CVE-2026-28775 Unauthenticated RCE via SNMP Default Writable Community String

An unauthenticated Remote Code Execution RCE vulnerability exists in the SNMP service of International Datacasting Corporation IDC SFX Series SuperFlex SatelliteReceiver. The deployment insecurely provisions the private SNMP community string with read/write access by default. Because the SNMP age...

CVE-2026-28775

CVE-2026-28775 concerns an unauthenticated RCE in the SNMP service of IDC SFX Series SuperFlex SatelliteReceiver. The device insecurely provisions a default writable SNMP community string (private), and the SNMP agent runs with root privileges. An unauthenticated attacker could exploit NET-SNMP-E...

SUSE CVE-2026-23633

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, there is an arbitrary file read/write via path traversal in Git hook editing. This issue has been patched in versions 0.13.4 and 0.14.0+dev...

CVE-2025-66678

An issue in the HwRwDrv.sys component of Nil Hardware Editor Hardware Read & Write Utility v1.25.11.26 and earlier allows attackers to execute arbitrary read and write operations via a crafted request...

CVE-2025-66678

An issue in the HwRwDrv.sys component of Nil Hardware Editor Hardware Read & Write Utility v1.25.11.26 and earlier allows attackers to execute arbitrary read and write operations via a crafted request...

PT-2026-22921

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The f2fs file system in the Linux kernel contains a flaw related to out-of-bounds memory access and incorrect handling of integer values when reading and writing sysfs attributes...

Hardware Read & Write Utility 安全漏洞

The Hardware Read & Write Utility is a hardware register modification tool developed by Nil Hardware Editor’s individual developers. Versions of the Hardware Read & Write Utility prior to v1.25.11.26 contained security vulnerabilities. These vulnerabilities stemmed from defects in the HwRwDrv.sys...

PT-2026-22877

Name of the Vulnerable Software and Affected Versions International Datacasting Corporation IDC SFX Series SuperFlex SatelliteReceiver versions prior to 5.8 Description An unauthenticated Remote Code Execution RCE issue exists in the SNMP service. The system insecurely configures the private SNMP...

CVE-2025-66678

An issue in the HwRwDrv.sys component of Nil Hardware Editor Hardware Read & Write Utility v1.25.11.26 and earlier allows attackers to execute arbitrary read and write operations via a crafted request...

CVE-2025-66678

CVE-2025-66678 affects Nil Hardware Editor’s Hardware Read & Write Utility (HwRwDrv.sys) up to v1.25.11.26. A crafted request can trigger arbitrary read/write operations, as described across multiple sources (NVD, RH, EUVD, OSV, CNNVD, etc.). The underlying issue is located in HwRwDrv.sys and lea...

International Datacasting SFX2100 SuperFlex Satellite Receiver 安全漏洞

The International Datacasting SFX2100 SuperFlex Satellite Receiver is a professional broadcast-grade satellite signal receiving device developed by the International Datacasting Corporation. The SFX2100 SuperFlex Satellite Receiver has a security vulnerability, which stems from insecure...

openSUSE 16 Security Update : chromium (openSUSE-SU-2026:20277-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20277-1 advisory. Changes in chromium: - Chromium 145.0.7632.116 boo1258733: CVE-2026-3061: Out of bounds read in Media CVE-2026-3062: Out of bounds read and writ...

CVE-2026-3437

An improper restriction of operations within the bounds of a memory buffer vulnerability in Portwell Engineering Toolkits version 4.8.2 could allow a local authenticated attacker to read and write to arbitrary memory via the Portwell Engineering Toolkits driver. Successful exploitation of this...

EUVD-2026-9310

An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Portwell Engineering Toolkits version 4.8.2 could allow a local authenticated attacker to read and write to arbitrary memory via the Portwell Engineering Toolkits driver. Successful exploitation of this...

Portwell Engineering Toolkits 缓冲区错误漏洞

Portwell Engineering Toolkits is a software development and management toolkit developed by Portwell Company in Singapore. Version 4.8.2 of Portwell Engineering Toolkits contains a buffer error vulnerability. This vulnerability stems from improper restrictions on memory buffer operations, which m...

GHSA-FGVX-58P6-GJWC OpenClaw gateway agents.files symlink escape allowed out-of-workspace file read/write

Impact The gateway agents.files.get and agents.files.set methods allowed symlink traversal for allowlisted workspace files. A symlinked allowlisted file for example AGENTS.md could resolve outside the agent workspace and be read/written by the gateway process. This could enable arbitrary host fil...

OpenClaw gateway agents.files symlink escape allowed out-of-workspace file read/write

Impact The gateway agents.files.get and agents.files.set methods allowed symlink traversal for allowlisted workspace files. A symlinked allowlisted file for example AGENTS.md could resolve outside the agent workspace and be read/written by the gateway process. This could enable arbitrary host fil...

CVE-2026-0035

In createRequest of MediaProvider.java, there is a possible way for an app to gain read/write access to non-existing files due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

EUVD-2026-9248

In createRequest of MediaProvider.java, there is a possible way for an app to gain read/write access to non-existing files due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2026-0035

In createRequest of MediaProvider.java, there is a possible way for an app to gain read/write access to non-existing files due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...