PT-2025-50934

SolarEdge SE3680H has an exposed debug/test interface accessible to unauthenticated actors, allowing disclosure of system internals and execution of debug commands...

📄 Eramba GRC 3.19.1 Command Injection

Eramba GRC platform version 3.19.1 proof of concept command injection exploit. ============================================================================================================================================= | Title : Eramba GRC platform 3.19.1 Command injection in download-test-pdf...

WordPress Debug Log Viewer plugin missing license vulnerability

WordPress Debug Log Viewer plugin is a tool for managing debug logs for WordPress systems. A lack of authorization vulnerability exists in the WordPress Debug Log Viewer plugin, which can be exploited by an attacker to cause the exploitation of a misconfigured access control security level...

CLSA-2025-1765478108 Fix CVE(s): CVE-2025-11839, CVE-2025-11840

SECURITY UPDATE: remove abort call in debug format printing code - debian/patches/CVE-2025-11839.patch: remove call to abort in the debug format printing code, allowing display of fuzzed input files to complete without triggering an abort - CVE-2025-11839 SECURITY UPDATE: fix SEGV in vfinfo -...

CVE-2025-14485

A weakness has been identified in EFM ipTIME A3004T 14.19.0. This vulnerability affects the function showdebugscreen of the file /sess-bin/timepro.cgi of the component Administrator Password Handler. This manipulation of the argument aaksjdkfj with the input !@dnjsrureljrm& causes command...

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-991207)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991207 advisory. In the Linux kernel, the following vulnerability has been resolved: kprobes: don't call disarmkprobe for disabled kprobes The assumption in disablekprobe is wrong, a...

PT-2025-50570

A weakness has been identified in EFM ipTIME A3004T 14.19.0. This vulnerability affects the function show debug screen of the file /sess-bin/timepro.cgi of the component Administrator Password Handler. This manipulation of the argument aaksjdkfj with the input !@dnjsrureljrm& causes command...

EUVD-2025-202624

The ESP32 system on a chip SoC that powers the Meatmeet Pro was found to have JTAG enabled. By leaving JTAG enabled on an ESP32 in a commercial product an attacker with physical access to the device can connect over this port and reflash the device's firmware with malicious code which will be...

CVE-2025-67561

Missing Authorization vulnerability in Oleksandr Lysyi Debug Log Viewer debug-log-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Debug Log Viewer: from n/a through = 2.0.3...

CVE-2025-65822

CVE-2025-65822 concerns the ESP32 SoC in the Meatmeet Pro, where JTAG is left enabled. The Red Hat/NVD/CNNVD and related entries describe that a physical attacker can connect via the JTAG port on a Meatmeet Pro device and reflash firmware with malicious code, potentially causing loss of device fu...

WordPress Plugin SSP Debug Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in WordPress plugin SSP Debug, which stems from...

PT-2025-50497

Name of the Vulnerable Software and Affected Versions ESP32 versions affected versions not specified Description The ESP32 system on a chip SoC used in the Meatmeet Pro has JTAG enabled. An attacker with physical access can connect to the device via the JTAG port and reflash the firmware with...

CVE-2025-65822

The ESP32 system on a chip SoC that powers the Meatmeet Pro was found to have JTAG enabled. By leaving JTAG enabled on an ESP32 in a commercial product an attacker with physical access to the device can connect over this port and reflash the device's firmware with malicious code which will be...

EUVD-2021-34727

OpenBMCS 2.4 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive files by exploiting directory listing functionality. Attackers can browse directories like /debug/ and /php/ to discover configuration files, database credentials, and system...

CVE-2021-47718

OpenBMCS 2.4 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive files by exploiting directory listing functionality. Attackers can browse directories like /debug/ and /php/ to discover configuration files, database credentials, and system...

CVE-2021-47718 OpenBMCS Directory Listing Information Disclosure

OpenBMCS 2.4 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive files by exploiting directory listing functionality. Attackers can browse directories like /debug/ and /php/ to discover configuration files, database credentials, and system...

CVE-2021-47704 OpenBMCS SQL Injection via obix_test.php

OpenBMCS 2.4 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting arbitrary SQL code. Attackers can send GET requests to /debug/obixtest.php with malicious 'id' values to extract database information...

CVE-2021-47704

OpenBMCS 2.4 is affected by an SQL injection vulnerability in the obix_test.php endpoint. The issue allows authenticated attackers to manipulate database queries by supplying malicious id values through GET requests to /debug/obix_test.php, enabling extraction of database information. Multiple co...

EUVD-2025-202085

Missing Authorization vulnerability in Oleksandr Lysyi Debug Log Viewer debug-log-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Debug Log Viewer: from n/a through = 2.0.3...

EUVD-2023-60168

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Avoid use-after-free in dbg for hciaddadvmonitor KSAN reports use-after-free in hciaddadvmonitor. While adding an adv monitor, hciaddadvmonitor calls - msftaddmonitorpattern calls - msftaddmonitorsync calls -...