π¨ CVE-2026-28769
A path traversal vulnerability exists in the /IDC_Logging/checkifdone.cgi script in International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver Web management portal version 101. An authenticated attacker can manipulate the `file` parameter to traverse directories and enumerate arbitrary files on the underlying filesystem. Due to the insecure perl file path handling function in use, a authenticated actor is able to preform directory traversal, with the backup endpoint confirming a file exists by indicating that a backup operation was successful or when using the path of a non existent file, the returned status is failed.
π@cveNotify
A path traversal vulnerability exists in the /IDC_Logging/checkifdone.cgi script in International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver Web management portal version 101. An authenticated attacker can manipulate the `file` parameter to traverse directories and enumerate arbitrary files on the underlying filesystem. Due to the insecure perl file path handling function in use, a authenticated actor is able to preform directory traversal, with the backup endpoint confirming a file exists by indicating that a backup operation was successful or when using the path of a non existent file, the returned status is failed.
π@cveNotify
Abduls Blog
Over 20 vulnerabilities found in satellite receiver used by US DoD, EU's Space Agency and others
During a recent penetration test I did against a critical infrastructure operator, I had achieved Domain Administrator through two independent routes; ADCS ESC4, and by combining an LMCompatibility value of 2 with LDAP signing disabled. With that out of theβ¦
π¨ CVE-2026-28770
Improper neutralization of special elements in the /IDC_Logging/checkifdone.cgi script in International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver Web management Interface version 101 allows for XML Injection. The application reflects un-sanitized user input from the `file` parameter directly into a CDATA block, allowing an authenticated attacker to break out of the tags and inject arbitrary XML elements. An actor is confirmed to be able to turn this into an reflected XSS but further abuse such as XXE may be possible
π@cveNotify
Improper neutralization of special elements in the /IDC_Logging/checkifdone.cgi script in International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver Web management Interface version 101 allows for XML Injection. The application reflects un-sanitized user input from the `file` parameter directly into a CDATA block, allowing an authenticated attacker to break out of the tags and inject arbitrary XML elements. An actor is confirmed to be able to turn this into an reflected XSS but further abuse such as XXE may be possible
π@cveNotify
Abduls Blog
Over 20 vulnerabilities found in satellite receiver used by US DoD, EU's Space Agency and others
During a recent penetration test I did against a critical infrastructure operator, I had achieved Domain Administrator through two independent routes; ADCS ESC4, and by combining an LMCompatibility value of 2 with LDAP signing disabled. With that out of theβ¦
π¨ CVE-2026-28771
A Reflected Cross-Site Scripting (XSS) vulnerability exists in the /index.cgi endpoint of International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver Web Management Interface version 101. The application fails to adequately sanitize user-supplied input provided via the `cat` parameter before reflecting it in the HTTP response, allowing a remote attacker to execute arbitrary HTML or JavaScript in the victim's browser context.
π@cveNotify
A Reflected Cross-Site Scripting (XSS) vulnerability exists in the /index.cgi endpoint of International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver Web Management Interface version 101. The application fails to adequately sanitize user-supplied input provided via the `cat` parameter before reflecting it in the HTTP response, allowing a remote attacker to execute arbitrary HTML or JavaScript in the victim's browser context.
π@cveNotify
Abduls Blog
Over 20 vulnerabilities found in satellite receiver used by US DoD, EU's Space Agency and others
During a recent penetration test I did against a critical infrastructure operator, I had achieved Domain Administrator through two independent routes; ADCS ESC4, and by combining an LMCompatibility value of 2 with LDAP signing disabled. With that out of theβ¦
π¨ CVE-2026-28772
A Reflected Cross-Site Scripting (XSS) vulnerability in the /IDC_Logging/index.cgi endpoint of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101 allows a remote attacker to execute arbitrary web scripts or HTML. The vulnerability is triggered by sending a crafted payload through the `submitType` parameter, which is reflected directly into the DOM without proper escaping.
π@cveNotify
A Reflected Cross-Site Scripting (XSS) vulnerability in the /IDC_Logging/index.cgi endpoint of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101 allows a remote attacker to execute arbitrary web scripts or HTML. The vulnerability is triggered by sending a crafted payload through the `submitType` parameter, which is reflected directly into the DOM without proper escaping.
π@cveNotify
Abduls Blog
Over 20 vulnerabilities found in satellite receiver used by US DoD, EU's Space Agency and others
During a recent penetration test I did against a critical infrastructure operator, I had achieved Domain Administrator through two independent routes; ADCS ESC4, and by combining an LMCompatibility value of 2 with LDAP signing disabled. With that out of theβ¦
π¨ CVE-2026-28773
The web-based Ping diagnostic utility (/IDC_Ping/main.cgi) in International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver Web Management Interface version 101 is vulnerable to OS Command Injection. The application insecurely parses the `IPaddr` parameter. An authenticated attacker can bypass server-side semicolon exclusion checks by using alternate shell metacharacters (such as the pipe `|` operator) to append and execute arbitrary shell commands with root privileges.
π@cveNotify
The web-based Ping diagnostic utility (/IDC_Ping/main.cgi) in International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver Web Management Interface version 101 is vulnerable to OS Command Injection. The application insecurely parses the `IPaddr` parameter. An authenticated attacker can bypass server-side semicolon exclusion checks by using alternate shell metacharacters (such as the pipe `|` operator) to append and execute arbitrary shell commands with root privileges.
