CVE-2026-3713

A flaw was found in libpng. A local attacker could exploit this vulnerability by manipulating the width/height arguments in the dopnm2png function of the pnm2png component. This manipulation causes a heap-based buffer overflow, which could lead to information disclosure and denial of service DoS...

Malicious code in python-requirements (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 40fa77c47c3649fce85f601f8aa10bf13674e5db4a2d35f125cb48b77d65f99d The package clones a legitimate webdavclient3 library and modifies it to be an installer utility. During installation, the package exfiltrates the current...

MAL-2026-1264 Malicious code in python-requirements (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 40fa77c47c3649fce85f601f8aa10bf13674e5db4a2d35f125cb48b77d65f99d The package clones a legitimate webdavclient3 library and modifies it to be an installer utility. During installation, the package exfiltrates the current...

CVE-2025-14923

IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.2 IBM WebSphere Application Server Liberty could provide weaker than expected security when using the Security Utility when administering security settings...

CVE-2026-29122 `/bin/date` Binary given SETUID Permissions on IDC SFX2100 Leading to Potential LPE

International Data Casting IDC SFX2100 satellite receiver comes with the /bin/date utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file...

PT-2026-23099

Name of the Vulnerable Software and Affected Versions IDC SFX2100 satellite receiver affected versions not specified Description The IDC SFX2100 satellite receiver includes the /bin/date utility installed with the setuid bit set. This configuration allows any local user who can execute the binary...

CVE-2026-2915

HP System Event Utility might allow denial of service with elevated arbitrary file writes. This potential vulnerability was remediated with HP System Event Utility version 3.2.16...

CVE-2025-66678

An issue in the HwRwDrv.sys component of Nil Hardware Editor Hardware Read & Write Utility v1.25.11.26 and earlier allows attackers to execute arbitrary read and write operations via a crafted request...

CVE-2026-28784 Craft is affected by potential authenticated Remote Code Execution via Twig SSTI

Craft is a content management system CMS. Prior to 5.8.22 and 4.16.18, it is possible to craft a malicious payload using the Twig map filter in text fields that accept Twig input under Settings in the Craft control panel or using the System Messages utility, which could lead to a RCE. For this to...

CVE-2026-28784

Craft CMS is affected by a Server-Side Template Injection (Twig map filter) vulnerability prior to versions 5.8.22 and 4.16.18. The issue arises in text fields that accept Twig input (Settings in the Craft Control Panel or via the System Messages utility), allowing an attacker with administrator ...

EUVD-2026-9369

An OS Command Injection vulnerability exists in the web-based Traceroute diagnostic utility of International Datacasting Corporation IDC SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101. An authenticated attacker can inject arbitrary shell metacharacters such as the pip...

CVE-2026-28774 Authenticated OS Command Injection via Traceroute Utility leads to Root RCE

An OS Command Injection vulnerability exists in the web-based Traceroute diagnostic utility of International Datacasting Corporation IDC SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101. An authenticated attacker can inject arbitrary shell metacharacters such as the pip...

CVE-2026-28773 Authenticated OS Command Injection via Ping Utility Leading to RCE as Root

The web-based Ping diagnostic utility /IDCPing/main.cgi in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web Management Interface version 101 is vulnerable to OS Command Injection. The application insecurely parses the IPaddr parameter. An authenticated attacke...

CVE-2026-28773

The web-based Ping diagnostic utility /IDCPing/main.cgi in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web Management Interface version 101 is vulnerable to OS Command Injection. The application insecurely parses the IPaddr parameter. An authenticated attacke...

CVE-2026-28773

The CVE-2026-28773 entry concerns the IDC SFX Series SuperFlex SatelliteReceiver Web Management Interface (version 101). Affected component: the web-based Ping diagnostic utility at /IDC_Ping/main.cgi. Root cause: insecure parsing of the IPaddr parameter enables OS command injection by bypassing ...

CLEANSTART-2026-NA21773 GNU patch through 2

Multiple security vulnerabilities affect the patch package. GNU patch through 2. See references for individual vulnerability details...

PT-2026-22963

An issue in the HwRwDrv.sys component of Nil Hardware Editor Hardware Read & Write Utility v1.25.11.26 and earlier allows attackers to execute arbitrary read and write operations via a crafted request...

CVE-2025-66678

An issue in the HwRwDrv.sys component of Nil Hardware Editor Hardware Read & Write Utility v1.25.11.26 and earlier allows attackers to execute arbitrary read and write operations via a crafted request...

PT-2026-22875

Name of the Vulnerable Software and Affected Versions International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web Management Interface version 101 Description The web-based Ping diagnostic utility '/IDC Ping/main.cgi' is susceptible to OS Command Injection. The applicati...

CVE-2025-66678

CVE-2025-66678 affects Nil Hardware Editor’s Hardware Read & Write Utility (HwRwDrv.sys) up to v1.25.11.26. A crafted request can trigger arbitrary read/write operations, as described across multiple sources (NVD, RH, EUVD, OSV, CNNVD, etc.). The underlying issue is located in HwRwDrv.sys and lea...