CVE-2026-29123 Multiple SUID Root Binaries in `xd` User Home Directory Leading to Potential Local Privilege Escalation

A SUID root-owned binary in /home/xd/terminal/XDTerminal in International Data Casting IDC SFX2100 on Linux allows a local actor to potentially preform local privilege escalation depending on conditions of the system via execution of the affected SUID binary. This can be via PATH hijacking, symli...

CVE-2026-29123 Multiple SUID Root Binaries in `xd` User Home Directory Leading to Potential Local Privilege Escalation

A SUID root-owned binary in /home/xd/terminal/XDTerminal in International Data Casting IDC SFX2100 on Linux allows a local actor to potentially preform local privilege escalation depending on conditions of the system via execution of the affected SUID binary. This can be via PATH hijacking, symli...

CVE-2026-29123

CVE-2026-29123 affects a SUID root-owned binary at /home/xd/terminal/XDTerminal in International Data Casting (IDC) SFX2100 on Linux. The issue enables local privilege escalation through execution of the affected SUID binary, with attack methods including PATH hijacking, symlink abuse, or shared ...

CVE-2026-29123

A SUID root-owned binary in /home/xd/terminal/XDTerminal in International Data Casting IDC SFX2100 on Linux allows a local actor to potentially preform local privilege escalation depending on conditions of the system via execution of the affected SUID binary. This can be via PATH hijacking, symli...

CVE-2026-29121

International Data Casting IDC SFX2100 satellite receiver comes with the /sbin/ip utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file...

CVE-2026-29122 `/bin/date` Binary given SETUID Permissions on IDC SFX2100 Leading to Potential LPE

International Data Casting IDC SFX2100 satellite receiver comes with the /bin/date utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file...

CVE-2026-29122 `/bin/date` Binary given SETUID Permissions on IDC SFX2100 Leading to Potential LPE

International Data Casting IDC SFX2100 satellite receiver comes with the /bin/date utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file...

CVE-2026-29121 `/sbin/ip` Binary given SETUID Permissions on IDC SFX2100 Leading to Potential LPE

International Data Casting IDC SFX2100 satellite receiver comes with the /sbin/ip utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file...

CVE-2026-29121

International Data Casting IDC SFX2100 satellite receiver comes with the /sbin/ip utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file...

CVE-2026-29121

IDC SFX2100 satellite receiver ships with /sbin/ip setuid, enabling local privilege escalation; a local user can leverage GTFObins ip to read root files and potentially perform additional privileged actions on the local system.

International Datacasting SFX2100 SuperFlex Satellite Receiver 安全漏洞

The International Datacasting SFX2100 SuperFlex Satellite Receiver is a professional broadcast-grade satellite signal receiving device developed by the International Datacasting company. The SFX2100 SuperFlex Satellite Receiver has a security vulnerability, which stems from the presence of binary...

PT-2026-23100

Name of the Vulnerable Software and Affected Versions International Data Casting IDC SFX2100 affected versions not specified Description A SUID root-owned binary located in /home/xd/terminal/XDTerminal allows a local actor to potentially perform local privilege escalation depending on system...

PT-2026-23099

Name of the Vulnerable Software and Affected Versions IDC SFX2100 satellite receiver affected versions not specified Description The IDC SFX2100 satellite receiver includes the /bin/date utility installed with the setuid bit set. This configuration allows any local user who can execute the binary...

PT-2026-23098

Name of the Vulnerable Software and Affected Versions IDC SFX2100 satellite receiver affected versions not specified Description The /sbin/ip utility is installed with the setuid bit set on the IDC SFX2100 satellite receiver. This configuration allows any local user who can execute the binary to...

AirPlay RTSP Auditor

This Metasploit module is a hardened RTSP security auditing tool targeting Apple AirPlay services port 7000. It performs a structured authentication handshake using X25519 key exchange, derives shared secrets, and sends a dynamically constructed Apple Binary Property List bplist payload over RTSP...

CVE-2025-64736

An out-of-bounds read vulnerability exists in the ABF parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch 5462afb0. A specially crafted .abf file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2026-3463

A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::binarywriter::append of the file source/detail/binary.hpp of the component Compound Document Parser. This manipulation causes heap-based buffer overflow. The attack can only be executed...

PT-2026-22881

Name of the Vulnerable Software and Affected Versions International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver affected versions not specified Description The IDC SFX Series SuperFlex Satellite Receiver is affected by hardcoded, insecure credentials for the xd user accoun...

Unsafe Dependency Resolution

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the safeBins process. An attacker can execute arbitrary commands in the application runtime context by placing a malicious binary with the same name as a...

OpenClaw: safeBins static default trusted dirs allow writable-dir binary hijack (`jq`)

Summary In openclaw= 2026.2.24 planned next npm release - Latest published npm version at triage time 2026-02-24: 2026.2.23 Root Cause - Default safe-bin trusted directories included package-manager/user-managed paths. - Trust decision was directory-membership only for resolved executable paths...