8149 matches found
Cross-site Scripting (XSS)
Overview vega-interpreter is a CSP-compliant interpreter for Vega expressions. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the toString function in environments where the VEGADEBUG global variable is present. An attacker can execute arbitrary JavaScript code b...
CVE-2025-59840
CVE-2025-59840 (Vega XSS) : The vulnerability affects Vega prior to 6.2.0 where an application that attaches the Vega library and a global vega.View instance to window and allows user-defined Vega JSON can be exploited to execute arbitrary JavaScript, even with safe mode expressionInterpreter. Th...
GHSA-7M9G-PMXF-M9M8 Duplicate Advisory: Keycloak allows Binding to an Unrestricted IP Address
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-j4vq-q93m-4683. This link is maintained to preserve external references. Original Description A vulnerability exists in Keycloak's server distribution where enabling debug mode --debug insecurely defaults to...
Duplicate Advisory: Keycloak allows Binding to an Unrestricted IP Address
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-j4vq-q93m-4683. This link is maintained to preserve external references. Original Description A vulnerability exists in Keycloak's server distribution where enabling debug mode --debug insecurely defaults to...
Binding to an Unrestricted IP Address
Overview Affected versions of this package are vulnerable to Binding to an Unrestricted IP Address due to the insecure default binding of the Java Debug Wire Protocol JDWP port to all network interfaces when debug mode is enabled. An attacker can gain unauthorized access to the Java virtual machi...
keycloak-server: Debug default bind address
A vulnerability exists in Keycloak's server distribution where enabling debug mode --debug insecurely defaults to binding the Java Debug Wire Protocol JDWP port to all network interfaces 0.0.0.0. This exposes the debug port to the local network, allowing an attacker on the same network segment to...
CVE-2025-11538
A vulnerability exists in Keycloak's server distribution where enabling debug mode --debug insecurely defaults to binding the Java Debug Wire Protocol JDWP port to all network interfaces 0.0.0.0. This exposes the debug port to the local network, allowing an attacker on the same network segment to...
CVE-2025-11538
A vulnerability exists in Keycloak's server distribution where enabling debug mode --debug insecurely defaults to binding the Java Debug Wire Protocol JDWP port to all network interfaces 0.0.0.0. This exposes the debug port to the local network, allowing an attacker on the same network segment to...
CVE-2025-11538 Keycloak-server: debug default bind address
A vulnerability exists in Keycloak's server distribution where enabling debug mode --debug insecurely defaults to binding the Java Debug Wire Protocol JDWP port to all network interfaces 0.0.0.0. This exposes the debug port to the local network, allowing an attacker on the same network segment to...
CVE-2025-11538
Keycloak is affected by CVE-2025-11538 in versions prior to 26.4.4 where enabling debug mode (--debug) binds the JDWP port to all interfaces (0.0.0.0), exposing the debug port on the local network. This potentially allows a local-network attacker to attach a remote debugger and achieve remote cod...
CVE-2025-11538 Keycloak-server: debug default bind address
A vulnerability exists in Keycloak's server distribution where enabling debug mode --debug insecurely defaults to binding the Java Debug Wire Protocol JDWP port to all network interfaces 0.0.0.0. This exposes the debug port to the local network, allowing an attacker on the same network segment to...
CVE-2025-11538
A vulnerability exists in Keycloak's server distribution where enabling debug mode --debug insecurely defaults to binding the Java Debug Wire Protocol JDWP port to all network interfaces 0.0.0.0. This exposes the debug port to the local network, allowing an attacker on the same network segment to...
Security update for cargo-packaging, rust-bindgen
This update for cargo-packaging and rust-bindgen fixes the following issues: cargo-packaging was updated to version 1.3.0+0: CVE-2025-58160: Fixed tracing log pollution in tracing-subscriber bsc1249012 Other fixes: Prevent stripping debug info bsc1222175 rust-bindgen was updated to 0.72.0. Patch...
SUSE-SU-2025:4091-1 Security update for cargo-packaging, rust-bindgen
This update for cargo-packaging and rust-bindgen fixes the following issues: cargo-packaging was updated to version 1.3.0+0: - CVE-2025-58160: Fixed tracing log pollution in tracing-subscriber bsc1249012 Other fixes: - Prevent stripping debug info bsc1222175 rust-bindgen was updated to 0.72.0...
EUVD-2025-176243
Malicious code in spy-sun-byte-debug-import npm...
EUVD-2025-176933
Malicious code in public-process-wind-debug-view npm...
EUVD-2025-176757
Malicious code in refactor-cron-yaml-dog-debug npm...
EUVD-2025-179387
Malicious code in debug-char-code-double-encode npm...
EUVD-2025-179372
Malicious code in decrypt-sun-mock-rain-debug npm...
EUVD-2025-178227
Malicious code in kappa-debug-lambda-daemon-upsilon npm...