8287 matches found
GO-2026-4334 Fleet has an Access Control vulnerability in debug/pprof endpoints in github.com/fleetdm/fleet
Fleet has an Access Control vulnerability in debug/pprof endpoints in github.com/fleetdm/fleet...
CVE-2026-1741
A vulnerability was determined in EFM ipTIME A8004T 14.18.2. Affected is the function httpconchecksessionurl of the file /sess-bin/d.cgi of the component Debug Interface. This manipulation of the argument cmd causes backdoor. It is possible to initiate the attack remotely. The complexity of an...
PT-2026-6509
Fleet has an Access Control vulnerability in debug/pprof endpoints in github.com/fleetdm/fleet...
CLSA-2026-1770040438 kernel: Fix of 14 CVEs
efivarfs: Fix slab-out-of-bounds in efivarfsdcompare CVE-2025-39817 - scsi: ses: Fix possible descptr out-of-bounds accesses CVE-2023-53675 - ipv6: Fix out-of-bounds access in ipv6findtlv CVE-2023-53705 - libceph: fix potential use-after-free in havemonandosdmap CVE-2025-68285 - scsi: lpfc: Fix...
CVE-2026-1741
A vulnerability was determined in EFM ipTIME A8004T 14.18.2. Affected is the function httpconchecksessionurl of the file /sess-bin/d.cgi of the component Debug Interface. This manipulation of the argument cmd causes backdoor. It is possible to initiate the attack remotely. The complexity of an...
CVE-2026-1741
A vulnerability was determined in EFM ipTIME A8004T 14.18.2. Affected is the function httpconchecksessionurl of the file /sess-bin/d.cgi of the component Debug Interface. This manipulation of the argument cmd causes backdoor. It is possible to initiate the attack remotely. The complexity of an...
CVE-2026-1741
A vulnerability was determined in EFM ipTIME A8004T 14.18.2. Affected is the function httpconchecksessionurl of the file /sess-bin/d.cgi of the component Debug Interface. This manipulation of the argument cmd causes backdoor. It is possible to initiate the attack remotely. The complexity of an...
CVE-2026-1741 EFM ipTIME A8004T Debug d.cgi httpcon_check_session_url backdoor
A vulnerability was determined in EFM ipTIME A8004T 14.18.2. Affected is the function httpconchecksessionurl of the file /sess-bin/d.cgi of the component Debug Interface. This manipulation of the argument cmd causes backdoor. It is possible to initiate the attack remotely. The complexity of an...
CVE-2026-1741 EFM ipTIME A8004T Debug d.cgi httpcon_check_session_url backdoor
A vulnerability was determined in EFM ipTIME A8004T 14.18.2. Affected is the function httpconchecksessionurl of the file /sess-bin/d.cgi of the component Debug Interface. This manipulation of the argument cmd causes backdoor. It is possible to initiate the attack remotely. The complexity of an...
CVE-2026-1741
The following sources document CVE-2026-1741 affecting EFM ipTIME A8004T 14.18.2. The vulnerability concerns the Debug Interface component, specifically the httpcon_check_session_url function in /sess-bin/d.cgi. The described flaw allows manipulation of the cmd argument to trigger a backdoor, wit...
PT-2026-5600
A vulnerability was determined in EFM ipTIME A8004T 14.18.2. Affected is the function httpcon check session url of the file /sess-bin/d.cgi of the component Debug Interface. This manipulation of the argument cmd causes backdoor. It is possible to initiate the attack remotely. The complexity of an...
Keycloak < 26.4.4 Debug Mode JDWP Port Exposure (CVE-2025-11538)
The version of Keycloak installed on the remote host is prior to 26.4.4. It is, therefore, affected by a Port Exposure vulnerability: - A vulnerability exists in Keycloak's server distribution where enabling debug mode --debug insecurely defaults to binding the Java Debug Wire Protocol JDWP port ...
GHSA-VG9H-JX4V-CWX2 Unfurl's debug mode cannot be disabled due to string config parsing (Werkzeug debugger exposure)
Summary The Unfurl web app enables Flask debug mode even when configuration sets debug = False. The config value is read as a string and passed directly to app.rundebug=..., so any non-empty string evaluates truthy. This leaves the Werkzeug debugger active by default. Details - unfurl/app.py:weba...
Unfurl's debug mode cannot be disabled due to string config parsing (Werkzeug debugger exposure)
Summary The Unfurl web app enables Flask debug mode even when configuration sets debug = False. The config value is read as a string and passed directly to app.rundebug=..., so any non-empty string evaluates truthy. This leaves the Werkzeug debugger active by default. Details - unfurl/app.py:weba...
Active Debug Code
Overview dfir-unfurl is an Unfurl takes a URL and expands "unfurls" it into a directed graph Affected versions of this package are vulnerable to Active Debug Code due to improper parsing of the debug configuration value, which is always interpreted as truthy and enables the Werkzeug debugger...
Malicious code in debug-fmt (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 049bf4db6a598df3cc4db93a71b765670e9b94be0c835ae183fd91c13fe99d8b The package debug-fmt was found to contain malicious code. Source: ghsa-malware 1f7e76c50ec40bd53847463f61469ebfb4691c221c290d98fed82736214216cc Any...
Malicious Package
Overview debug-fmt is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...
Malicious code in debug-glitz (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f09a7eab8b255c9470cf181542b2ed5b9b214602d0c73dc089938cc1a2d546b2 The package debug-glitz was found to contain malicious code. Source: ghsa-malware 5c2a809411c1675d6b31e695ec844e233dbcc14e9c576f30d6e3491084b5b90c An...
MAL-2026-566 Malicious code in debug-fmt (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 049bf4db6a598df3cc4db93a71b765670e9b94be0c835ae183fd91c13fe99d8b The package debug-fmt was found to contain malicious code. Source: ghsa-malware 1f7e76c50ec40bd53847463f61469ebfb4691c221c290d98fed82736214216cc Any...
MAL-2026-567 Malicious code in debug-glitz (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f09a7eab8b255c9470cf181542b2ed5b9b214602d0c73dc089938cc1a2d546b2 The package debug-glitz was found to contain malicious code. Source: ghsa-malware 5c2a809411c1675d6b31e695ec844e233dbcc14e9c576f30d6e3491084b5b90c An...