Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
9.8 CRITICAL
CVE-2026-29119 — Hardcoded and Insecure Credentials for "Admin" Account providing Telnet Access on IDC SFX…

International Datacasting Corporation (IDC) SFX Series SuperFlex(SFX2100) SatelliteReceiver contains hardcoded and insecure credentials for the `admin` account. A remote unauthenticated attacker can …

sfx2100_firmware sfx2100 | Remote | Authentication
Mar 04, 2026 Mar 17, 2026
Mar 04, 2026
Mar 17, 2026
9.8 CRITICAL
CVE-2026-28778 — Hardcoded FTP Credentials and LPE(via Insecure Permissions) for `xd` Local Account on IDC…

International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver contains undocumented, hardcoded/insecure credentials for the `xd` user account. A remote unauthenticated attacker …

sfx2100_firmware sfx2100 | Remote | Authentication
Mar 04, 2026 Mar 17, 2026
Mar 04, 2026
Mar 17, 2026
9.8 CRITICAL
CVE-2026-28777 — Hardcoded and Insecure Credentials for "User" Local Account with SSH Access On IDC SFX210…

International Datacasting Corporation (IDC) SFX2100 Satellite Receiver, trivial password for the `user` (usr) account. A remote unauthenticated attacker can exploit this to gain unauthorized SSH ac…

sfx2100_firmware sfx2100 | Remote | Authentication
Mar 04, 2026 Mar 17, 2026
Mar 04, 2026
Mar 17, 2026
9.8 CRITICAL
CVE-2026-28776 — Hardcoded and Insecure Credentials for "monitor" account with SSH Access On IDC SFX2100 S…

International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver contains hardcoded credentials for the `monitor` account. A remote unauthenticated attacker can use these trivial, u…

sfx2100_firmware sfx2100 | Remote | Authentication
Mar 04, 2026 Mar 17, 2026
Mar 04, 2026
Mar 17, 2026
10.0 CRITICAL
CVE-2026-28775 — Unauthenticated RCE via SNMP Default Writable Community String

An unauthenticated Remote Code Execution (RCE) vulnerability exists in the SNMP service of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver. The deployment insecurel…

sfx2100_firmware sfx2100 | Remote | Misconfiguration
Mar 04, 2026 Mar 09, 2026
Mar 04, 2026
Mar 09, 2026
9.3 CRITICAL
CVE-2026-28774 — Authenticated OS Command Injection via Traceroute Utility leads to Root RCE

An OS Command Injection vulnerability exists in the web-based Traceroute diagnostic utility of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver Web Management Interf…

sfx2100_firmware sfx2100 | Remote | Injection
Mar 04, 2026 Mar 09, 2026
Mar 04, 2026
Mar 09, 2026
9.3 CRITICAL
CVE-2026-28773 — Authenticated OS Command Injection via Ping Utility Leading to RCE as Root

The web-based Ping diagnostic utility (/IDC_Ping/main.cgi) in International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite  Receiver Web Management Interface version 101 is vulnerable t…

sfx2100_firmware sfx2100 | Remote | Injection
Mar 04, 2026 Mar 09, 2026
Mar 04, 2026
Mar 09, 2026
6.1 MEDIUM
CVE-2026-28772 — Reflected XSS in IDC_Logging Index endpoint

A Reflected Cross-Site Scripting (XSS) vulnerability in the /IDC_Logging/index.cgi endpoint of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver Web Management Interf…

sfx2100_firmware sfx2100 | Remote | Cross-Site Scripting
Mar 04, 2026 Mar 09, 2026
Mar 04, 2026
Mar 09, 2026
6.1 MEDIUM
CVE-2026-28771 — Reflected XSS In /index.cgi Endpoint On IDC Satellite Receiver Web Management Interface V…

A Reflected Cross-Site Scripting (XSS) vulnerability exists in the /index.cgi endpoint of International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver Web Management Interface …

sfx2100_firmware sfx2100 | Remote | Cross-Site Scripting
Mar 04, 2026 Mar 09, 2026
Mar 04, 2026
Mar 09, 2026
Showing 20 of 6369 Results