minutes ago
Description : Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using streamSSE() in Streaming Helper, the event, id, and retry fields were not validated for carriage return (\r) or newline (\n) characters. Because the SSE protocol uses line breaks as field delimiters, this could allow injection of additional SSE fields within the same event frame if untrusted input was passed into these fields. This issue has been patched in version 4.12.4.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-29085
Published : March 4, 2026, 11:16 p.m. | 2 hours, 44 minutes ago
Description : Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using streamSSE() in Streaming Helper, the event, id, and retry fields were not validated for carriage return (\r) or newline (\n) characters. Because the SSE protocol uses line breaks as field delimiters, this could allow injection of additional SSE fields within the same event frame if untrusted input was passed into these fields. This issue has been patched in version 4.12.4.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-29086 - Hono: Cookie Attribute Injection via Unsanitized domain and path in setCookie()
CVE ID : CVE-2026-29086
Published : March 4, 2026, 11:16 p.m. | 2 hours, 44 minutes ago
Description : Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, the setCookie() utility did not validate semicolons (;), carriage returns (\r), or newline characters (\n) in the domain and path options when constructing the Set-Cookie header. Because cookie attributes are delimited by semicolons, this could allow injection of additional cookie attributes if untrusted input was passed into these fields. This issue has been patched in version 4.12.4.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-29086
Published : March 4, 2026, 11:16 p.m. | 2 hours, 44 minutes ago
Description : Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, the setCookie() utility did not validate semicolons (;), carriage returns (\r), or newline characters (\n) in the domain and path options when constructing the Set-Cookie header. Because cookie attributes are delimited by semicolons, this could allow injection of additional cookie attributes if untrusted input was passed into these fields. This issue has been patched in version 4.12.4.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2297 - SourcelessFileLoader does not use io.open_code()
CVE ID : CVE-2026-2297
Published : March 4, 2026, 11:16 p.m. | 2 hours, 44 minutes ago
Description : The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.audit handlers for this audit event therefore do not fire.
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2297
Published : March 4, 2026, 11:16 p.m. | 2 hours, 44 minutes ago
Description : The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not use io.open_code() to read the .pyc files. sys.audit handlers for this audit event therefore do not fire.
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-22052 - NetApp ONTAP S3 NAS Bucket Information Disclosure Vulnerability
CVE ID : CVE-2026-22052
Published : March 5, 2026, 12:15 a.m. | 1 hour, 44 minutes ago
Description : ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure vulnerability. Successful exploit could allow an authenticated attacker to view a listing of the contents in a directory for which they lack permission.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-22052
Published : March 5, 2026, 12:15 a.m. | 1 hour, 44 minutes ago
Description : ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure vulnerability. Successful exploit could allow an authenticated attacker to view a listing of the contents in a directory for which they lack permission.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2833 - HTTP Request Smuggling via Premature Upgrade
CVE ID : CVE-2026-2833
Published : March 5, 2026, 12:15 a.m. | 1 hour, 44 minutes ago
Description : An HTTP request smuggling vulnerability (CWE-444) was found in Pingora's handling of HTTP/1.1 connection upgrades. The issue occurs when a Pingora proxy reads a request containing an Upgrade header, causing the proxy to pass through the rest of the bytes on the connection to a backend before the backend has accepted the upgrade. An attacker can thus directly forward a malicious payload after a request with an Upgrade header to that backend in a way that may be interpreted as a subsequent request header, bypassing proxy-level security controls and enabling cross-user session hijacking. Impact This vulnerability primarily affects standalone Pingora deployments where a Pingora proxy is exposed to external traffic. An attacker could exploit this to: * Bypass proxy-level ACL controls and WAF logic * Poison caches and upstream connections, causing subsequent requests from legitimate users to receive responses intended for smuggled requests * Perform cross-user attacks by hijacking sessions or smuggling requests that appear to originate from the trusted proxy IP Cloudflare's CDN infrastructure was not affected by this vulnerability, as ingress proxies in the CDN stack maintain proper HTTP parsing boundaries and do not prematurely switch to upgraded connection forwarding mode. Mitigation: Pingora users should upgrade to Pingora v0.8.0 or higher As a workaround, users may return an error on requests with the Upgrade header present in their request filter logic in order to stop processing bytes beyond the request header and disable downstream connection reuse.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2833
