CVE ID : CVE-2026-29123 Published : March 5, 2026, 1:18 a.m. | 25 minutes ago Description : A SUID root-owned binary in /home/xd/terminal/XDTerminal in International Data Casting (IDC) SFX2100 on Linux allows a local…
CVE-2026-29121 – `/sbin/ip` Binary given SETUID Permissions on IDC SFX2100 Leading to Potential LPE
CVE ID : CVE-2026-29121 Published : March 5, 2026, 1:15 a.m. | 28 minutes ago Description : International Data Casting (IDC) SFX2100 satellite receiver comes with the `/sbin/ip` utility installed with the setuid bit…
CVE-2026-29122 – `/bin/date` Binary given SETUID Permissions on IDC SFX2100 Leading to Potential LPE
CVE ID : CVE-2026-29122 Published : March 5, 2026, 12:53 a.m. | 51 minutes ago Description : International Data Casting (IDC) SFX2100 satellite receiver comes with the `/bin/date` utility installed with the setuid bit…
CVE-2026-2836 – Cache poisoning via insecure-by-default cache key
CVE ID : CVE-2026-2836 Published : March 5, 2026, 12:15 a.m. | 1 hour, 28 minutes ago Description : A cache poisoning vulnerability has been found in the Pingora HTTP proxy framework’s default cache…
CVE-2026-2835 – HTTP Request Smuggling via HTTP/1.0 and Transfer-Encoding Misparsing
CVE ID : CVE-2026-2835 Published : March 5, 2026, 12:15 a.m. | 1 hour, 28 minutes ago Description : An HTTP Request Smuggling vulnerability (CWE-444) has been found in Pingora’s parsing of HTTP/1.0 and…
CVE-2026-2833 – HTTP Request Smuggling via Premature Upgrade
CVE ID : CVE-2026-2833 Published : March 4, 2026, 11:20 p.m. | 23 minutes ago Description : An HTTP request smuggling vulnerability (CWE-444) was found in Pingora’s handling of HTTP/1.1 connection upgrades. The…
CVE-2026-29000 – pac4j-jwt JwtAuthenticator Authentication Bypass
CVE ID : CVE-2026-29000 Published : March 4, 2026, 10:16 p.m. | 1 hour, 27 minutes ago Description : pac4j-jwt versions prior to 4.5.9, 5.7.9, and 6.3.3 contain an authentication bypass vulnerability in JwtAuthenticator…
CVE-2026-27803 – Vaultwarden: Collection Management Operations Allowed Without `manage` Verification for Manager Role
CVE ID : CVE-2026-27803 Published : March 4, 2026, 10:16 p.m. | 1 hour, 27 minutes ago Description : Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior…
CVE-2026-27802 – Vaultwarden: Privilege Escalation via Bulk Permission Update to Unauthorized Collections by Manager
CVE ID : CVE-2026-27802 Published : March 4, 2026, 10:16 p.m. | 1 hour, 27 minutes ago Description : Vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior…
CVE-2026-25750 – LangSmith Studio has URL Parameter Injection Vulnerability that Enables Token Theft via Malicious baseUrl
CVE ID : CVE-2026-25750 Published : March 4, 2026, 10:16 p.m. | 1 hour, 27 minutes ago Description : Langchain Helm Charts are Helm charts for deploying Langchain applications on Kubernetes. Prior to langchain-ai/helm…