Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3208 matches found

Cvelist
Cvelistadded 2026/04/02 4:30 p.m.51 views

CVE-2026-35385

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode...

7.5CVSS0.00058EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/04/02 4:30 p.m.1 views

CVE-2026-35385

In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O legacy scp protocol and without -p preserve mode...

7.5CVSS5.8AI score0.00058EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/04/02 12:0 a.m.1 views

PT-2026-29805

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 10.3 Description When using the -O option with the legacy scp protocol as root without the -p option, a downloaded file may be installed with setuid or setgid permissions, which may not align with user expectations...

8.1CVSS5.7AI score0.00058EPSS
Exploits0References65
SUSE CVE
SUSE CVEadded 2026/03/27 12:29 a.m.1 views

SUSE CVE-2026-4897

A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the polkit-agent-helper-1 setuid binary via standard input stdin. This unbounded input can lead to an out-of-memory OOM condition, resulting in a Denial of Service DoS for the...

5.5CVSS5.8AI score0.00006EPSS
Exploits0References8
Cvelist
Cvelistadded 2026/03/26 2:56 p.m.19 views

CVE-2026-4897 Polkit: polkit: denial of service via unbounded input processing through standard input

A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the polkit-agent-helper-1 setuid binary via standard input stdin. This unbounded input can lead to an out-of-memory OOM condition, resulting in a Denial of Service DoS for the...

5.5CVSS0.00006EPSS
Exploits0References2
CVE
CVEadded 2026/03/26 2:56 p.m.24 views

CVE-2026-4897

CVE-2026-4897 describes a vulnerability in polkit where a local user can feed an excessively long input to the setuid binary polkit-agent-helper-1 via stdin. The unbounded input can trigger an out-of-memory condition, leading to a Denial of Service on the system. Affected component: polkit’s help...

5.5CVSS5.7AI score0.00006EPSS
Exploits0References2Affected Software3
Veracode
Veracodeadded 2026/03/16 3:11 p.m.1 views

Improper Privilege Management

github.com/lxc/incus is vulnerable to Improper Privilege Management. The vulnerability is due to improper handling of custom storage volumes with the security.shifted property, which allows an attacker with root access inside a container to create a setuid binary that can be executed on the host ...

8.6CVSS5.8AI score0.00027EPSS
Exploits1References3Affected Software2
RedhatCVE
RedhatCVEadded 2026/03/06 2:37 p.m.1 views

CVE-2026-29122

International Data Casting IDC SFX2100 satellite receiver comes with the /bin/date utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file...

9.2CVSS5.8AI score0.0002EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/03/06 1:34 a.m.4 views

CVE-2026-29124

Multiple SUID root-owned binaries are found in /home/monitor/terminal, /home/monitor/kore-terminal, /home/monitor/IDE-DPack/terminal-dpack, and /home/monitor/IDE-DPack/terminal-dpack2 in International Data Casting IDC SFX2100 Satellite Receiver, which may lead to local privlidge escalation from t...

8.6CVSS5.8AI score0.00018EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/03/06 1:34 a.m.1 views

CVE-2026-29121

International Data Casting IDC SFX2100 satellite receiver comes with the /sbin/ip utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file...

9.2CVSS6AI score0.00028EPSS
Exploits1References1
Tenable Nessus
Tenable Nessusadded 2026/03/06 12:0 a.m.4 views

NewStart CGSL MAIN 6.06 (SP) : krb5 Multiple Vulnerabilities (NS-SA-2026-0007)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has krb5 packages installed that are affected by multiple vulnerabilities: - plugins/preauth/pkinit/pkinitcryptoopenssl.c in MIT Kerberos 5 aka krb5 through 1.15.2 mishandles Distinguished Name DN fields, which allows remote attackers t...

10CVSS7.2AI score0.54024EPSS
Exploits19References147
EUVD
EUVDadded 2026/03/05 3:31 a.m.4 views

EUVD-2026-9514

International Data Casting IDC SFX2100 satellite receiver comes with the /bin/date utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file...

9.2CVSS6AI score0.0002EPSS
Exploits1References3
EUVD
EUVDadded 2026/03/05 3:31 a.m.0 views

EUVD-2026-9513

International Data Casting IDC SFX2100 satellite receiver comes with the /sbin/ip utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file...

9.2CVSS6AI score0.00028EPSS
Exploits1References3
Cvelist
Cvelistadded 2026/03/05 2:36 a.m.23 views

CVE-2026-29127 Incorrect Permission Assignment(777) on `monitor` Users Home Directory Containing SUID Root Binaries in IDC SFX2100

The IDC SFX2100 Satellite Receiver sets overly permissive file system permissions on the monitor user's home directory. The directory is configured with permissions 0777, granting read, write, and execute access to all local users on the system, which may cause local privilege escalation dependin...

9.2CVSS0.00006EPSS
Exploits1References1
NVD
NVDadded 2026/03/05 2:16 a.m.2 views

CVE-2026-29122

International Data Casting IDC SFX2100 satellite receiver comes with the /bin/date utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file...

9.2CVSS0.0002EPSS
Exploits1References2
NVD
NVDadded 2026/03/05 1:15 a.m.3 views

CVE-2026-29121

International Data Casting IDC SFX2100 satellite receiver comes with the /sbin/ip utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file...

9.2CVSS0.00028EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/03/05 12:53 a.m.24 views

CVE-2026-29122 `/bin/date` Binary given SETUID Permissions on IDC SFX2100 Leading to Potential LPE

International Data Casting IDC SFX2100 satellite receiver comes with the /bin/date utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file...

9.2CVSS0.0002EPSS
Exploits1References2
CVE
CVEadded 2026/03/05 12:53 a.m.8 views

CVE-2026-29122

IDC SFX2100 ships with /bin/date with setuid, enabling local user to perform privileged reads as root. The vulnerability arises from a setuid binary in the local filesystem, allowing bypass of normal permissions and exposure of sensitive files (e.g., /etc/shadow). Impact is described as high conf...

9.2CVSS6AI score0.0002EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/03/05 12:53 a.m.1 views

CVE-2026-29122 `/bin/date` Binary given SETUID Permissions on IDC SFX2100 Leading to Potential LPE

International Data Casting IDC SFX2100 satellite receiver comes with the /bin/date utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file...

9.2CVSS6AI score0.0002EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2026/03/05 12:53 a.m.2 views

CVE-2026-29122

International Data Casting IDC SFX2100 satellite receiver comes with the /bin/date utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file...

9.2CVSS6AI score0.0002EPSS
Exploits1References3
Rows per page
Query Builder