Published : March 5, 2026, 12:15 a.m. | 1 hour, 44 minutes ago
Description : An HTTP request smuggling vulnerability (CWE-444) was found in Pingora's handling of HTTP/1.1 connection upgrades. The issue occurs when a Pingora proxy reads a request containing an Upgrade header, causing the proxy to pass through the rest of the bytes on the connection to a backend before the backend has accepted the upgrade. An attacker can thus directly forward a malicious payload after a request with an Upgrade header to that backend in a way that may be interpreted as a subsequent request header, bypassing proxy-level security controls and enabling cross-user session hijacking. Impact This vulnerability primarily affects standalone Pingora deployments where a Pingora proxy is exposed to external traffic. An attacker could exploit this to: * Bypass proxy-level ACL controls and WAF logic * Poison caches and upstream connections, causing subsequent requests from legitimate users to receive responses intended for smuggled requests * Perform cross-user attacks by hijacking sessions or smuggling requests that appear to originate from the trusted proxy IP Cloudflare's CDN infrastructure was not affected by this vulnerability, as ingress proxies in the CDN stack maintain proper HTTP parsing boundaries and do not prematurely switch to upgraded connection forwarding mode. Mitigation: Pingora users should upgrade to Pingora v0.8.0 or higher As a workaround, users may return an error on requests with the Upgrade header present in their request filter logic in order to stop processing bytes beyond the request header and disable downstream connection reuse.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2835 - HTTP Request Smuggling via HTTP/1.0 and Transfer-Encoding Misparsing
CVE ID : CVE-2026-2835
Published : March 5, 2026, 12:15 a.m. | 1 hour, 44 minutes ago
Description : An HTTP Request Smuggling vulnerability (CWE-444) has been found in Pingora's parsing of HTTP/1.0 and Transfer-Encoding requests. The issue occurs due to improperly allowing HTTP/1.0 request bodies to be close-delimited and incorrect handling of multiple Transfer-Encoding values, allowing attackers to send HTTP/1.0 requests in a way that would desync Pingora’s request framing from backend servers’. Impact This vulnerability primarily affects standalone Pingora deployments in front of certain backends that accept HTTP/1.0 requests. An attacker could craft a malicious payload following this request that Pingora forwards to the backend in order to: * Bypass proxy-level ACL controls and WAF logic * Poison caches and upstream connections, causing subsequent requests from legitimate users to receive responses intended for smuggled requests * Perform cross-user attacks by hijacking sessions or smuggling requests that appear to originate from the trusted proxy IP Cloudflare's CDN infrastructure was not affected by this vulnerability, as its ingress proxy layers forwarded HTTP/1.1 requests only, rejected ambiguous framing such as invalid Content-Length values, and forwarded a single Transfer-Encoding: chunked header for chunked requests. Mitigation: Pingora users should upgrade to Pingora v0.8.0 or higher that fixes this issue by correctly parsing message length headers per RFC 9112 and strictly adhering to more RFC guidelines, including that HTTP request bodies are never close-delimited. As a workaround, users can reject certain requests with an error in the request filter logic in order to stop processing bytes on the connection and disable downstream connection reuse. The user should reject any non-HTTP/1.1 request, or a request that has invalid Content-Length, multiple Transfer-Encoding headers, or Transfer-Encoding header that is not an exact “chunked” string match.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2835
Published : March 5, 2026, 12:15 a.m. | 1 hour, 44 minutes ago
Description : An HTTP Request Smuggling vulnerability (CWE-444) has been found in Pingora's parsing of HTTP/1.0 and Transfer-Encoding requests. The issue occurs due to improperly allowing HTTP/1.0 request bodies to be close-delimited and incorrect handling of multiple Transfer-Encoding values, allowing attackers to send HTTP/1.0 requests in a way that would desync Pingora’s request framing from backend servers’. Impact This vulnerability primarily affects standalone Pingora deployments in front of certain backends that accept HTTP/1.0 requests. An attacker could craft a malicious payload following this request that Pingora forwards to the backend in order to: * Bypass proxy-level ACL controls and WAF logic * Poison caches and upstream connections, causing subsequent requests from legitimate users to receive responses intended for smuggled requests * Perform cross-user attacks by hijacking sessions or smuggling requests that appear to originate from the trusted proxy IP Cloudflare's CDN infrastructure was not affected by this vulnerability, as its ingress proxy layers forwarded HTTP/1.1 requests only, rejected ambiguous framing such as invalid Content-Length values, and forwarded a single Transfer-Encoding: chunked header for chunked requests. Mitigation: Pingora users should upgrade to Pingora v0.8.0 or higher that fixes this issue by correctly parsing message length headers per RFC 9112 and strictly adhering to more RFC guidelines, including that HTTP request bodies are never close-delimited. As a workaround, users can reject certain requests with an error in the request filter logic in order to stop processing bytes on the connection and disable downstream connection reuse. The user should reject any non-HTTP/1.1 request, or a request that has invalid Content-Length, multiple Transfer-Encoding headers, or Transfer-Encoding header that is not an exact “chunked” string match.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2836 - Cache poisoning via insecure-by-default cache key
