CVE-2026-29120

The /root/anaconda-ks.cfg installation configuration file in International Datacasting Corporation IDC SFX SeriesSFX2100 SuperFlex Satellite Receiver insecurely stores the hardcoded root password hash. The password itself is highly insecure and susceptible to offline dictionary attacks using the...

CVE-2026-29120

Technical details beyond what’s in the Initial Description are not publicly provided in the connected documents. Monitor for updates to the CVE-2026-29120 entry as new disclosures may clarify affected components, impact, or remediation.

CVE-2026-29120 Insecure, Hardcoded Root Password Stored in Anaconda Configuration File On IDC SFX2100 Satellite Receiver

The /root/anaconda-ks.cfg installation configuration file in International Datacasting Corporation IDC SFX SeriesSFX2100 SuperFlex Satellite Receiver insecurely stores the hardcoded root password hash. The password itself is highly insecure and susceptible to offline dictionary attacks using the...

CVE-2026-29120 Insecure, Hardcoded Root Password Stored in Anaconda Configuration File On IDC SFX2100 Satellite Receiver

The /root/anaconda-ks.cfg installation configuration file in International Datacasting Corporation IDC SFX SeriesSFX2100 SuperFlex Satellite Receiver insecurely stores the hardcoded root password hash. The password itself is highly insecure and susceptible to offline dictionary attacks using the...

curl: LM Challenge-Response Hash Always Sent in SMB Authentication

LM Challenge-Response Hash Always Sent in SMB Authentication Summary The curl SMB client unconditionally computes and sends both the legacy LAN Manager LM and NT challenge-response hashes during SMB session setup. The LM hash is cryptographically broken — it splits the password into two 7-charact...

International Datacasting SFX2100 SuperFlex Satellite Receiver 安全漏洞

The International Datacasting SFX2100 SuperFlex Satellite Receiver is a professional broadcast-grade satellite signal receiving device developed by the International Datacasting company. The SFX2100 SuperFlex Satellite Receiver has a security vulnerability. This vulnerability stems from the...

PT-2026-22883

Name of the Vulnerable Software and Affected Versions IDC SFX SeriesSFX2100 SuperFlex Satellite Receiver affected versions not specified Description The /root/anaconda-ks.cfg installation configuration file insecurely stores a hardcoded root password hash. This password is highly susceptible to...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005687)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005687 advisory. In the Linux kernel, the following vulnerability has been resolved: thermal: intelpowerclamp: Use getcpu instead of smpprocessorid to avoid crash When CPU 0 is offli...

EUVD-2026-9045

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier generation vulnerability that allows attackers to forge authenticated sessions by computing predictable MD5-based cookies. Attackers who know or guess valid credentials can calculate the session identifie...

CVE-2026-27755

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier generation vulnerability that allows attackers to forge authenticated sessions by computing predictable MD5-based cookies. Attackers who know or guess valid credentials can calculate the session identifie...

CVE-2026-27755

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier generation vulnerability that allows attackers to forge authenticated sessions by computing predictable MD5-based cookies. Attackers who know or guess valid credentials can calculate the session identifie...

CVE-2026-27755 SODOLA SL902-SWTGW124AS <= 200.1.20 Predictable Session ID

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier generation vulnerability that allows attackers to forge authenticated sessions by computing predictable MD5-based cookies. Attackers who know or guess valid credentials can calculate the session identifie...

CVE-2026-26193

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.6.44, aanually modifying chat history allows setting the embeds property on a response message, the content of which is loaded into an iFrame with a sandbox that has allow-scripts...

BIT-JENKINS-2026-27099

Jenkins 2.483 through 2.550 both inclusive, LTS 2.492.1 through 2.541.1 both inclusive does not escape the user-provided description of the "Mark temporarily offline" offline cause, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure or...

CVE-2026-26193

Open WebUI (self-hosted, offline) is affected prior to v0.6.44. The vulnerability arises from allowing manual modification of chat history to set the embeds property on a response message, which is loaded into an iframe with an aggressive sandbox (allow-scripts and allow-same-origin) that bypasse...

PT-2026-20917

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.7.0 Description Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Modifying chat history before version 0.7.0 allows manipulation of the html property within...

PT-2026-20918

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.6.44 Description Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Manually modifying chat history allows setting the embeds property on a response message. The...

Cross-site Scripting (XSS)

Overview org.jenkins-ci.main:jenkins-core is an open source automation server. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the UserCause function. An attacker can execute arbitrary JavaScript code in the context of other users by providing crafted input in the...

Jenkins has a stored XSS vulnerability in node offline cause description

Jenkins 2.483 through 2.550 both inclusive, LTS 2.492.1 through 2.541.1 both inclusive does not escape the user-provided description of the "Mark temporarily offline" offline cause, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure or...

GHSA-85H6-5M3V-GX37 Jenkins has a stored XSS vulnerability in node offline cause description

Jenkins 2.483 through 2.550 both inclusive, LTS 2.492.1 through 2.541.1 both inclusive does not escape the user-provided description of the "Mark temporarily offline" offline cause, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure or...