USN-8119-2: systemd vulnerabilities

USN-8119-1 fixed vulnerabilities in systemd. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that systemd incorrectly handled certain cgroup paths. A local attacker could...

USN-8119-1 systemd vulnerabilities

It was discovered that systemd incorrectly handled certain cgroup paths. A local attacker could possibly use this issue to cause systemd to crash, resulting in a denial of service. CVE-2026-29111 It was discovered that the systemd udev component incorrectly handled certain fields received from th...

USN-8119-1: systemd vulnerabilities

It was discovered that systemd incorrectly handled certain cgroup paths. A local attacker could possibly use this issue to cause systemd to crash, resulting in a denial of service. CVE-2026-29111 It was discovered that the systemd udev component incorrectly handled certain fields received from th...

Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability

Cisco Secure Firewall Management Center FMC Software and Cisco Security Cloud Control SCC Firewall Management contain a deserialization of untrusted data vulnerability in the web-based management interface that could allow an unauthenticated, remote attacker to execute arbitrary Java code as root...

CVE-2026-25770

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0 and prior to version 4.14.3, a privilege escalation vulnerability exists in the Wazuh Manager's cluster synchronization protocol. The wazuh-clusterd service allows authenticated...

(Pwn2Own) QNAP TS-453E Hyper Data Protector Plugin query_original_file_size SQL Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-453E. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

Fortinet FortiClient Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Fortinet FortiClient. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of...

CVE-2025-15568

Technical details beyond the CVE description are not provided in the supplied documents. Monitor for updates.

CVE-2026-25070

The CVE-2026-25070 vulnerability affects XikeStor SKS8310-8X Network Switch firmware

EUVD-2026-9373

International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver contains undocumented, hardcoded/insecure credentials for the xd user account. A remote unauthenticated attacker can log in via FTP using these credentials. Because the xd user has write permissions to their home...

CVE-2026-28778

International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver contains undocumented, hardcoded/insecure credentials for the xd user account. A remote unauthenticated attacker can log in via FTP using these credentials. Because the xd user has write permissions to their home...

CVE-2026-28778 Hardcoded FTP Credentials and LPE(via Insecure Permissions) for `xd` Local Account on IDC SFX2100

International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver contains undocumented, hardcoded/insecure credentials for the xd user account. A remote unauthenticated attacker can log in via FTP using these credentials. Because the xd user has write permissions to their home...

CVE-2026-28774 Authenticated OS Command Injection via Traceroute Utility leads to Root RCE

An OS Command Injection vulnerability exists in the web-based Traceroute diagnostic utility of International Datacasting Corporation IDC SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101. An authenticated attacker can inject arbitrary shell metacharacters such as the pip...

CVE-2026-28774

The CVE concerns IDC SFX Series SuperFlex SatelliteReceiver Web Management Interface (version 101) where the web-based Traceroute diagnostic utility is vulnerable. An authenticated attacker can inject arbitrary shell metacharacters into the flags parameter, resulting in OS command execution with ...

CVE-2026-28773 Authenticated OS Command Injection via Ping Utility Leading to RCE as Root

The web-based Ping diagnostic utility /IDCPing/main.cgi in International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver Web Management Interface version 101 is vulnerable to OS Command Injection. The application insecurely parses the IPaddr parameter. An authenticated attacke...

CVE-2026-28773

The CVE-2026-28773 entry concerns the IDC SFX Series SuperFlex SatelliteReceiver Web Management Interface (version 101). Affected component: the web-based Ping diagnostic utility at /IDC_Ping/main.cgi. Root cause: insecure parsing of the IPaddr parameter enables OS command injection by bypassing ...

PT-2026-22937

A shell command injection vulnerability in Mobvoi Tichome Mini smart speaker 012-18853 and 027-58389 allows remote attackers to send a specially crafted UDP datagram and execute arbitrary shell code as the root account...

Mobvoi Tichome Mini 安全漏洞

The Mobvoi Tichome Mini is a portable waterproof audio device produced by the Chinese company Mobvoi. The Mobvoi Tichome Mini has a security vulnerability, which stems from shell command injection. This vulnerability could allow remote attackers to execute arbitrary shell code using a root accoun...

PT-2026-22881

Name of the Vulnerable Software and Affected Versions International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver affected versions not specified Description The IDC SFX Series SuperFlex Satellite Receiver is affected by hardcoded, insecure credentials for the xd user accoun...

CVE-2026-3342

An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an authenticated privileged administrator to execute arbitrary code with root permissions via an exposed management interface. This vulnerability affects Fireware OS 11.9 up to and including 11.12.4Update1, 12.0 up to and...