8289 matches found
CVE-2025-11538 Keycloak-server: debug default bind address
A vulnerability exists in Keycloak's server distribution where enabling debug mode --debug insecurely defaults to binding the Java Debug Wire Protocol JDWP port to all network interfaces 0.0.0.0. This exposes the debug port to the local network, allowing an attacker on the same network segment to...
CVE-2025-11538
Keycloak is affected by CVE-2025-11538 in versions prior to 26.4.4 where enabling debug mode (--debug) binds the JDWP port to all interfaces (0.0.0.0), exposing the debug port on the local network. This potentially allows a local-network attacker to attach a remote debugger and achieve remote cod...
CVE-2025-11538 Keycloak-server: debug default bind address
A vulnerability exists in Keycloak's server distribution where enabling debug mode --debug insecurely defaults to binding the Java Debug Wire Protocol JDWP port to all network interfaces 0.0.0.0. This exposes the debug port to the local network, allowing an attacker on the same network segment to...
CVE-2025-11538
A vulnerability exists in Keycloak's server distribution where enabling debug mode --debug insecurely defaults to binding the Java Debug Wire Protocol JDWP port to all network interfaces 0.0.0.0. This exposes the debug port to the local network, allowing an attacker on the same network segment to...
Security update for cargo-packaging, rust-bindgen
This update for cargo-packaging and rust-bindgen fixes the following issues: cargo-packaging was updated to version 1.3.0+0: CVE-2025-58160: Fixed tracing log pollution in tracing-subscriber bsc1249012 Other fixes: Prevent stripping debug info bsc1222175 rust-bindgen was updated to 0.72.0. Patch...
SUSE-SU-2025:4091-1 Security update for cargo-packaging, rust-bindgen
This update for cargo-packaging and rust-bindgen fixes the following issues: cargo-packaging was updated to version 1.3.0+0: - CVE-2025-58160: Fixed tracing log pollution in tracing-subscriber bsc1249012 Other fixes: - Prevent stripping debug info bsc1222175 rust-bindgen was updated to 0.72.0...
EUVD-2025-176933
Malicious code in public-process-wind-debug-view npm...
EUVD-2025-176243
Malicious code in spy-sun-byte-debug-import npm...
EUVD-2025-178227
Malicious code in kappa-debug-lambda-daemon-upsilon npm...
EUVD-2025-179117
Malicious code in enum-interface-grep-reject-debug npm...
EUVD-2025-179387
Malicious code in debug-char-code-double-encode npm...
EUVD-2025-179372
Malicious code in decrypt-sun-mock-rain-debug npm...
EUVD-2025-176757
Malicious code in refactor-cron-yaml-dog-debug npm...
EUVD-2025-179724
Malicious code in class-debug-private-decrypt-slow npm...
EUVD-2025-178448
Malicious code in import-debug-compress-byte-long npm...
MAL-2025-186494 Malicious code in debug-cache-report-cache-index (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 548a5857bd7c92380811c367a8bd3c184e43d7536080c389e556fed63330059f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-186980 Malicious code in final-scale-static-yaml-debug (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a6ba87a36ae06fd4997f24c35c4cf6157601dad069a9c57e6ae8d43cc88aa435 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-177179
Malicious code in pi-permission-debug-decrypt-slow npm...
EUVD-2025-179388
Malicious code in debug-cache-report-cache-index npm...
EUVD-2025-178599
Malicious code in hash-socket-slow-debug-interpret npm...