CVE-2025-54548 On affected platforms, restricted users could view sensitive portions of the config database via a debug API (e.g., user password hashes)

On affected platforms, restricted users could view sensitive portions of the config database via a debug API e.g., user password hashes...

CVE-2025-54548

CVE-2025-54548 involves a debug API that could let restricted users view parts of the config DB (including password hashes) in Arista DANZ Monitoring Fabric and related DMF/CCF/CVA/MCD deployments. The advisory and Red/NCSC/NVD entries confirm the affected products and the underlying issue, with ...

CVE-2025-54548 On affected platforms, restricted users could view sensitive portions of the config database via a debug API (e.g., user password hashes)

On affected platforms, restricted users could view sensitive portions of the config database via a debug API e.g., user password hashes...

Exploit for CVE-2025-57428

My security advisories CVE-2025-57428 - Telnet debug interf...

WordPress Debug Log Viewer plugin <= 2.0.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Debug Log Viewer versions = 2.0.3...

CVE-2025-62787

Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.10.2, a buffer over-read occurs in DecodeWinevt when childattrp-attributesj is accessed, because the corresponding index j is incorrect. A compromised agent can cause a READ operation beyond t...

CVE-2025-62787 Wazuh Vulnerable to Heap-based Buffer Over-read in DecodeWinevt

Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.10.2, a buffer over-read occurs in DecodeWinevt when childattrp-attributesj is accessed, because the corresponding index j is incorrect. A compromised agent can cause a READ operation beyond t...

EUVD-2025-36682

Wazuh is a free and open source platform used for threat prevention, detection, and response. Prior to 4.10.2, a buffer over-read occurs in DecodeWinevt when childattrp-attributesj is accessed, because the corresponding index j is incorrect. A compromised agent can cause a READ operation beyond t...

CVE-2025-62787

Wazuh prior to version 4.10.2 is affected by a buffer over-read in DecodeWinevt() caused by an incorrect index when accessing child_attr[p]-&gt;attributes[j]. A compromised agent can cause a read past the end of the allocated buffer, potentially exposing sensitive data, particularly when analysis...

PT-2025-44321

Name of the Vulnerable Software and Affected Versions Wazuh versions prior to 4.10.2 Description Wazuh, a platform for threat prevention, detection, and response, contains a flaw where a buffer over-read can occur in the DecodeWinevt function. This happens when accessing child attrp-attributesj d...

PT-2025-44363

Name of the Vulnerable Software and Affected Versions versions prior to 2025-54548 Description Restricted users could view sensitive portions of the config database via a debug API. Specifically, user password hashes were exposed. The API endpoint used for this exposure is a debug API...

CVE-2025-61107

A flaw was found in frr. When the OSPF daemon ospfd is configured with the debug command "debug ospf packet all send/recv detail", it attempts to print detailed information about OSPF packets. However, a specially crafted OSPF packet can trigger a NULL pointer dereference in the...

CVE-2025-61105

A NULL pointer dereference vulnerability was found in FRRouting within the showvtylinkinfo function within ospfext.c. When the OSPF daemon ospfd is configured with the debug command debug ospf packet all send/recv detail, it attempts to display detailed information for OSPF packets. Under specifi...

CVE-2025-61102

A NULL pointer dereference vulnerability was found in FRRouting within the showvtyextlinkadjsid function within ospfext.c. When the OSPF daemon ospfd is configured with the debug command debug ospf packet all send/recv detail, it attempts to display detailed information for OSPF packets. Under...

CVE-2025-61099

A NULL pointer dereference vulnerability was found in FRRouting within the showopaqueinfodetail function within ospfopaque.c. When the OSPF daemon ospfd is configured with the debug command debug ospf packet all send/recv detail, it attempts to display detailed information of all received or sent...

EUVD-2025-36466

In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - set NULL to qm-debug.qmdiffregs When the initialization of qm-debug.accdiffreg fails, the probe process does not exit. However, after qm-debug.qmdiffregs is freed, it is not set to NULL. This can lead to a...

Security Bulletin: Sensitive Key Exposure in Snowflake JDBC Driver Logging (Versions 3.0.13 – 3.23.0), affects watsonx.data

Summary Snowflake, a platform for using artificial intelligence in the context of cloud computing, has a vulnerability in the Snowflake JDBC driver "Driver" in versions 3.0.13 through 3.23.0 of the driver. When the logging level was set to DEBUG, the Driver would log locally the client-side...

kms-activate

kms-activate Microsoft Windows/Office 一键激活工具 NOTE: - To u...

CVE-2025-4106

CVE-2025-4106 is a vulnerability in WatchGuard Fireware OS where an authenticated admin who has access to both the WebUI and the CLI can enable a diagnostic debug shell by uploading a platform/version-specific diagnostic package and executing a leftover diagnostic command. Affected versions are F...

CVE-2025-4106 WatchGuard Firebox leftover debug code vulnerability

An authenticated admin user with access to both the management WebUI and command line interface on a Firebox can enable a diagnostic debug shell by uploading a platform and version-specific diagnostic package and executing a leftover diagnostic command. This issue affects Fireware OS: from 12.0...