π¨ CVE-2026-28773
The web-based Ping diagnostic utility (/IDC_Ping/main.cgi) in International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver Web Management Interface version 101 is vulnerable to OS Command Injection. The application insecurely parses the `IPaddr` parameter. An authenticated attacker can bypass server-side semicolon exclusion checks by using alternate shell metacharacters (such as the pipe `|` operator) to append and execute arbitrary shell commands with root privileges.
π@cveNotify
The web-based Ping diagnostic utility (/IDC_Ping/main.cgi) in International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver Web Management Interface version 101 is vulnerable to OS Command Injection. The application insecurely parses the `IPaddr` parameter. An authenticated attacker can bypass server-side semicolon exclusion checks by using alternate shell metacharacters (such as the pipe `|` operator) to append and execute arbitrary shell commands with root privileges.
π@cveNotify
Abduls Blog
Over 20 vulnerabilities found in satellite receiver used by US DoD, EU's Space Agency and others
During a recent penetration test I did against a critical infrastructure operator, I had achieved Domain Administrator through two independent routes; ADCS ESC4, and by combining an LMCompatibility value of 2 with LDAP signing disabled. With that out of theβ¦
π¨ CVE-2026-28774
An OS Command Injection vulnerability exists in the web-based Traceroute diagnostic utility of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101. An authenticated attacker can inject arbitrary shell metacharacters (such as the pipe `|` operator) into the flags parameter, leading to the execution of arbitrary operating system commands with root privileges.
π@cveNotify
An OS Command Injection vulnerability exists in the web-based Traceroute diagnostic utility of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101. An authenticated attacker can inject arbitrary shell metacharacters (such as the pipe `|` operator) into the flags parameter, leading to the execution of arbitrary operating system commands with root privileges.
π@cveNotify
Abduls Blog
Over 20 vulnerabilities found in satellite receiver used by US DoD, EU's Space Agency and others
During a recent penetration test I did against a critical infrastructure operator, I had achieved Domain Administrator through two independent routes; ADCS ESC4, and by combining an LMCompatibility value of 2 with LDAP signing disabled. With that out of theβ¦
π¨ CVE-2026-1678
dns_unpack_name() caches the buffer tailroom once and reuses it while appending DNS labels. As the buffer grows, the cached size becomes incorrect, and the final null terminator can be written past the buffer. With assertions disabled (default), a malicious DNS response can trigger an out-of-bounds write when CONFIG_DNS_RESOLVER is enabled.
π@cveNotify
dns_unpack_name() caches the buffer tailroom once and reuses it while appending DNS labels. As the buffer grows, the cached size becomes incorrect, and the final null terminator can be written past the buffer. With assertions disabled (default), a malicious DNS response can trigger an out-of-bounds write when CONFIG_DNS_RESOLVER is enabled.
π@cveNotify
GitHub
dns: memoryβsafety issue in the DNS name parser.
`dns_unpack_name()` in `subsys/net/lib/dns/dns_pack.c` snapshots `dest_size = net_buf_tailroom(buf)` once and reuses it while appending labels. As `buf->len` grows, the stale bound no longer mat...
π¨ CVE-2026-25702
A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causing firewall rules applied via nftables to not be effective.This issue affects SUSE Linux Enterprise Server: from 9e6d9d4601768c75fdb0bad3fbbe636e748939c2 before 9c294edb7085fb91650bc12233495a8974c5ff2d.
π@cveNotify
A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causing firewall rules applied via nftables to not be effective.This issue affects SUSE Linux Enterprise Server: from 9e6d9d4601768c75fdb0bad3fbbe636e748939c2 before 9c294edb7085fb91650bc12233495a8974c5ff2d.
π@cveNotify
π¨ CVE-2026-28536
Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
π@cveNotify
Authentication bypass vulnerability in the device authentication module. Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
π@cveNotify
π¨ CVE-2026-2743
Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer (LFT). This issue affects SeppMail: 15.0.2.1 and before
π@cveNotify
Arbitrary File Write via Path Traversal upload to Remote Code Execution in SeppMail User Web Interface. The affected feature is the large file transfer (LFT). This issue affects SeppMail: 15.0.2.1 and before
π@cveNotify
π1
π¨ CVE-2025-66319
Permission control vulnerability in the resource scheduling module. Impact: Successful exploitation of this vulnerability may affect service integrity.
π@cveNotify
Permission control vulnerability in the resource scheduling module. Impact: Successful exploitation of this vulnerability may affect service integrity.
