Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-47143)

dma-debug: possible deadlock on radixlock. radixlock shouldn't be held while holding dmahashentryidx.lock otherwise, there's a possible deadlock scenario when dma debug API is called holding rqlock. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot f...

PT-2025-47357

Name of the Vulnerable Software and Affected Versions Fortinet FortiClientWindows versions 7.0.0 through 7.4.3 Fortinet FortiClientWindows version 7.2.0 through 7.2.10 Description A debug code issue exists in FortiClientWindows that could allow a local attacker to execute the application step by...

Fortinet FortiExtender 安全漏洞

Fortinet FortiExtender is a wireless WAN wide area network extender device from Fortinet, Inc. A security vulnerability exists in Fortinet FortiExtender that stems from a debug message that discloses unwanted information, which could lead to an authenticated user obtaining administrator...

EUVD-2025-197885

A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection. Remote exploitation of the attack is possible. The...

SUSE CVE-2025-40184

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix debug checking for np-guests using huge mappings When running with transparent huge pages and CONFIGNVHEEL2DEBUG then the debug checking in asserthostsharedguest fails on the launch of an np-guest. This WARNON...

GHSA-7F2V-3QQ3-VVJF Vega Cross-Site Scripting (XSS) via expressions abusing toString calls in environments using the VEGA_DEBUG global variable

Impact Applications meeting 2 conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used. 1. Use vega in an application that attaches vega library and a vega.View instance similar to the Vega Editor to the global window 2. Allow user-defined...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the toString function in environments where the VEGADEBUG global variable is present. An attacker can execute arbitrary JavaScript code by supplying crafted Vega JSON definitions that abuse expression...

Cross-site Scripting (XSS)

Overview org.webjars.npm:vega-expression is a WebJar for vega-expression. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the toString function in environments where the VEGADEBUG global variable is present. An attacker can execute arbitrary JavaScript code by...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the toString function in environments where the VEGADEBUG global variable is present. An attacker can execute arbitrary JavaScript code by supplying crafted Vega JSON definitions that abuse expression...

Cross-site Scripting (XSS)

Overview org.webjars.npm:vega-interpreter is a WebJar for vega-interpreter. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the toString function in environments where the VEGADEBUG global variable is present. An attacker can execute arbitrary JavaScript code by...

Cross-site Scripting (XSS)

Overview vega-interpreter is a CSP-compliant interpreter for Vega expressions. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the toString function in environments where the VEGADEBUG global variable is present. An attacker can execute arbitrary JavaScript code b...

CVE-2025-59840

CVE-2025-59840 (Vega XSS) : The vulnerability affects Vega prior to 6.2.0 where an application that attaches the Vega library and a global vega.View instance to window and allows user-defined Vega JSON can be exploited to execute arbitrary JavaScript, even with safe mode expressionInterpreter. Th...

GHSA-7M9G-PMXF-M9M8 Duplicate Advisory: Keycloak allows Binding to an Unrestricted IP Address

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-j4vq-q93m-4683. This link is maintained to preserve external references. Original Description A vulnerability exists in Keycloak's server distribution where enabling debug mode --debug insecurely defaults to...

Duplicate Advisory: Keycloak allows Binding to an Unrestricted IP Address

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-j4vq-q93m-4683. This link is maintained to preserve external references. Original Description A vulnerability exists in Keycloak's server distribution where enabling debug mode --debug insecurely defaults to...

Binding to an Unrestricted IP Address

Overview Affected versions of this package are vulnerable to Binding to an Unrestricted IP Address due to the insecure default binding of the Java Debug Wire Protocol JDWP port to all network interfaces when debug mode is enabled. An attacker can gain unauthorized access to the Java virtual machi...

keycloak-server: Debug default bind address

A vulnerability exists in Keycloak's server distribution where enabling debug mode --debug insecurely defaults to binding the Java Debug Wire Protocol JDWP port to all network interfaces 0.0.0.0. This exposes the debug port to the local network, allowing an attacker on the same network segment to...

CVE-2025-11538

A vulnerability exists in Keycloak's server distribution where enabling debug mode --debug insecurely defaults to binding the Java Debug Wire Protocol JDWP port to all network interfaces 0.0.0.0. This exposes the debug port to the local network, allowing an attacker on the same network segment to...

CVE-2025-11538

A vulnerability exists in Keycloak's server distribution where enabling debug mode --debug insecurely defaults to binding the Java Debug Wire Protocol JDWP port to all network interfaces 0.0.0.0. This exposes the debug port to the local network, allowing an attacker on the same network segment to...

CVE-2025-11538 Keycloak-server: debug default bind address

A vulnerability exists in Keycloak's server distribution where enabling debug mode --debug insecurely defaults to binding the Java Debug Wire Protocol JDWP port to all network interfaces 0.0.0.0. This exposes the debug port to the local network, allowing an attacker on the same network segment to...

CVE-2025-11538

Keycloak is affected by CVE-2025-11538 in versions prior to 26.4.4 where enabling debug mode (--debug) binds the JDWP port to all interfaces (0.0.0.0), exposing the debug port on the local network. This potentially allows a local-network attacker to attach a remote debugger and achieve remote cod...