CVE ID : CVE-2026-2836
Published : March 5, 2026, 12:15 a.m. | 1 hour, 44 minutes ago
Description : A cache poisoning vulnerability has been found in the Pingora HTTP proxy framework’s default cache key construction. The issue occurs because the default HTTP cache key implementation generates cache keys using only the URI path, excluding critical factors such as the host header (authority). Operators relying on the default are vulnerable to cache poisoning, and cross-origin responses may be improperly served to users. Impact This vulnerability affects users of Pingora's alpha proxy caching feature who relied on the default CacheKey implementation. An attacker could exploit this for: * Cross-tenant data leakage: In multi-tenant deployments, poison the cache so that users from one tenant receive cached responses from another tenant * Cache poisoning attacks: Serve malicious content to legitimate users by poisoning shared cache entries Cloudflare's CDN infrastructure was not affected by this vulnerability, as Cloudflare's default cache key implementation uses multiple factors to prevent cache key poisoning and never made use of the previously provided default. Mitigation: We strongly recommend Pingora users to upgrade to Pingora v0.8.0 or higher, which removes the insecure default cache key implementation. Users must now explicitly implement their own callback that includes appropriate factors such as Host header, origin server HTTP scheme, and other attributes their cache should vary on. Pingora users on previous versions may also remove any of their default CacheKey usage and implement their own that should at minimum include the host header / authority and upstream peer’s HTTP scheme.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2836
Published : March 5, 2026, 12:15 a.m. | 1 hour, 44 minutes ago
Description : A cache poisoning vulnerability has been found in the Pingora HTTP proxy framework’s default cache key construction. The issue occurs because the default HTTP cache key implementation generates cache keys using only the URI path, excluding critical factors such as the host header (authority). Operators relying on the default are vulnerable to cache poisoning, and cross-origin responses may be improperly served to users. Impact This vulnerability affects users of Pingora's alpha proxy caching feature who relied on the default CacheKey implementation. An attacker could exploit this for: * Cross-tenant data leakage: In multi-tenant deployments, poison the cache so that users from one tenant receive cached responses from another tenant * Cache poisoning attacks: Serve malicious content to legitimate users by poisoning shared cache entries Cloudflare's CDN infrastructure was not affected by this vulnerability, as Cloudflare's default cache key implementation uses multiple factors to prevent cache key poisoning and never made use of the previously provided default. Mitigation: We strongly recommend Pingora users to upgrade to Pingora v0.8.0 or higher, which removes the insecure default cache key implementation. Users must now explicitly implement their own callback that includes appropriate factors such as Host header, origin server HTTP scheme, and other attributes their cache should vary on. Pingora users on previous versions may also remove any of their default CacheKey usage and implement their own that should at minimum include the host header / authority and upstream peer’s HTTP scheme.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-29122 - `/bin/date` Binary given SETUID Permissions on IDC SFX2100 Leading to Potential LPE
CVE ID : CVE-2026-29122
Published : March 5, 2026, 12:53 a.m. | 1 hour, 6 minutes ago
Description : International Data Casting (IDC) SFX2100 satellite receiver comes with the `/bin/date` utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file reads as the root user on the local file system. This allows an actor to be able to read any root read-only files, such as the /etc/shadow file or other configuration/secrets carrier files.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-29122
Published : March 5, 2026, 12:53 a.m. | 1 hour, 6 minutes ago
Description : International Data Casting (IDC) SFX2100 satellite receiver comes with the `/bin/date` utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file reads as the root user on the local file system. This allows an actor to be able to read any root read-only files, such as the /etc/shadow file or other configuration/secrets carrier files.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-29121 - `/sbin/ip` Binary given SETUID Permissions on IDC SFX2100 Leading to Potential LPE