π@cveNotify
π¨ CVE-2026-1321
The Membership Plugin β Restrict Content plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.20. This is due to the `rcp_setup_registration_init()` function accepting any membership level ID via the `rcp_level` POST parameter without validating that the level is active or that payment is required. Combined with the `add_user_role()` method which assigns the WordPress role configured on the membership level without status checks, this makes it possible for unauthenticated attackers to register with any membership level, including inactive levels that grant privileged WordPress roles such as Administrator, or paid levels that charge a sign-up fee. The vulnerability was partially patched in version 3.2.18.
π@cveNotify
The Membership Plugin β Restrict Content plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.2.20. This is due to the `rcp_setup_registration_init()` function accepting any membership level ID via the `rcp_level` POST parameter without validating that the level is active or that payment is required. Combined with the `add_user_role()` method which assigns the WordPress role configured on the membership level without status checks, this makes it possible for unauthenticated attackers to register with any membership level, including inactive levels that grant privileged WordPress roles such as Administrator, or paid levels that charge a sign-up fee. The vulnerability was partially patched in version 3.2.18.
π@cveNotify
π¨ CVE-2026-21786
HCL Sametime for iOS is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URLs.
π@cveNotify
HCL Sametime for iOS is impacted by a sensitive information disclosure. Hostnames information is written in application logs and certain URLs.
π@cveNotify
Hcl-Software
Security Bulletin: HCL Sametime for iOS is affected by sensitive information disclosure - Customer Support
A sensitive information disclosure is addressed in HCL Sametime for iOS 12.0.26. It is recommended to
π¨ CVE-2026-28537
Double free vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
Double free vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
π¨ CVE-2026-28538
Path traversal vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
Path traversal vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
π¨ CVE-2026-28539
Data processing vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
π@cveNotify
Data processing vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
π@cveNotify
π¨ CVE-2026-24924
Vulnerability of improper permission control in the print module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
π@cveNotify
Vulnerability of improper permission control in the print module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
π@cveNotify
π¨ CVE-2026-28542
Permission bypass vulnerability in the system service framework. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
Permission bypass vulnerability in the system service framework. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
π¨ CVE-2026-28546
Buffer overflow vulnerability in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
Buffer overflow vulnerability in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
π¨ CVE-2026-28547
Vulnerability of uninitialized pointer access in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
Vulnerability of uninitialized pointer access in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
π¨ CVE-2026-28548
Vulnerability of improper verification in the email application. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
π@cveNotify
Vulnerability of improper verification in the email application. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
π@cveNotify
π¨ CVE-2026-28549
Race condition vulnerability in the permission management service. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
Race condition vulnerability in the permission management service. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
π¨ CVE-2025-11143
The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently from one that generates a response. At the very least, differential parsing may divulge implementation details.
π@cveNotify
The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIs. Differential parsing of URIs in systems using multiple components may result in security by-pass. For example a component that enforces a black list may interpret the URIs differently from one that generates a response. At the very least, differential parsing may divulge implementation details.
π@cveNotify
GitHub
Different parsing of invalid URIs
The Jetty URI parser has some key differences to other common parsers when evaluating invalid or unusual URIS. Specifically:
#### Invalid Scheme
| URI | Jetty | uri-js (nodejs) | node-url(nodej...
#### Invalid Scheme
| URI | Jetty | uri-js (nodejs) | node-url(nodej...
π¨ CVE-2026-1605
In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, class GzipHandler exposes a vulnerability when a compressed HTTP request, with Content-Encoding: gzip, is processed and the corresponding response is not compressed.
This happens because the JDK Inflater is allocated for decompressing the request, but it is not released because the release mechanism is tied to the compressed response.
In this case, since the response is not compressed, the release mechanism does not trigger, causing the leak.
π@cveNotify
In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, class GzipHandler exposes a vulnerability when a compressed HTTP request, with Content-Encoding: gzip, is processed and the corresponding response is not compressed.
This happens because the JDK Inflater is allocated for decompressing the request, but it is not released because the release mechanism is tied to the compressed response.
In this case, since the response is not compressed, the release mechanism does not trigger, causing the leak.
π@cveNotify
GitHub
Gzip request memory leak
### Description (as reported)
There is a memory leak when using `GzipHandler` in jetty-12.0.30 that can cause off-heap OOMs.
This can be used for DoS attacks so I'm reporting this as a vuln...
There is a memory leak when using `GzipHandler` in jetty-12.0.30 that can cause off-heap OOMs.
This can be used for DoS attacks so I'm reporting this as a vuln...
π¨ CVE-2026-21628
A improperly secured file management feature allows uploads of dangerous data types for unauthenticated users, leading to remote code execution.
π@cveNotify
A improperly secured file management feature allows uploads of dangerous data types for unauthenticated users, leading to remote code execution.
π@cveNotify
Astroid
Astroid Framework | Best Free Joomla Template Framework
Powerful framework for designers and developers to create responsive, fast & robust Joomla based websites and templates.