EUVD-2025-203086

SolarEdge SE3680H has an exposed debug/test interface accessible to unauthenticated actors, allowing disclosure of system internals and execution of debug commands...

CVE-2025-36743

SolarEdge SE3680H has an exposed debug/test interface accessible to unauthenticated actors, allowing disclosure of system internals and execution of debug commands...

CVE-2025-36743

SolarEdge SE3680H has an exposed debug/test interface accessible to unauthenticated actors, allowing disclosure of system internals and execution of debug commands...

CVE-2025-36743

CVE-2025-36743 concerns the SolarEdge SE3680H inverter, where an exposed debug/test interface is reachable by unauthenticated actors. Redundant exposure could lead to disclosure of internal system information and execution of debug commands, indicating a potential impact on confidentiality, integ...

CVE-2025-36743 SolarEdge SE3680H - Exposed Debug interface

SolarEdge SE3680H has an exposed debug/test interface accessible to unauthenticated actors, allowing disclosure of system internals and execution of debug commands...

CVE-2025-36743 SolarEdge SE3680H - Exposed Debug interface

SolarEdge SE3680H has an exposed debug/test interface accessible to unauthenticated actors, allowing disclosure of system internals and execution of debug commands...

SolarEdge SE3680H 安全漏洞

The SolarEdge SE3680H is a high-clearance wave inverter from SolarEdge, Israel. A security vulnerability exists in the SolarEdge SE3680H that originates from the exposure of an unauthenticated debug or test interface, which could lead to the disclosure of internal system information and the...

PT-2025-50934

SolarEdge SE3680H has an exposed debug/test interface accessible to unauthenticated actors, allowing disclosure of system internals and execution of debug commands...

📄 Eramba GRC 3.19.1 Command Injection

Eramba GRC platform version 3.19.1 proof of concept command injection exploit. ============================================================================================================================================= | Title : Eramba GRC platform 3.19.1 Command injection in download-test-pdf...

WordPress Debug Log Viewer plugin missing license vulnerability

WordPress Debug Log Viewer plugin is a tool for managing debug logs for WordPress systems. A lack of authorization vulnerability exists in the WordPress Debug Log Viewer plugin, which can be exploited by an attacker to cause the exploitation of a misconfigured access control security level...

CLSA-2025-1765478108 Fix CVE(s): CVE-2025-11839, CVE-2025-11840

SECURITY UPDATE: remove abort call in debug format printing code - debian/patches/CVE-2025-11839.patch: remove call to abort in the debug format printing code, allowing display of fuzzed input files to complete without triggering an abort - CVE-2025-11839 SECURITY UPDATE: fix SEGV in vfinfo -...

CVE-2025-14485

A weakness has been identified in EFM ipTIME A3004T 14.19.0. This vulnerability affects the function showdebugscreen of the file /sess-bin/timepro.cgi of the component Administrator Password Handler. This manipulation of the argument aaksjdkfj with the input !@dnjsrureljrm& causes command...

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-991207)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991207 advisory. In the Linux kernel, the following vulnerability has been resolved: kprobes: don't call disarmkprobe for disabled kprobes The assumption in disablekprobe is wrong, a...

PT-2025-50570

A weakness has been identified in EFM ipTIME A3004T 14.19.0. This vulnerability affects the function show debug screen of the file /sess-bin/timepro.cgi of the component Administrator Password Handler. This manipulation of the argument aaksjdkfj with the input !@dnjsrureljrm& causes command...

EUVD-2025-202624

The ESP32 system on a chip SoC that powers the Meatmeet Pro was found to have JTAG enabled. By leaving JTAG enabled on an ESP32 in a commercial product an attacker with physical access to the device can connect over this port and reflash the device's firmware with malicious code which will be...

CVE-2025-67561

Missing Authorization vulnerability in Oleksandr Lysyi Debug Log Viewer debug-log-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Debug Log Viewer: from n/a through = 2.0.3...

CVE-2025-65822

CVE-2025-65822 concerns the ESP32 SoC in the Meatmeet Pro, where JTAG is left enabled. The Red Hat/NVD/CNNVD and related entries describe that a physical attacker can connect via the JTAG port on a Meatmeet Pro device and reflash firmware with malicious code, potentially causing loss of device fu...

WordPress Plugin SSP Debug Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in WordPress plugin SSP Debug, which stems from...

PT-2025-50497

Name of the Vulnerable Software and Affected Versions ESP32 versions affected versions not specified Description The ESP32 system on a chip SoC used in the Meatmeet Pro has JTAG enabled. An attacker with physical access can connect to the device via the JTAG port and reflash the firmware with...

CVE-2025-65822

The ESP32 system on a chip SoC that powers the Meatmeet Pro was found to have JTAG enabled. By leaving JTAG enabled on an ESP32 in a commercial product an attacker with physical access to the device can connect over this port and reflash the device's firmware with malicious code which will be...