{"vulnerability": "CVE-2026-28774", "sightings": [{"uuid": "5d568141-861e-4744-94d9-6fe6a35e552f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2026-28774", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mg7tn42i2v2d", "content": "", "creation_timestamp": "2026-03-04T08:13:46.614524Z"}, {"uuid": "653d849b-6365-462a-b068-bfcaa704bc62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2026-28774", "type": "seen", "source": "https://t.me/cKure/16019", "content": "\u25a0\u25a0\u25a0\u25a0\u25a1 CVE-2026-28774\nAn OS Command Injection vulnerability exists in the web-based Traceroute diagnostic utility of International Datacasting Corporation (IDC) SFX Series SuperFlex SatelliteReceiver Web Management Interface version 101. An authenticated attacker can inject arbitrary shell metacharacters (such as the pipe | operator) into the flags parameter, leading to the execution of arbitrary operating system commands with root privileges.", "creation_timestamp": "2026-03-04T09:13:02.000000Z"}]}