CVE-2024-56113

CVE-2024-56113 affects Smart Toilet Lab - Motius, version 1.3.11. The root cause is that DEBUG is set to True in Django, causing verbose error pages that expose sensitive information defined in Django settings. Impact: exposure of sensitive information via error pages. Publicly observable exploit...

Information Exposure

Overview collaborative-article-sharing is a Command-line interface for interacting with the CAS API Affected versions of this package are vulnerable to Information Exposure because the Flask application runs in debug mode in a production environment. Remediation Upgrade...

Laravel Reflected XSS via Request Parameter in Debug-Mode Error Page

Laravel Reflected XSS via Request Parameter in Debug-Mode Error Page Vulnerability Overview The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page. Identifier :...

CVE-2022-20649

A vulnerability in Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges in the context of the configured container. This vulnerability exists because the debug mode is incorrectly enabled...

CVE-2022-20649 Cisco Redundancy Configuration Manager Debug Remote Code Execution Vulnerability

A vulnerability in Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges in the context of the configured container. This vulnerability exists because the debug mode is incorrectly enabled...

DEBIAN-CVE-2024-50340

symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the registerargvargc php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by...

UBUNTU-CVE-2024-50340

symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the registerargvargc php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by...

CVE-2024-50340 Ability to change environment from query in symfony/runtime

symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the registerargvargc php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment or debug mode used by...

Exploit for Command Injection in Netgate Pfsense

pfSense 2.7.0 Command Injection Exploit CVE-2023-42326 This...

Exploit for Command Injection in Netgate Pfsense

pfSense 2.7.0 Command Injection Exploit CVE-2023-42326 This...

DEBIAN-CVE-2024-49889

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid use-after-free in ext4extshowleaf In ext4findextent, path may be freed by error or be reallocated, so using a previously saved ppath may have been freed and thus may trigger use-after-free, as follows: ext4splitextent...

MTN Group: Information disclosure due to debug mode enabled at Laravel instance https://mpos.mtn.co.sz/

The Laravel framework contained a vulnerability known as CVE-2021-3129, which allowed remote code execution due to unsafe usage of PHP in the Ignition debug module. This vulnerability was relatively easy to exploit and did not require user authentication, resulting in a high CVSS score of 9.8. Th...

CVE-2023-6987

The String locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sql-column' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

CVE-2023-6987

The String locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sql-column' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

Information Disclosure

umbraco.cms is vulnerable Information Disclosure. The vulnerability is due to improper handling of error responses in the Management API, which causes stack trace information to be returned even when Umbraco is not in debug mode. It allows an attacker to gain access to internal details of the...

GO-2023-1730 Debug mode leaks confidential data in Cilium in github.com/cilium/cilium

Debug mode leaks confidential data in Cilium in github.com/cilium/cilium...

CVE-2024-43376

Umbraco is an ASP.NET CMS. Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode. This vulnerability is fixed in 14.1.2...

CVE-2024-43376 Umbraco CMS vulnerable to Generation of Error Message Containing Sensitive Information

Umbraco is an ASP.NET CMS. Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode. This vulnerability is fixed in 14.1.2...

CVE-2024-43376 Umbraco CMS vulnerable to Generation of Error Message Containing Sensitive Information

Umbraco is an ASP.NET CMS. Some endpoints in the Management API can return stack trace information, even when Umbraco is not in debug mode. This vulnerability is fixed in 14.1.2...

Umbraco 安全漏洞

Umbraco is an open source content management system CMS written in C by the Danish company Umbraco. A security vulnerability exists in Umbraco versions prior to 14.1.2, which stems from the fact that certain endpoints in the management API can return stack trace information even if Umbraco is not...