Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
10.0 CRITICAL
CVE-2026-28775 — Unauthenticated RCE via SNMP Default Writable Community String

An unauthenticated Remote Code Execution (RCE) vulnerability exists in the SNMP service of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver. The deployment insecurel…

sfx2100_firmware sfx2100 | Remote | Misconfiguration
Mar 04, 2026 Mar 09, 2026
Mar 04, 2026
Mar 09, 2026
9.3 CRITICAL
CVE-2026-28774 — Authenticated OS Command Injection via Traceroute Utility leads to Root RCE

An OS Command Injection vulnerability exists in the web-based Traceroute diagnostic utility of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver Web Management Interf…

sfx2100_firmware sfx2100 | Remote | Injection
Mar 04, 2026 Mar 09, 2026
Mar 04, 2026
Mar 09, 2026
9.3 CRITICAL
CVE-2026-28773 — Authenticated OS Command Injection via Ping Utility Leading to RCE as Root

The web-based Ping diagnostic utility (/IDC_Ping/main.cgi) in International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite  Receiver Web Management Interface version 101 is vulnerable t…

sfx2100_firmware sfx2100 | Remote | Injection
Mar 04, 2026 Mar 09, 2026
Mar 04, 2026
Mar 09, 2026
6.1 MEDIUM
CVE-2026-28772 — Reflected XSS in IDC_Logging Index endpoint

A Reflected Cross-Site Scripting (XSS) vulnerability in the /IDC_Logging/index.cgi endpoint of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver Web Management Interf…

sfx2100_firmware sfx2100 | Remote | Cross-Site Scripting
Mar 04, 2026 Mar 09, 2026
Mar 04, 2026
Mar 09, 2026
6.1 MEDIUM
CVE-2026-28771 — Reflected XSS In /index.cgi Endpoint On IDC Satellite Receiver Web Management Interface V…

A Reflected Cross-Site Scripting (XSS) vulnerability exists in the /index.cgi endpoint of International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver Web Management Interface …

sfx2100_firmware sfx2100 | Remote | Cross-Site Scripting
Mar 04, 2026 Mar 09, 2026
Mar 04, 2026
Mar 09, 2026
5.4 MEDIUM
CVE-2026-2732 — Enable Media Replace <= 4.1.7 - Improper Authorization to Authenticated (Author+) Arbitra…

The Enable Media Replace plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the 'RemoveBackGroundViewController::load' function in all vers…

enable_media_replace | Remote | Authorization
Mar 04, 2026 Mar 04, 2026
Mar 04, 2026
Mar 04, 2026
6.5 MEDIUM
CVE-2026-2363 — WP-Members Membership Plugin <= 3.5.5.1 - Authenticated (Contributor+) SQL Injection via …

The WP-Members Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'order_by' attribute of the [wpmem_user_membership_posts] shortcode in all versions up to, and including, …

wp-members | Remote | Injection
Mar 04, 2026 Mar 04, 2026
Mar 04, 2026
Mar 04, 2026
8.8 HIGH
CVE-2026-28770 — XML injection In /IDC_Logging/checkifdone.cgi Endpoint On IDC SFX Web Management Interfac…

Improper neutralization of special elements in the /IDC_Logging/checkifdone.cgi script in International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver Web management Interface …

sfx2100_firmware sfx2100 | Remote | Injection
Mar 04, 2026 Mar 09, 2026
Mar 04, 2026
Mar 09, 2026
6.5 MEDIUM
CVE-2026-28769 — LFI in /IDC_Logging/checkifdone.cgi, "file" parameter Allowing for File Existence Enumera…

A path traversal vulnerability exists in the /IDC_Logging/checkifdone.cgi script in International Datacasting Corporation (IDC) SFX Series SuperFlex Satellite Receiver Web management portal version 1…

sfx2100_firmware sfx2100 | Remote | Path Traversal
Mar 04, 2026 Mar 09, 2026
Mar 04, 2026
Mar 09, 2026
Showing 20 of 6369 Results