CVE-2026-29126 World-Writable, Root Owned/Run `/etc/udhcpc/default.script` in IDC SFX2100 Satellite Receiver Leads To Potential LPE

Incorrect permission assignment world-writable file in /etc/udhcpc/default.script in International Data Casting IDC SFX2100 Satellite Receiver allows a local unprivileged attacker to potentially execute arbitrary commands with root privileges local privilege escalation and persistence via...

CVE-2026-29126

The CVE describes an issue in the International Data Casting (IDC) SFX2100 Satellite Receiver where a root-owned, world-writable /etc/udhcpc/default.script can be modified by a local unprivileged attacker. The script is executed on DHCP lease events, enabling local privilege escalation and persis...

CVE-2026-29126

Incorrect permission assignment world-writable file in /etc/udhcpc/default.script in International Data Casting IDC SFX2100 Satellite Receiver allows a local unprivileged attacker to potentially execute arbitrary commands with root privileges local privilege escalation and persistence via...

CVE-2026-29126 World-Writable, Root Owned/Run `/etc/udhcpc/default.script` in IDC SFX2100 Satellite Receiver Leads To Potential LPE

Incorrect permission assignment world-writable file in /etc/udhcpc/default.script in International Data Casting IDC SFX2100 Satellite Receiver allows a local unprivileged attacker to potentially execute arbitrary commands with root privileges local privilege escalation and persistence via...

GHSA-389R-RCCM-H3H5 eml_parser: Path Traversal in Official Example Script Leads to Arbitrary File Write

Summary The official example script examples/recursivelyextractattachments.py contains a path traversal vulnerability that allows arbitrary file write outside the intended output directory. Attachment filenames extracted from parsed emails are directly used to construct output file paths without...

eml_parser: Path Traversal in Official Example Script Leads to Arbitrary File Write

Summary The official example script examples/recursivelyextractattachments.py contains a path traversal vulnerability that allows arbitrary file write outside the intended output directory. Attachment filenames extracted from parsed emails are directly used to construct output file paths without...

Adobe SDK 1.7.1 2410 Robust DNG File Generator / Stress Tester

This Python script generates a structurally valid DNG Digital Negative file containing an embedded JPEG XL JXL codestream...

PT-2026-23122

Name of the Vulnerable Software and Affected Versions IDC SFX2100 Satellite Receiver affected versions not specified Description A misconfiguration involving incorrect permission assignment of a world-writable file, specifically /etc/udhcpc/default.script, exists. This allows a local, unprivilege...

PT-2026-23131

Name of the Vulnerable Software and Affected Versions OoohBoi Steroids for Elementor plugin for WordPress versions up to and including 2.1.24 Description The OoohBoi Steroids for Elementor plugin for WordPress contains a Stored Cross-Site Scripting issue. Authenticated attackers with...

PT-2026-23443

Name of the Vulnerable Software and Affected Versions eml parser versions prior to 2.0.1 Description The eml parser module, used for parsing eml files, contains a path traversal issue in the example script examples/recursively extract attachments.py. This allows for arbitrary file write outside t...

Adobe SDK 1.7.1 2410 Overflow Analysis / Fuzzing Model

This Python script implements a comprehensive framework to model, detect, and analyze integer overflows in 32-bit arithmetic, particularly in the context of image memory allocation. The framework combines formal methods, stepwise arithmetic, symbolic execution, SMT-style constraint solving,...

International Datacasting SFX2100 SuperFlex Satellite Receiver 安全漏洞

The International Datacasting SFX2100 SuperFlex Satellite Receiver is a professional broadcast-grade satellite signal receiving device from the International Datacasting company. The International Datacasting SFX2100 SuperFlex Satellite Receiver has a security vulnerability, which stems from...

Cross-site Scripting (XSS)

Overview changedetection.io is a Website change detection and monitoring service Affected versions of this package are vulnerable to Cross-site Scripting XSS via the taguuid parameter in the /rss/tag/ endpoint, which is reflected in the HTTP response without proper escaping. An attacker can execu...

EUVD-2026-9438

A vulnerability in the web interface of Cisco Secure Firewall Management Center FMC Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an affected device to obtain root access to the underlying operating system. This vulnerability is due ...

EUVD-2019-19724

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the landinglocation parameter. Attackers can send POST requests to the searched endpoint with malicious SQL payloads to bypass authenticatio...

EUVD-2019-19728

Simple Job Script contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the jobtypevalue parameter in the jobs endpoint. Attackers can craft requests with SVG payload injection to execute arbitrary JavaScript in victim...

CVE-2026-20079

A vulnerability in the web interface of Cisco Secure Firewall Management Center FMC Software could allow an unauthenticated, remote attacker to bypass authentication and execute script files on an affected device to obtain root access to the underlying operating system. This vulnerability is due ...

CVE-2019-25498

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the landinglocation parameter. Attackers can send POST requests to the searched endpoint with malicious SQL payloads to bypass authenticatio...

CVE-2019-25501

Simple Job Script contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting malicious SQL code through the appid parameter. Attackers can send POST requests to deleteapplicationajax.php with crafted payloads to extract sensitive data, bypass...

CVE-2019-25498

Simple Job Script contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the landinglocation parameter. Attackers can send POST requests to the searched endpoint with malicious SQL payloads to bypass authenticatio...