CVE-2026-3034 (v3: 6.4) 5 Mar 2026

The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _ob_spacerat_link, _ob_bbad_link, and _ob... Read more ➔

CVE-2026-2899 (v3: 6.5) 5 Mar 2026

The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.17. This is due... Read more ➔

CVE-2026-2365 (v3: 7.2) 5 Mar 2026

The Fluent Forms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `fluentform_step_form_save_data` AJAX action in all ver... Read more ➔

CVE-2026-29127 5 Mar 2026

The IDC SFX2100 Satellite Receiver sets overly permissive file system permissions on the monitor user's home directory. The directory is configured wi... Read more ➔

CVE-2026-26034 (v3: 7.8) 5 Mar 2026

UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) contains an Incorrect Default Permissions (CWE-276) vulnerability that allows an atta... Read more ➔

CVE-2026-26033 (v3: 6.7) 5 Mar 2026

UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) contains an Unquoted Search Path or Element (CWE-428) vulnerability, which allows a u... Read more ➔

CVE-2024-57854 5 Mar 2026

Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator. Version v0.003 switched to use Data::Rand::Obscure instead... Read more ➔

CVE-2026-3381 5 Mar 2026

Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib. Compress::Raw::Zlib includes a copy of the zlib librar... Read more ➔

CVE-2026-3257 5 Mar 2026

UnQLite versions through 0.06 for Perl uses a potentially insecure version of the UnQLite library. UnQLite for Perl embeds the UnQLite library. Vers... Read more ➔

CVE-2026-29126 5 Mar 2026

Incorrect permission assignment (world-writable file) in /etc/udhcpc/default.script in International Data Casting (IDC) SFX2100 Satellite Receiver all... Read more ➔

CVE-2026-29125 5 Mar 2026

IDC SFX2100 Satalite Recievers set the `/etc/resolv.conf` file to be world-writable by any local user, allowing DNS resolver tampering that can redire... Read more ➔

CVE-2026-29124 5 Mar 2026

Multiple SUID root-owned binaries are found in /home/monitor/terminal, /home/monitor/kore-terminal, /home/monitor/IDE-DPack/terminal-dpack, and /home/... Read more ➔

CVE-2026-29123 5 Mar 2026

A SUID root-owned binary in /home/xd/terminal/XDTerminal in International Data Casting (IDC) SFX2100 on Linux allows a local actor to potentially pref... Read more ➔

CVE-2026-29122 5 Mar 2026

International Data Casting (IDC) SFX2100 satellite receiver comes with the `/bin/date` utility installed with the setuid bit set. This configuration g... Read more ➔

CVE-2025-40931 5 Mar 2026

Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecu... Read more ➔

CVE-2025-40926 5 Mar 2026

Plack::Middleware::Session::Simple versions through 0.04 for Perl generates session ids insecurely. The default session id generator returns a SHA-1... Read more ➔

CVE-2026-29121 5 Mar 2026

International Data Casting (IDC) SFX2100 satellite receiver comes with the `/sbin/ip` utility installed with the setuid bit set. This configuration gr... Read more ➔

CVE-2026-2836 5 Mar 2026

A cache poisoning vulnerability has been found in the Pingora HTTP proxy framework’s default cache key construction. The issue occurs because the defa... Read more ➔

CVE-2026-2835 5 Mar 2026

An HTTP Request Smuggling vulnerability (CWE-444) has been found in Pingora's parsing of HTTP/1.0 and Transfer-Encoding requests. The issue occurs due... Read more ➔

CVE-2026-2833 5 Mar 2026

An HTTP request smuggling vulnerability (CWE-444) was found in Pingora's handling of HTTP/1.1 connection upgrades. The issue occurs when a Pingora pro... Read more ➔

CVE-2026-22052 5 Mar 2026

ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure vulnerability. Successful exploit could allow an aut... Read more ➔

CVE-2026-2297 4 Mar 2026

The import hook in CPython that handles legacy *.pyc files (SourcelessFileLoader) is incorrectly handled in FileLoader (a base class) and so does not... Read more ➔

CVE-2026-29086 (v3: 5.4) 4 Mar 2026

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, the setCookie() utility did not validat... Read more ➔

CVE-2026-29085 (v3: 6.5) 4 Mar 2026

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using streamSSE() in Streaming Hel... Read more ➔

CVE-2026-29045 (v3: 7.5) 4 Mar 2026

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using serveStatic together with ro... Read more ➔

Key Capabilities

Latest privacy news tracking

Latest Threat Intelligence

Breach modelling and ROI calculator

Threat Intelligence