CVE ID : CVE-2026-29121
Published : March 5, 2026, 1:15 a.m. | 44 minutes ago
Description : International Data Casting (IDC) SFX2100 satellite receiver comes with the `/sbin/ip` utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file reads as the root user on the local file system and may potentially lead to other avenues for preforming privileged actions.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-29121
Published : March 5, 2026, 1:15 a.m. | 44 minutes ago
Description : International Data Casting (IDC) SFX2100 satellite receiver comes with the `/sbin/ip` utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file reads as the root user on the local file system and may potentially lead to other avenues for preforming privileged actions.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-29123 - Multiple SUID Root Binaries in `xd` User Home Directory Leading to Potential Local Privilege Escalation
CVE ID : CVE-2026-29123
Published : March 5, 2026, 1:18 a.m. | 41 minutes ago
Description : A SUID root-owned binary in /home/xd/terminal/XDTerminal in International Data Casting (IDC) SFX2100 on Linux allows a local actor to potentially preform local privilege escalation depending on conditions of the system via execution of the affected SUID binary. This can be via PATH hijacking, symlink abuse or shared object hijacking.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-29123
Published : March 5, 2026, 1:18 a.m. | 41 minutes ago
Description : A SUID root-owned binary in /home/xd/terminal/XDTerminal in International Data Casting (IDC) SFX2100 on Linux allows a local actor to potentially preform local privilege escalation depending on conditions of the system via execution of the affected SUID binary. This can be via PATH hijacking, symlink abuse or shared object hijacking.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40926 - Plack::Middleware::Session::Simple versions through 0.04 for Perl generates session ids insecurely
CVE ID : CVE-2025-40926
Published : March 5, 2026, 2:16 a.m. | 3 hours, 47 minutes ago
Description : Plack::Middleware::Session::Simple versions through 0.04 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems. Plack::Middleware::Session::Simple is intended to be compatible with Plack::Middleware::Session, which had a similar security issue CVE-2025-40923.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40926
Published : March 5, 2026, 2:16 a.m. | 3 hours, 47 minutes ago
Description : Plack::Middleware::Session::Simple versions through 0.04 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems. Plack::Middleware::Session::Simple is intended to be compatible with Plack::Middleware::Session, which had a similar security issue CVE-2025-40923.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40931 - Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id
CVE ID : CVE-2025-40931
Published : March 5, 2026, 2:16 a.m. | 3 hours, 47 minutes ago
Description : Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand() function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40931
Published : March 5, 2026, 2:16 a.m. | 3 hours, 47 minutes ago
Description : Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand() function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-29124 - Multiple SUID Root Binaries in `monitor` User Home Directory Leading to Potential Local Privilege Escalation
CVE ID : CVE-2026-29124
Published : March 5, 2026, 2:16 a.m. | 3 hours, 46 minutes ago
Description : Multiple SUID root-owned binaries are found in /home/monitor/terminal, /home/monitor/kore-terminal, /home/monitor/IDE-DPack/terminal-dpack, and /home/monitor/IDE-DPack/terminal-dpack2 in International Data Casting (IDC) SFX2100 Satellite Receiver, which may lead to local privlidge escalation from the `monitor` user to root
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-29124
Published : March 5, 2026, 2:16 a.m. | 3 hours, 46 minutes ago
Description : Multiple SUID root-owned binaries are found in /home/monitor/terminal, /home/monitor/kore-terminal, /home/monitor/IDE-DPack/terminal-dpack, and /home/monitor/IDE-DPack/terminal-dpack2 in International Data Casting (IDC) SFX2100 Satellite Receiver, which may lead to local privlidge escalation from the `monitor` user to root
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-29125 - IDC SFX2100 Satellite Receiver allows unprivileged modification of DNS configuration due to world-writable `/etc/resolv.conf`
CVE ID : CVE-2026-29125
Published : March 5, 2026, 2:16 a.m. | 3 hours, 46 minutes ago
Description : IDC SFX2100 Satalite Recievers set the `/etc/resolv.conf` file to be world-writable by any local user, allowing DNS resolver tampering that can redirect network communications, facilitate man-in-the-middle attacks, and cause denial of service.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-29125
Published : March 5, 2026, 2:16 a.m. | 3 hours, 46 minutes ago
Description : IDC SFX2100 Satalite Recievers set the `/etc/resolv.conf` file to be world-writable by any local user, allowing DNS resolver tampering that can redirect network communications, facilitate man-in-the-middle attacks, and cause denial of service.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...