π@cveNotify
Abduls Blog
Over 20 vulnerabilities found in satellite receiver used by US DoD, EU's Space Agency and others
During a recent penetration test I did against a critical infrastructure operator, I had achieved Domain Administrator through two independent routes; ADCS ESC4, and by combining an LMCompatibility value of 2 with LDAP signing disabled. With that out of theβ¦
π¨ CVE-2026-28774
An OS Command Injection vulnerability exists in the web-based Traceroute diagnostic utility of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101. An authenticated attacker can inject arbitrary shell metacharacters (such as the pipe `|` operator) into the flags parameter, leading to the execution of arbitrary operating system commands with root privileges.
π@cveNotify
An OS Command Injection vulnerability exists in the web-based Traceroute diagnostic utility of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101. An authenticated attacker can inject arbitrary shell metacharacters (such as the pipe `|` operator) into the flags parameter, leading to the execution of arbitrary operating system commands with root privileges.
π@cveNotify
Abduls Blog
Over 20 vulnerabilities found in satellite receiver used by US DoD, EU's Space Agency and others
During a recent penetration test I did against a critical infrastructure operator, I had achieved Domain Administrator through two independent routes; ADCS ESC4, and by combining an LMCompatibility value of 2 with LDAP signing disabled. With that out of theβ¦
π¨ CVE-2026-1678
dns_unpack_name() caches the buffer tailroom once and reuses it while appending DNS labels. As the buffer grows, the cached size becomes incorrect, and the final null terminator can be written past the buffer. With assertions disabled (default), a malicious DNS response can trigger an out-of-bounds write when CONFIG_DNS_RESOLVER is enabled.
π@cveNotify
dns_unpack_name() caches the buffer tailroom once and reuses it while appending DNS labels. As the buffer grows, the cached size becomes incorrect, and the final null terminator can be written past the buffer. With assertions disabled (default), a malicious DNS response can trigger an out-of-bounds write when CONFIG_DNS_RESOLVER is enabled.
π@cveNotify
GitHub
dns: memoryβsafety issue in the DNS name parser.
`dns_unpack_name()` in `subsys/net/lib/dns/dns_pack.c` snapshots `dest_size = net_buf_tailroom(buf)` once and reuses it while appending labels. As `buf->len` grows, the stale bound no longer mat...
π¨ CVE-2026-25702
A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causing firewall rules applied via nftables to not be effective.This issue affects SUSE Linux Enterprise Server: from 9e6d9d4601768c75fdb0bad3fbbe636e748939c2 before 9c294edb7085fb91650bc12233495a8974c5ff2d.
π@cveNotify
A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causing firewall rules applied via nftables to not be effective.This issue affects SUSE Linux Enterprise Server: from 9e6d9d4601768c75fdb0bad3fbbe636e748939c2 before 9c294edb7085fb91650bc12233495a8974c5ff2d.
π@cveNotify
π¨ CVE-2026-28536
Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
π@cveNotify
Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
π@cveNotify
π¨ CVE-2026-2743
Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer (LFT). This issue affects SeppMail: 15.0.2.1 and before
π@cveNotify
Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer (LFT). This issue affects SeppMail: 15.0.2.1 and before
π@cveNotify
π1
π¨ CVE-2025-66319
Permission control vulnerability in the resource scheduling module. Impact: Successful exploitation of this vulnerability may affect service integrity.
π@cveNotify
Permission control vulnerability in the resource scheduling module. Impact: Successful exploitation of this vulnerability may affect service integrity.
π@cveNotify
π¨ CVE-2026-1321
The Membership Plugin β Restrict Content plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.20. This is due to the `rcp_setup_registration_init()` function accepting any membership level ID via the `rcp_level` POST parameter without validating that the level is active or that payment is required. Combined with the `add_user_role()` method which assigns the WordPress role configured on the membership level without status checks, this makes it possible for unauthenticated attackers to register with any membership level, including inactive levels that grant privileged WordPress roles such as Administrator, or paid levels that charge a sign-up fee. The vulnerability was partially patched in version 3.2.18.
π@cveNotify
The Membership Plugin β Restrict Content plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.20. This is due to the `rcp_setup_registration_init()` function accepting any membership level ID via the `rcp_level` POST parameter without validating that the level is active or that payment is required. Combined with the `add_user_role()` method which assigns the WordPress role configured on the membership level without status checks, this makes it possible for unauthenticated attackers to register with any membership level, including inactive levels that grant privileged WordPress roles such as Administrator, or paid levels that charge a sign-up fee. The vulnerability was partially patched in version 3.2.18.
π@cveNotify
π¨ CVE-2026-21786
HCL Sametime for iOS is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URLs.
π@cveNotify
HCL Sametime for iOS is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URLs.
π@cveNotify
Hcl-Software
Security Bulletin: HCL Sametime for iOS is affected by sensitive information disclosure - Customer Support
A sensitive information disclosure is addressed in HCL Sametime for iOS 12.0.26. It is recommended to
π¨ CVE-2026-28537
Double free vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
Double free vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
π¨ CVE-2026-28538
Path traversal vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
Path traversal vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
π¨ CVE-2026-28539
Data processing vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
π@cveNotify
Data processing vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
π@cveNotify
π¨ CVE-2026-24924
Vulnerability of improper permission control in the print module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
π@cveNotify
Vulnerability of improper permission control in the print module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
π@cveNotify
π¨ CVE-2026-28542
Permission bypass vulnerability in the system service framework. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
Permission bypass vulnerability in the system service framework. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
π¨ CVE-2026-28546
Buffer overflow vulnerability in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
Buffer overflow vulnerability in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
π¨ CVE-2026-28547
Vulnerability of uninitialized pointer access in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
Vulnerability of uninitialized pointer access in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
π¨ CVE-2026-28548
Vulnerability of improper verification in the email application. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
π@cveNotify
Vulnerability of improper verification in the email application. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
π@cveNotify