CVE-2025-10645

The WP Reset plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.05 via the WFLicensing::log method when debugging is enabled default. This makes it possible for unauthenticated attackers to extract sensitive license key and site data...

EUVD-2025-32702

The WP Reset plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.05 via the WFLicensing::log method when debugging is enabled default. This makes it possible for unauthenticated attackers to extract sensitive license key and site data...

CVE-2025-10645

The WP Reset plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.05 via the WFLicensing::log method when debugging is enabled default. This makes it possible for unauthenticated attackers to extract sensitive license key and site data...

CVE-2025-10645 WP Reset <= 2.05 - Unauthenticated Sensitive Information Exposure via wf-licensing.log

The WP Reset plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.05 via the WFLicensing::log method when debugging is enabled default. This makes it possible for unauthenticated attackers to extract sensitive license key and site data...

EUVD-2010-4742

Malware in sbrugna...

PT-2025-40973

Name of the Vulnerable Software and Affected Versions WP Reset versions prior to 2.06 Description The WP Reset plugin for WordPress is susceptible to exposure of sensitive information in all versions up to and including 2.05. This occurs through the WF Licensing::log method when debugging is...

EUVD-2022-46906

Malicious code in bioql PyPI...

CVE-2025-54781

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. When debugging is enabled for Himmelblau in version 1.0.0, the himmelblaudtasks service leaks an Intune service access token to the system journal. This short-lived token can be used to detect the host's Intune...

PT-2025-31706 · Microsoft · Himmelblau +2

Name of the Vulnerable Software and Affected Versions: Himmelblau version 1.0.0 versions prior to 1.1.0 Description: Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. When debugging is enabled for Himmelblau, the himmelblaud tasks service leaks an Intune service...

CVE-2022-43936

Brocade SANnav versions before 2.2.2 log Brocade Fabric OS switch passwords when debugging is enabled...

Broadcom SANnav 日志信息泄露漏洞

Broadcom SANnav is a suite of SAN management platforms from Broadcom Corporation USA. A log information disclosure vulnerability exists in Broadcom SANnav versions prior to 2.3.0 and 2.2.2, which stems from the recording of sensitive fields in logs when debugging is enabled, which could lead to t...

UBUNTU-CVE-2024-43444

Passwords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match and debugging for the authentication backend has been enabled. This issue affects: OTRS from 7.0.X through 7.0.50 OTRS 8.0.X OTRS 2023.X...

CVE-2024-27350

Amazon Fire OS 7 before 7.6.6.9 and 8 before 8.1.0.3 allows Fire TV applications to establish local ADB Android Debug Bridge connections. NOTE: some third parties dispute whether this has security relevance, because an ADB connection is only possible after the non-default ADB Debugging option is...

PT-2024-21841 · Amazon · Amazon Fire Os

Name of the Vulnerable Software and Affected Versions: Amazon Fire OS versions 7.0.0 through 7.6.6.8 Amazon Fire OS versions 8.0.0 through 8.1.0.2 Description: The issue allows Fire TV applications to establish local ADB Android Debug Bridge connections. This is only possible after the non-defaul...

CVE-2023-4645

The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the aiajax function. This can allow unauthenticated attackers to extract sensitive data such as post titles and slugs including those of protected posts along with their...

USN-6189-1 etcd vulnerability

It was discovered that etcd leaked credentials when debugging was enabled. This allowed remote attackers to discover etcd authentication credentials and possibly escalate privileges on systems using etcd...

SUSE CVE-2013-0154

The getpagetype function in xen/arch/x86/mm.c in Xen 4.2, when debugging is enabled, allows local PV or HVM guest administrators to cause a denial of service assertion failure and hypervisor crash via unspecified vectors related to a hypercall...

PT-2019-17023 · Automation Anywhere +1 · Automation Anywhere +1

Name of the Vulnerable Software and Affected Versions: IBM Robotic Process Automation with Automation Anywhere version 11 Description: The issue allows a local user to obtain highly sensitive information from log files when debugging is enabled. Recommendations: For IBM Robotic Process Automation...

kernel: Division by zero in change_port_settings in drivers/usb/serial/io_ti.c resulting in a denial of service

A division-by-zero in settermios, when debugging is enabled, was found in the Linux kernel. When the ioti driver is loaded, a local unprivileged attacker can request incorrect high transfer speed in the changeportsettings in the drivers/usb/serial/ioti.c so that the divisor value becomes zero and...

kernel: Division by zero in change_port_settings in drivers/usb/serial/io_ti.c resulting in a denial of service

A division-by-zero in settermios, when debugging is enabled, was found in the Linux kernel. When the ioti driver is loaded, a local unprivileged attacker can request incorrect high transfer speed in the changeportsettings in the drivers/usb/serial/ioti.c so that the divisor value becomes zero and...