org.bouncycastle:bcjmail-debug-jdk15to18 (>=1.81 <=1.83), org.bouncycastle:bcmail-debug-jdk15to18 (>=1.81 <=1.83) +4 more potentially affected by CVE-2025-14813 via org.bouncycastle:bcprov-debug-jdk15to18 (>=1.81 <=1.83)

org.bouncycastle:bcprov-debug-jdk15to18 MAVEN version =1.81, =1.81, =1.81, =1.81, =1.81, =1.81, =1.81, =1.83 Source cves: CVE-2025-14813 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-16075262...

io.github.jinahya:jinahya-bcprov (=0.0.1), org.apache.camel.karaf:camel-as2 (>=4.7.0 <=4.10.7) +14 more potentially affected by CVE-2025-14813 via org.bouncycastle:bcprov-debug-jdk18on (>=1.71 <=1.83)

org.bouncycastle:bcprov-debug-jdk18on MAVEN version =1.71, =4.7.0, =4.7.0, =3.0.0-M1, =3.0.0-M1, =3.2.0, =3.18.0, =3.18.0, =3.18.0, =1.81, =1.81, =1.81, =1.81, =1.81, =1.81, =1.83 and more Source cves: CVE-2025-14813 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-16075263...

Use of a Broken or Risky Cryptographic Algorithm

Overview Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to the generateCTR process in G3413CTRBlockCipher. An attacker can recover relationships between encrypted plaintext blocks by driving the cipher past its counter range and causing th...

org.bouncycastle:bcmail-debug-jdk14 (>=1.81 <=1.83), org.bouncycastle:bcpg-debug-jdk14 (>=1.81 <=1.83) +3 more potentially affected by CVE-2026-5598 via org.bouncycastle:bcprov-debug-jdk14 (>=1.81 <=1.83)

org.bouncycastle:bcprov-debug-jdk14 MAVEN version =1.81, =1.81, =1.81, =1.81, =1.81, =1.81, =1.83 Source cves: CVE-2026-5598 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-16074607...

org.bouncycastle:bcjmail-debug-jdk15to18 (>=1.81 <=1.83), org.bouncycastle:bcmail-debug-jdk15to18 (>=1.81 <=1.83) potentially affected by CVE-2026-5588 via org.bouncycastle:bcpkix-debug-jdk15to18 (>=1.81 <=1.83)

org.bouncycastle:bcpkix-debug-jdk15to18 MAVEN version =1.81, =1.81, =1.81, =1.83 Source cves: CVE-2026-5588 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-16075256...

org.bouncycastle:bcmail-debug-jdk14 (>=1.81 <=1.83) potentially affected by CVE-2026-5588 via org.bouncycastle:bcpkix-debug-jdk14 (>=1.81 <=1.83)

org.bouncycastle:bcpkix-debug-jdk14 MAVEN version =1.81, =1.81, =1.83 Source cves: CVE-2026-5588 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-16075255...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the AEADEncDataPacket parser in AEADEncDataPacket.java. An attacker can crash packet parsing by supplying an AEAD-encrypted OpenPGP packet with an out-of-range chunk size valu...

org.bouncycastle:bcjmail-debug-jdk18on (>=1.81 <=1.83), org.bouncycastle:bcmail-debug-jdk18on (>=1.81 <=1.83) +1 more potentially affected by CVE-2026-5588 via org.bouncycastle:bcpkix-debug-jdk18on (>=1.81 <=1.83)

org.bouncycastle:bcpkix-debug-jdk18on MAVEN version =1.81, =1.81, =1.81, =1.81, =1.83 Source cves: CVE-2026-5588 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-16075257...

io.github.jinahya:jinahya-bcprov (=0.0.1), org.apache.camel.karaf:camel-as2 (>=4.7.0 <=4.10.7) +14 more potentially affected by CVE-2026-5598 via org.bouncycastle:bcprov-debug-jdk18on (>=1.71 <=1.83)

org.bouncycastle:bcprov-debug-jdk18on MAVEN version =1.71, =4.7.0, =4.7.0, =3.0.0-M1, =3.0.0-M1, =3.2.0, =3.18.0, =3.18.0, =3.18.0, =1.81, =1.81, =1.81, =1.81, =1.81, =1.81, =1.83 and more Source cves: CVE-2026-5598 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-16074609...

org.bouncycastle:bcjmail-debug-jdk15to18 (>=1.81 <=1.83), org.bouncycastle:bcmail-debug-jdk15to18 (>=1.81 <=1.83) +4 more potentially affected by CVE-2026-5598 via org.bouncycastle:bcprov-debug-jdk15to18 (>=1.81 <=1.83)

org.bouncycastle:bcprov-debug-jdk15to18 MAVEN version =1.81, =1.81, =1.81, =1.81, =1.81, =1.81, =1.81, =1.83 Source cves: CVE-2026-5598 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-16074608...

PT-2026-33131

IdentityIQ 8.5, all IdentityIQ 8.5 patch levels prior to 8.5p2, IdentityIQ 8.4, and all IdentityIQ 8.4 patch levels prior to 8.4p4 allow authenticated users assigned the Debug Pages Read Only capability or any custom capability with the ViewAccessDebugPage SPRight to incorrectly create new...

PT-2026-33176

Name of the Vulnerable Software and Affected Versions Dgraph versions prior to 25.3.2 Description An unauthenticated credential disclosure exists where the '/debug/pprof/cmdline' endpoint is registered on the default mux and accessible without authentication. This exposes the full process command...

GHSA-PM7Q-RJJX-979P Oxia exposes bearer token in debug log messages on authentication failure

Summary When OIDC authentication fails, the full bearer token is logged at DEBUG level in plaintext. If debug logging is enabled in production, JWT tokens are exposed in application logs and any connected log aggregation system. Impact An attacker with access to application logs e.g., via a...

Oxia exposes bearer token in debug log messages on authentication failure

Summary When OIDC authentication fails, the full bearer token is logged at DEBUG level in plaintext. If debug logging is enabled in production, JWT tokens are exposed in application logs and any connected log aggregation system. Impact An attacker with access to application logs e.g., via a...

Active Debug Code

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Active Debug Code via the git.json.php script, which executes a shell command and returns sensitive information as JSON to any unauthenticated user. An attacker ca...

CVE-2026-23781

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A set of default debug user credentials is hardcoded in cleartext within the application package. If left unchanged, these credentials can be easily obtained and may allow unauthorized access to the MFT API debug interface...

CVE-2026-23780

An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability in the MFT API's debug interface allows an authenticated attacker to inject malicious queries due to improper input validation and unsafe dynamic SQL handling. Successful exploitation can enable...

CLSA-2026-1776156481 Fix of 5 CVEs

SECURITY UPDATE: fix heap buffer overflow in bfdelfparseehframe - debian/patches/CVE-2025-11082.patch: fix heap buffer overflow in bfdelfparseehframe - CVE-2025-11082 SECURITY UPDATE: fix NULL deref in elfgcsweep with empty groups - debian/patches/CVE-2025-5244.patch: fix NULL deref in elfgcsweep...

EUVD-2026-21990

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800...

CVE-2026-30809

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800...