CVE-2025-35031

Medical Informatics Engineering Enterprise Health is affected by CVE-2025-35031, where the software includes the user’s current session token in debug output. This enables an attacker to impersonate the user if the token is exfiltrated (e.g., via the user sending debug output). The issue is fixed...

Windows Silent Process Exit Persistence

Windows allows you to set up a debug process when a process exits. This module uploads a payload and declares that it is the debug process to launch when a specified process exits. Module Options msf use exploit/windows/persistence/imageexecoptions msf exploitimageexecoptions show targets...

CVE-2025-57428

Default credentials in Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.20190211 allows attackers to gain access to the debug shell exposed via Telnet on Port 23 and execute hardware-level flash and register manipulation commands...

PT-2025-39872

Name of the Vulnerable Software and Affected Versions Medical Informatics Engineering Enterprise Health affected versions not specified Description The software includes a user's current session token in debug output. An attacker could potentially convince a user to send this output to the...

Medical Informatics Engineering Enterprise Health 安全漏洞

Medical Informatics Engineering Enterprise Health is a healthcare solution from US-based Medical Informatics Engineering. A security vulnerability exists in Medical Informatics Engineering Enterprise Health that stems from the inclusion of a user's current session token in the debug output, which...

CVE-2025-57428

The CVE-2025-57428 entry concerns Italy Wireless Mini Router WIRELESS-N 300M, firmware v28K.MiniRouter.20190211. Publicly available material confirms a default Telnet debug interface on port 23, with admin/admin credentials, granting access to a low-level shell. The exploit log shows commands suc...

📄 Windows Silent Process Exit Persistence

Windows allows you to set up a debug process when a process exits. This Metasploit module uploads a payload and declares that it is the debug process to launch when a specified process exits. This module requires Metasploit: https://metasploit.com/download Current source:...

Italy Wireless WIRELESS-N 300M 安全漏洞

Italy Wireless WIRELESS-N 300M is a MiniRouter from Italy Wireless, Italy. A security vulnerability exists in the Italy Wireless WIRELESS-N 300M v28K.MiniRouter.20190211 version, which originates from the default credentials, and could lead to an attacker accessing the debug shell and executing...

PT-2025-39828

Name of the Vulnerable Software and Affected Versions Italy Wireless Mini Router WIRELESS-N 300M version v28K.MiniRouter.20190211 Description Default credentials in the Italy Wireless Mini Router WIRELESS-N 300M version v28K.MiniRouter.20190211 allow attackers to access the debug shell exposed vi...

Exploit for CVE-2025-57428

CVE-2025-57428 - Telnet debug interface enabled by default all...

CVE-2025-9984

The Featured Image from URL FIFU plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the fifuapidebugposts function in all versions up to, and including, 5.2.7. This makes it possible for unauthenticated attackers to read private/password protect...

CVE-2025-59834

ADB MCP Server is a MCP Model Context Protocol server for interacting with Android devices through ADB. In versions 0.1.0 and prior, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementatio...

Insertion Of Sensitive Information Into Log File

github.com/edgelesssys/contrast vulnerable to Insertion of Sensitive Information into Log File. The vulnerability is due to the logging configuration. An attacker can access sensitive information by exploiting the log output when the log level is set to info or debug...

CVE-2025-59834 Command Injection in adb-mcp MCP Server

ADB MCP Server is a MCP Model Context Protocol server for interacting with Android devices through ADB. In versions 0.1.0 and prior, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementatio...

Do Not Start the debug-shell Service

The debug-shell service is used to locate faults that occur during system boot. This service is installed with systemd. The debug-shell service requires no authentication, that is, attackers can access the root shell by simply pressing Ctrl+Alt+F9 during systemd startup when the OS is booting. Th...

Command Injection

Overview adb-mcp is a MCP server for Android Debug Bridge ADB interactions in TypeScript Affected versions of this package are vulnerable to Command Injection via the executeAdbCommand function. An attacker can execute arbitrary system commands by supplying specially crafted input to the device...

USN-7766-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - x86 architecture; - Compute Acceleration Framework; - Bus devices; - AM...

Arbitrary Code Execution (ACE)

picklescan is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to the use of doctest.debugscript to execute remote pickle files, which allows an attacker to execute arbitrary code on the target system...

NVIDIA cuobjdump DWARF debug abbreviations parsing arbitrary code execution vulnerability

Talos Vulnerability Report TALOS-2025-2155 NVIDIA cuobjdump DWARF debug abbreviations parsing arbitrary code execution vulnerability September 24, 2025 CVE Number CVE-2025-23339 SUMMARY An arbitrary code execution vulnerability exists in the DWARF parsing functionality of NVIDIA cuobjdump 12.8.55...

PT-2025-39375

Name of the Vulnerable Software and Affected Versions ADB MCP Server versions 0.1.0 and prior Description ADB MCP Server, a Model Context Protocol server for interacting with Android devices through ADB, contains a flaw in its implementation. Versions 0.1.0 and earlier are susceptible to command...