ROS-20250905-01

A vulnerability in the Python library responsible for interacting with various image storage backends python-glance-store is related to the fact that the package registers an accesskey for Glance-store when the DEBUG log level is enabled. DEBUG log level. Exploitation of the vulnerability could...

PT-2025-36257

Name of the Vulnerable Software and Affected Versions: Nordic Semiconductor nRF52810 affected versions not specified Description: The On-Chip Debug and Test Interface in the nRF52810 has improper access control and insufficient protection against Electromagnetic Fault Injection EM-FI. This allows...

CVE-2025-23302

NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of the LS10 could enable an attacker to set an unsafe debug access level. A successful exploit of this vulnerability might lead to denial of service...

CVE-2025-23301

NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of the VBIOS could enable an attacker to set an unsafe debug access level. A successful exploit of this vulnerability might lead to denial of service...

UBUNTU-CVE-2025-38689

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Fix NULL dereference in avx512status Problem ------- With CONFIGX86DEBUGFPU enabled, reading /proc/kthread/archstatus causes a warning and a NULL pointer dereference. This is because the AVX-512 timestamp code uses...

CVE-2025-23302

NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of the LS10 could enable an attacker to set an unsafe debug access level. A successful exploit of this vulnerability might lead to denial of service...

CVE-2025-23302

NVIDIA HGX and DGX are affected by CVE-2025-23302 due to a LS10 misconfiguration that could enable an unsafe debug access level and cause denial of service. The official bulletin specifies remediation by updating LS10 to version 1.8.0 (affected versions prior to 1.7.1). Blackwell variants (HGX/DG...

CVE-2025-23302

NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of the LS10 could enable an attacker to set an unsafe debug access level. A successful exploit of this vulnerability might lead to denial of service...

CVE-2025-23301

The connected NVIDIA bulletin confirms CVE-2025-23301 affects NVIDIA HGX and DGX systems due to a misconfiguration in the VBIOS that could allow an attacker to set an unsafe debug access level, potentially causing a denial of service. Affected components/versions include VBIOS on Hopper HGX/DGX (...

CVE-2025-23301

NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of the VBIOS could enable an attacker to set an unsafe debug access level. A successful exploit of this vulnerability might lead to denial of service...

CVE-2025-23301

NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of the VBIOS could enable an attacker to set an unsafe debug access level. A successful exploit of this vulnerability might lead to denial of service...

CVE-2025-41063

A vulnerability has been discovered in version 4.0.5 of appRain CMF, consisting of an authenticated reflected XSS due to a lack of proper validation of user input, through the 's' parameter in /apprain/developer/debug-log/db...

CVE-2025-41063

A vulnerability has been discovered in version 4.0.5 of appRain CMF, consisting of an authenticated reflected XSS due to a lack of proper validation of user input, through the 's' parameter in /apprain/developer/debug-log/db...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the s parameter in /apprain/developer/debug-log/db. An attacker can execute arbitrary scripts in the context of the authenticated user's browser by crafting malicious input. Details Cross-site scripting or X...

CVE-2025-41063 Reflected Cross-Site Scripting vulnerability in appRain CMF

A vulnerability has been discovered in version 4.0.5 of appRain CMF, consisting of an authenticated reflected XSS due to a lack of proper validation of user input, through the 's' parameter in /apprain/developer/debug-log/db...

CVE-2025-9518

The atec Debug plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation on the 'debugpath' parameter in all versions up to, and including, 1.2.22. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete...

CVE-2025-9516

The atec Debug plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.22 via the 'customlog' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to view the contents of files outside of the original...

GNU Binutils DWARF Section dwarf.c process_debug_info memory leak

...

CVE-2025-36899

There is a possible escalation of privilege due to test/debugging code left in a production build. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-9517 atec Debug <= 1.2.22 - Authenticated (Administrator+) Remote Code Execution

The atec Debug plugin for WordPress is vulnerable to remote code execution in all versions up to, and including, 1.2.22 via the 'customlog' parameter. This is due to insufficient sanitization when saving the custom log path. This makes it possible for authenticated attackers, with...