8149 matches found
CVE-2025-54660
An active debug code vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.10, FortiClientWindows 7.0 all versions may allow a local attacker to run the application step by step and retrieve the saved VPN user password...
CVE-2025-46775
A debug messages revealing unnecessary information vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated user to obtain administrator credentials via debug log...
CVE-2025-54660
An active debug code vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.10, FortiClientWindows 7.0 all versions may allow a local attacker to run the application step by step and retrieve the saved VPN user password...
CVE-2025-54660
Fortinet FortiClientWindows is affected by an active debug code vulnerability in versions 7.0.0–7.4.3 and 7.2.0–7.2.10 that may allow a local attacker to execute the application step by step and retrieve the saved VPN user password. The linked Red Hat/NVD/CVE entries confirm the same impact. Ther...
CVE-2025-46775
A debug messages revealing unnecessary information vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated user to obtain administrator credentials via debug log...
EUVD-2025-198015
A debug messages revealing unnecessary information vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated user to obtain administrator credentials via debug log...
CVE-2025-46775
Fortinet FortiExtender contains a vulnerability where debug messages disclose unnecessary information, potentially allowing an authenticated user to obtain administrator credentials. Affected versions include 7.0 all versions, 7.2 all versions, 7.4.0–7.4.6, and 7.6.0–7.6.1. The root cause is expo...
CVE-2025-46775
A debug messages revealing unnecessary information vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated user to obtain administrator credentials via debug log...
METZ CONNECT多款产品 安全漏洞
METZ CONNECT Energy-Controlling EWIO2-M and others are products of METZ CONNECT, Germany.METZ CONNECT Energy-Controlling EWIO2-M is a high performance data logger.METZ CONNECT Energy- Controlling EWIO2-M-BM is a high performance data logger.METZ CONNECT Ethernet-IO EWIO2-BM is a sensor and actuat...
PT-2025-47352
Name of the Vulnerable Software and Affected Versions Fortinet FortiExtender versions 7.0 all versions Fortinet FortiExtender versions 7.2 all versions Fortinet FortiExtender versions 7.4.0 through 7.4.6 Fortinet FortiExtender versions 7.6.0 through 7.6.1 Description An issue exists in Fortinet...
Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-47143)
dma-debug: possible deadlock on radixlock. radixlock shouldn't be held while holding dmahashentryidx.lock otherwise, there's a possible deadlock scenario when dma debug API is called holding rqlock. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot f...
Fortinet FortiExtender 安全漏洞
Fortinet FortiExtender is a wireless WAN wide area network extender device from Fortinet, Inc. A security vulnerability exists in Fortinet FortiExtender that stems from a debug message that discloses unwanted information, which could lead to an authenticated user obtaining administrator...
PT-2025-47357
Name of the Vulnerable Software and Affected Versions Fortinet FortiClientWindows versions 7.0.0 through 7.4.3 Fortinet FortiClientWindows version 7.2.0 through 7.2.10 Description A debug code issue exists in FortiClientWindows that could allow a local attacker to execute the application step by...
EUVD-2025-197885
A security vulnerability has been detected in D-Link DWR-M920, DWR-M921, DIR-822K and DIR-825M 1.1.5. Impacted is the function system of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to command injection. Remote exploitation of the attack is possible. The...
SUSE CVE-2025-40184
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix debug checking for np-guests using huge mappings When running with transparent huge pages and CONFIGNVHEEL2DEBUG then the debug checking in asserthostsharedguest fails on the launch of an np-guest. This WARNON...
GHSA-7F2V-3QQ3-VVJF Vega Cross-Site Scripting (XSS) via expressions abusing toString calls in environments using the VEGA_DEBUG global variable
Impact Applications meeting 2 conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used. 1. Use vega in an application that attaches vega library and a vega.View instance similar to the Vega Editor to the global window 2. Allow user-defined...
Cross-site Scripting (XSS)
Overview org.webjars.npm:vega-expression is a WebJar for vega-expression. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the toString function in environments where the VEGADEBUG global variable is present. An attacker can execute arbitrary JavaScript code by...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the toString function in environments where the VEGADEBUG global variable is present. An attacker can execute arbitrary JavaScript code by supplying crafted Vega JSON definitions that abuse expression...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the toString function in environments where the VEGADEBUG global variable is present. An attacker can execute arbitrary JavaScript code by supplying crafted Vega JSON definitions that abuse expression...
Cross-site Scripting (XSS)
Overview org.webjars.npm:vega-interpreter is a WebJar for vega-interpreter. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the toString function in environments where the VEGADEBUG global variable is present. An attacker can execute arbitrary JavaScript code by...