Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
6.4 MEDIUM
CVE-2026-3034 — OoohBoi Steroids for Elementor <= 2.1.24 - Authenticated (Contributor+) Stored Cross-Site…

The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _ob_spacerat_link, _ob_bbad_link, and _ob_teleporter_link URL parameters in all versions u…

Remote | Cross-Site Scripting
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
6.5 MEDIUM
CVE-2026-2899 — Fluent Forms Pro Add On Pack <= 6.1.17 - Missing Authorization to Unauthenticated Arbitra…

The Fluent Forms Pro Add On Pack plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.1.17. This is due to the `deleteFile()` method in the `Uploader` c…

Remote | Authorization
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
7.2 HIGH
CVE-2026-2365 — Fluent Forms Pro <= 6.1.17 - Unauthenticated Stored Cross-Site Scripting via Draft Form S…

The Fluent Forms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `fluentform_step_form_save_data` AJAX action in all versions up to, and including, 6.1.17. This is due t…

Remote | Cross-Site Scripting
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
9.2 CRITICAL
CVE-2026-29127 — Incorrect Permission Assignment(777) on `monitor` Users Home Directory Containing SUID Ro…

The IDC SFX2100 Satellite Receiver sets overly permissive file system permissions on the monitor user's home directory. The directory is configured with permissions 0777, granting read, write, and ex…

| Misconfiguration
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.5 HIGH
CVE-2026-26034 — UPS Multi-UPS Management Console (MUMC) DLL Loading Privilege Escalation Vulnerability

UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) contains an Incorrect Default Permissions (CWE-276) vulnerability that allows an attacker to execute arbitrary code with SYSTEM privil…

| Misconfiguration
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.4 HIGH
CVE-2026-26033 — UPS Multi-UPS Management Console (MUMC) Local Privilege Escalation

UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) contains an Unquoted Search Path or Element (CWE-428) vulnerability, which allows a user with write access to a directory on the syste…

| Misconfiguration
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
0.0 NA
CVE-2024-57854 — Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator

Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator. Version v0.003 switched to use Data::Rand::Obscure instead of Crypt::Random for generation of a random initi…

| Cryptography
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
0.0 NA
CVE-2026-3381 — Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of …

Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib. Compress::Raw::Zlib includes a copy of the zlib library. Compress::Raw::Zlib version 2.220 includes zli…

| Supply Chain
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
0.0 NA
CVE-2026-3257 — UnQLite versions through 0.06 for Perl uses a potentially insecure version of the UnQLite…

UnQLite versions through 0.06 for Perl uses a potentially insecure version of the UnQLite library. UnQLite for Perl embeds the UnQLite library. Version 0.06 and earlier of the Perl module uses a ve…

| Memory Corruption
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.5 HIGH
CVE-2026-29126 — World-Writable, Root Owned/Run `/etc/udhcpc/default.script` in IDC SFX2100 Satellite Rece…

Incorrect permission assignment (world-writable file) in /etc/udhcpc/default.script in International Data Casting (IDC) SFX2100 Satellite Receiver allows a local unprivileged attacker to potentially …

| Authorization
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
7.1 HIGH
CVE-2026-29125 — IDC SFX2100 Satellite Receiver allows unprivileged modification of DNS configuration due …

IDC SFX2100 Satalite Recievers set the `/etc/resolv.conf` file to be world-writable by any local user, allowing DNS resolver tampering that can redirect network communications, facilitate man-in-the-…

| Misconfiguration
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.6 HIGH
CVE-2026-29124 — Multiple SUID Root Binaries in `monitor` User Home Directory Leading to Potential Local P…

Multiple SUID root-owned binaries are found in /home/monitor/terminal, /home/monitor/kore-terminal, /home/monitor/IDE-DPack/terminal-dpack, and /home/monitor/IDE-DPack/terminal-dpack2 in Internationa…

| Authorization
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.6 HIGH
CVE-2026-29123 — Multiple SUID Root Binaries in `xd` User Home Directory Leading to Potential Local Privil…

A SUID root-owned binary in /home/xd/terminal/XDTerminal in International Data Casting (IDC) SFX2100 on Linux allows a local actor to potentially preform local privilege escalation depending on condi…

| Path Traversal
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.3 HIGH
CVE-2026-29122 — `/bin/date` Binary given SETUID Permissions on IDC SFX2100 Leading to Potential LPE

International Data Casting (IDC) SFX2100 satellite receiver comes with the `/bin/date` utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who c…

| Misconfiguration
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
0.0 NA
CVE-2025-40931 — Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id

Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a …

| Cryptography
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
0.0 NA
CVE-2025-40926 — Plack::Middleware::Session::Simple versions through 0.04 for Perl generates session ids i…

Plack::Middleware::Session::Simple versions through 0.04 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the …

| Cryptography
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.4 HIGH
CVE-2026-29121 — `/sbin/ip` Binary given SETUID Permissions on IDC SFX2100 Leading to Potential LPE

International Data Casting (IDC) SFX2100 satellite receiver comes with the `/sbin/ip` utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who ca…

| Misconfiguration
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
8.4 HIGH
CVE-2026-2836 — Cache poisoning via insecure-by-default cache key

A cache poisoning vulnerability has been found in the Pingora HTTP proxy framework’s default cache key construction. The issue occurs because the default HTTP cache key implementation generates cache…

Remote | Misconfiguration
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
9.3 CRITICAL
CVE-2026-2835 — HTTP Request Smuggling via HTTP/1.0 and Transfer-Encoding Misparsing

An HTTP Request Smuggling vulnerability (CWE-444) has been found in Pingora's parsing of HTTP/1.0 and Transfer-Encoding requests. The issue occurs due to improperly allowing HTTP/1.0 request bodies t…

Remote | Misconfiguration
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
9.3 CRITICAL
CVE-2026-2833 — HTTP Request Smuggling via Premature Upgrade

An HTTP request smuggling vulnerability (CWE-444) was found in Pingora's handling of HTTP/1.1 connection upgrades. The issue occurs when a Pingora proxy reads a request containing an Upgrade header, …

Remote | Misconfiguration
Mar 05, 2026 Mar 05, 2026
Mar 05, 2026
Mar 05, 2026
Showing 20 of 4985 Results