8149 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-40226
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - firmware: armscmi: Account for failed debug initialization When the SCMI debug subsystem fails to initialize, the related debug root will be missing, and the...
CVE-2020-36876
ReQuest Serious Play F3 Media Server versions 7.0.3.4968 Pro, 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 allows unauthenticated attackers to disclose the webserver's Python debug log file containing system information, credentials, paths, processes and command arguments running...
CVE-2025-13494
The SSP Debug plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.0. This is due to the plugin storing PHP error logs in a predictable, web-accessible location wp-content/uploads/ssp-debug/ssp-debug.log without any access controls. This...
CVE-2020-36876
ReQuest Serious Play F3 Media Server versions 7.0.3.4968 Pro, 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 allows unauthenticated attackers to disclose the webserver's Python debug log file containing system information, credentials, paths, processes and command arguments running...
EUVD-2020-30828
ReQuest Serious Play F3 Media Server versions 7.0.3.4968 Pro, 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 allows unauthenticated attackers to disclose the webserver's Python debug log file containing system information, credentials, paths, processes and command arguments running...
CVE-2020-36876
CVE-2020-36876 affects ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823. An unauthenticated attacker can access the webserver’s Python debug log by visiting the message_log page, disclosing system information, credential...
CVE-2020-36876 ReQuest Serious Play F3 Media Server <= 7.0.3 Debug Log Disclosure2020
ReQuest Serious Play F3 Media Server versions 7.0.3.4968 Pro, 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 allows unauthenticated attackers to disclose the webserver's Python debug log file containing system information, credentials, paths, processes and command arguments running...
CVE-2020-36876 ReQuest Serious Play F3 Media Server <= 7.0.3 Debug Log Disclosure2020
ReQuest Serious Play F3 Media Server versions 7.0.3.4968 Pro, 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 allows unauthenticated attackers to disclose the webserver's Python debug log file containing system information, credentials, paths, processes and command arguments running...
CVE-2025-40226
In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Account for failed debug initialization When the SCMI debug subsystem fails to initialize, the related debug root will be missing, and the underlying descriptor will be NULL. Handle this fault condition in the...
CVE-2025-14092 Edimax BR-6478AC V3 formDebugDiagnosticRun sub_416898 os command injection
A security vulnerability has been detected in Edimax BR-6478AC V3 1.0.15. This issue affects the function sub416898 of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed...
CVE-2025-13494
The SSP Debug plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.0. This is due to the plugin storing PHP error logs in a predictable, web-accessible location wp-content/uploads/ssp-debug/ssp-debug.log without any access controls. This...
CVE-2025-13494
The CVE covers the WordPress plugin SSP Debug (WordPress SSP Debugging) with versions up to and including 1.0.0. Root cause: the plugin stores PHP error logs in a web-accessible location (wp-content/uploads/ssp-debug/ssp-debug.log) without access controls. Impact: unauthenticated attackers can vi...
EUVD-2025-201342
The SSP Debug plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.0. This is due to the plugin storing PHP error logs in a predictable, web-accessible location wp-content/uploads/ssp-debug/ssp-debug.log without any access controls. This...
CVE-2025-13494 SSP Debug <= 1.0.0 - Unauthenticated Sensitive Information Exposure
The SSP Debug plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.0. This is due to the plugin storing PHP error logs in a predictable, web-accessible location wp-content/uploads/ssp-debug/ssp-debug.log without any access controls. This...
SUSE CVE-2025-40226
In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Account for failed debug initialization When the SCMI debug subsystem fails to initialize, the related debug root will be missing, and the underlying descriptor will be NULL. Handle this fault condition in the...
ReQuest Serious Play F3 Media Server 日志信息泄露漏洞
ReQuest Serious Play F3 Media Server is a digital media server from ReQuest Serious Play USA. A log information disclosure vulnerability exists in ReQuest Serious Play F3 Media Server versions 7.0.3.4968, 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823, which originates from an...
PT-2025-49270
ReQuest Serious Play F3 Media Server versions 7.0.3.4968 Pro, 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 allows unauthenticated attackers to disclose the webserver's Python debug log file containing system information, credentials, paths, processes and command arguments running...
CVE-2025-40226
In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Account for failed debug initialization When the SCMI debug subsystem fails to initialize, the related debug root will be missing, and the underlying descriptor will be NULL. Handle this fault condition in the...
UBUNTU-CVE-2025-40226
In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Account for failed debug initialization When the SCMI debug subsystem fails to initialize, the related debug root will be missing, and the underlying descriptor will be NULL. Handle this fault condition in the...
CVE-2025-40226
CVE-2025-40226: In the Linux kernel, the SCMI firmware debug subsystem may fail to initialize, leaving the debug root missing and the descriptor NULL. The fix adds fault handling in SCMI debug helpers that maintain metrics counters to cope with a NULL descriptor when initialization fails.