CVE-2025-9517 atec Debug <= 1.2.22 - Authenticated (Administrator+) Remote Code Execution

The atec Debug plugin for WordPress is vulnerable to remote code execution in all versions up to, and including, 1.2.22 via the 'customlog' parameter. This is due to insufficient sanitization when saving the custom log path. This makes it possible for authenticated attackers, with...

CVE-2025-9516 atec Debug <= 1.2.22 - Authenticated (Administrator+) Arbitrary File Read

The atec Debug plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.22 via the 'customlog' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to view the contents of files outside of the original...

CVE-2025-9517

CVE-2025-9517 : atec Debug plugin for WordPress (versions ≤ 1.2.22) is vulnerable to remote code execution via the vulnerable custom_log path handling. The root cause is insufficient sanitization when saving the custom_log path, enabling an authenticated attacker with Administrator+ privileges to...

CVE-2025-9516 atec Debug <= 1.2.22 - Authenticated (Administrator+) Arbitrary File Read

The atec Debug plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.2.22 via the 'customlog' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to view the contents of files outside of the original...

CVE-2025-9518

CVE-2025-9518 covers the atec Debug WordPress plugin (versions ≤ 1.2.22). The flaw is insufficient validation of the debug_path parameter, enabling authenticated users with Administrator+ rights to arbitrarily delete files (e.g., wp-config.php). This could facilitate remote code execution. The Wo...

CVE-2025-9518 atec Debug <= 1.2.22 - Authenticated (Administrator+) Arbitrary File Deletion

The atec Debug plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation on the 'debugpath' parameter in all versions up to, and including, 1.2.22. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete...

CVE-2025-9518 atec Debug <= 1.2.22 - Authenticated (Administrator+) Arbitrary File Deletion

The atec Debug plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation on the 'debugpath' parameter in all versions up to, and including, 1.2.22. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete...

smb: client: fix use-after-free bug in cifs_debug_data_proc_show()

...

smb: client: fix potential UAF in cifs_debug_files_proc_show()

...

WordPress plugin atec Debug 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

appRain CMF 跨站脚本漏洞

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input in the /apprain/developer/debug-log/db endpoint. An attacker could use this vulnerability to steal a victim's cookie-based authentication credentials...

PT-2025-35934

Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A reflected cross-site scripting XSS issue exists in appRain CMF version 4.0.5. The issue is due to insufficient validation of user-supplied input. The vulnerability is triggered through the s parameter ...

PT-2025-35951

Name of the Vulnerable Software and Affected Versions: NVIDIA HGX and DGX affected versions not specified Description: NVIDIA HGX and DGX systems are susceptible to a misconfiguration in the LS10 component, potentially allowing an attacker to establish an unsafe debug access level. Exploitation o...

WordPress plugin atec Debug 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2025-35950

Name of the Vulnerable Software and Affected Versions: NVIDIA HGX and DGX affected versions not specified Description: NVIDIA HGX and DGX systems are susceptible to a misconfiguration in the VBIOS that could allow an attacker to establish an unsafe debug access level. Exploitation of this issue m...

WordPress plugin atec Debug 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress atec Debug plugin <= 1.2.22 - Authenticated (Administrator+) Arbitrary File Deletion vulnerability

Authenticated Administrator+ Arbitrary File Deletion vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin atec Debug versions = 1.2.22...

WordPress atec Debug plugin <= 1.2.22 - Authenticated (Administrator+) Remote Code Execution vulnerability

Authenticated Administrator+ Remote Code Execution vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin atec Debug versions = 1.2.22...

WordPress atec Debug plugin <= 1.2.22 - Authenticated (Administrator+) Arbitrary File Read vulnerability

Authenticated Administrator+ Arbitrary File Read vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin atec Debug versions = 1.2.22...

Linux Distros Unpatched Vulnerability : CVE-2018-7563

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GLPI through 9.2.1. The application is affected by XSS in the query string to front/preference.php. An attacker is able to create a...