CVE ID : CVE-2026-21536 Published : March 5, 2026, 11:16 p.m. | 28 minutes ago Description : Microsoft Devices Pricing Program Remote Code Execution Vulnerability Severity: 9.8 | CRITICAL Visit the link for…
CVE-2026-29606 – OpenClaw < 2026.2.14 – Webhook Signature Verification Bypass via ngrok Loopback Compatibility
CVE ID : CVE-2026-29606 Published : March 5, 2026, 10:16 p.m. | 1 hour, 28 minutes ago Description : OpenClaw versions prior to 2026.2.14 contain a webhook signature-verification bypass in the voice-call extension that…
CVE-2026-28485 – OpenClaw 2026.1.5 < 2026.2.12 – Missing Authentication in Browser Control HTTP Endpoints
CVE ID : CVE-2026-28485 Published : March 5, 2026, 10:16 p.m. | 1 hour, 28 minutes ago Description : OpenClaw versions 2026.1.5 prior to 2026.2.12 fail to enforce mandatory authentication on the /agent/act browser-control…
CVE-2026-28484 – OpenClaw 2026.2.15 – Option Injection in pre-commit Hook via Malicious Filenames
CVE ID : CVE-2026-28484 Published : March 5, 2026, 10:16 p.m. | 1 hour, 28 minutes ago Description : OpenClaw versions prior to 2026.2.15 contain an option injection vulnerability in the git-hooks/pre-commit hook that…
CVE-2026-29123 – Multiple SUID Root Binaries in `xd` User Home Directory Leading to Potential Local Privilege Escalation
CVE ID : CVE-2026-29123 Published : March 5, 2026, 1:18 a.m. | 25 minutes ago Description : A SUID root-owned binary in /home/xd/terminal/XDTerminal in International Data Casting (IDC) SFX2100 on Linux allows a local…
CVE-2026-29121 – `/sbin/ip` Binary given SETUID Permissions on IDC SFX2100 Leading to Potential LPE
CVE ID : CVE-2026-29121 Published : March 5, 2026, 1:15 a.m. | 28 minutes ago Description : International Data Casting (IDC) SFX2100 satellite receiver comes with the `/sbin/ip` utility installed with the setuid bit…
CVE-2026-29122 – `/bin/date` Binary given SETUID Permissions on IDC SFX2100 Leading to Potential LPE
CVE ID : CVE-2026-29122 Published : March 5, 2026, 12:53 a.m. | 51 minutes ago Description : International Data Casting (IDC) SFX2100 satellite receiver comes with the `/bin/date` utility installed with the setuid bit…
CVE-2026-2836 – Cache poisoning via insecure-by-default cache key
CVE ID : CVE-2026-2836 Published : March 5, 2026, 12:15 a.m. | 1 hour, 28 minutes ago Description : A cache poisoning vulnerability has been found in the Pingora HTTP proxy framework’s default cache…
CVE-2026-2835 – HTTP Request Smuggling via HTTP/1.0 and Transfer-Encoding Misparsing
CVE ID : CVE-2026-2835 Published : March 5, 2026, 12:15 a.m. | 1 hour, 28 minutes ago Description : An HTTP Request Smuggling vulnerability (CWE-444) has been found in Pingora’s parsing of HTTP/1.0 and…
CVE-2026-2833 – HTTP Request Smuggling via Premature Upgrade
CVE ID : CVE-2026-2833 Published : March 4, 2026, 11:20 p.m. | 23 minutes ago Description : An HTTP request smuggling vulnerability (CWE-444) was found in Pingora’s handling of HTTP/1.1 connection upgrades. The…