CVE-2026-33201

The Digital Photo Frame GH-WDF10A from GREEN HOUSE CO., LTD. contains an active debug code vulnerability. Exploitation can read/write files or configurations on the device, or arbitrarily execute files with root privileges. CVSS data from the connected CVE entry indicates high impact on confident...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : systemd vulnerabilities (USN-8119-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8119-1 advisory. It was discovered that systemd incorrectly handled certain cgroup paths. A local attacker could possibly use this issue to cause systemd to...

Ubuntu: Security Advisory (USN-8119-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-8119-2: systemd vulnerabilities

USN-8119-1 fixed vulnerabilities in systemd. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that systemd incorrectly handled certain cgroup paths. A local attacker could...

USN-8119-2 systemd vulnerabilities

USN-8119-1 fixed vulnerabilities in systemd. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that systemd incorrectly handled certain cgroup paths. A local attacker could...

USN-8119-1 systemd vulnerabilities

It was discovered that systemd incorrectly handled certain cgroup paths. A local attacker could possibly use this issue to cause systemd to crash, resulting in a denial of service. CVE-2026-29111 It was discovered that the systemd udev component incorrectly handled certain fields received from th...

USN-8119-1: systemd vulnerabilities

It was discovered that systemd incorrectly handled certain cgroup paths. A local attacker could possibly use this issue to cause systemd to crash, resulting in a denial of service. CVE-2026-29111 It was discovered that the systemd udev component incorrectly handled certain fields received from th...

Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability

Cisco Secure Firewall Management Center FMC Software and Cisco Security Cloud Control SCC Firewall Management contain a deserialization of untrusted data vulnerability in the web-based management interface that could allow an unauthenticated, remote attacker to execute arbitrary Java code as root...

CVE-2026-25770

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0 and prior to version 4.14.3, a privilege escalation vulnerability exists in the Wazuh Manager's cluster synchronization protocol. The wazuh-clusterd service allows authenticated...

(Pwn2Own) QNAP TS-453E Hyper Data Protector Plugin query_original_file_size SQL Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-453E. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

Fortinet FortiClient Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Fortinet FortiClient. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of...

CVE-2025-15568

Technical details beyond the CVE description are not provided in the supplied documents. Monitor for updates.

CVE-2026-25070

The CVE-2026-25070 vulnerability affects XikeStor SKS8310-8X Network Switch firmware

EUVD-2026-9373

International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver contains undocumented, hardcoded/insecure credentials for the xd user account. A remote unauthenticated attacker can log in via FTP using these credentials. Because the xd user has write permissions to their home...

CVE-2026-28778

International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver contains undocumented, hardcoded/insecure credentials for the xd user account. A remote unauthenticated attacker can log in via FTP using these credentials. Because the xd user has write permissions to their home...

CVE-2026-28778 Hardcoded FTP Credentials and LPE(via Insecure Permissions) for `xd` Local Account on IDC SFX2100

International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver contains undocumented, hardcoded/insecure credentials for the xd user account. A remote unauthenticated attacker can log in via FTP using these credentials. Because the xd user has write permissions to their home...

CVE-2026-28774

The CVE concerns IDC SFX Series SuperFlex SatelliteReceiver Web Management Interface (version 101) where the web-based Traceroute diagnostic utility is vulnerable. An authenticated attacker can inject arbitrary shell metacharacters into the flags parameter, resulting in OS command execution with ...

CVE-2026-28774 Authenticated OS Command Injection via Traceroute Utility leads to Root RCE

An OS Command Injection vulnerability exists in the web-based Traceroute diagnostic utility of International Datacasting Corporation IDC SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101. An authenticated attacker can inject arbitrary shell metacharacters such as the pip...

CVE-2026-28773 Authenticated OS Command Injection via Ping Utility Leading to RCE as Root

The web-based Ping diagnostic utility /IDCPing/main.cgi in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web Management Interface version 101 is vulnerable to OS Command Injection. The application insecurely parses the IPaddr parameter. An authenticated attacke...

CVE-2026-28773

The CVE-2026-28773 entry concerns the IDC SFX Series SuperFlex SatelliteReceiver Web Management Interface (version 101). Affected component: the web-based Ping diagnostic utility at /IDC_Ping/main.cgi. Root cause: insecure parsing of the IPaddr parameter enables OS command injection by bypassing ...