CVE-2025-7705 Authentication bypass due to compatibility mode enabled by default

: Active Debug Code vulnerability in ABB Switch Actuator 4 DU-83330, ABB Switch actuator, door/light 4 DU -83330-500.This issue affects Switch Actuator 4 DU-83330: All Versions; Switch actuator, door/light 4 DU -83330-500: All Versions...

CVE-2025-46267

Hidden functionality issue exists in WRC-BE36QS-B and WRC-W701-B. If exploited, the product's hidden debug function may be enabled by a remote attacker who can log in to WebGUI...

CVE-2025-46267

Hidden functionality issue exists in WRC-BE36QS-B and WRC-W701-B. If exploited, the product's hidden debug function may be enabled by a remote attacker who can log in to WebGUI...

PT-2025-30391 · Unknown · Wrc-Be36Qs-B +1

Name of the Vulnerable Software and Affected Versions: WRC-BE36QS-B WRC-W701-B Description: A hidden functionality issue exists that may allow a remote attacker to enable the product’s hidden debug function by logging into the WebGUI. Recommendations: At the moment, there is no information about ...

CVE-2025-46117

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where a hidden debug script .apdebug.sh invoked from the restricted CLI does not properly sanitize its input, allowing an authenticated attacker to...

Security update for python-oslo.utils

This update for python-oslo.utils fixes the following issues: CVE-2022-0718: Fixed incorrect password masking in debug output. bsc1196454 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can r...

CVE-2025-46117

CVE-2025-46117 affects CommScope Ruckus Unleashed (versions prior to 200.15.6.212.14 and 200.17.7.0.139) and Ruckus ZoneDirector (prior to 10.5.1.0.279). The root cause is improper sanitization of inputs to a hidden debug script (.ap_debug.sh) invoked from the restricted CLI, allowing an authenti...

PT-2025-30398

Name of the Vulnerable Software and Affected Versions ABB Switch Actuator 4 DU-83330: All Versions ABB Switch actuator, door/light 4 DU -83330-500: All Versions Description An Active Debug Code issue exists in ABB Switch Actuator 4 DU-83330 and ABB Switch actuator, door/light 4 DU -83330-500...

Metasoft MetaCRM 授权问题漏洞

Metasoft MetaCRM is a customer relationship management system software from China Metasoft Metasoft. An authorization issue vulnerability exists in Metasoft MetaCRM 6.4.2 and earlier versions, which stems from improper authentication due to mishandling of the file /debug.jsp...

VulnCheck KEV: CVE-2024-10586

The Debug Tool plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the dbtpullimage function and missing file type validation in all versions up to, and including, 2.2. This makes it possible for unauthenticated attackers to to create arbitrary files...

org.glassfish.main.admingui:console-cluster-plugin (>=3.1.2 <=9.0.0-M2), org.glassfish.main.admingui:console-commandrecorder-plugin (>=7.0.16 <=9.0.0-M2) +16 more potentially affected by CVE-2024-9343 via org.glassfish.main.admingui:console-common (>=3.1.2 <=9.0.0-M2)

org.glassfish.main.admingui:console-common MAVEN version =3.1.2, =3.1.2, =7.0.16, =3.1.2, =3.1.2, =3.1.2, =3.1.2, =3.1.2, =4.0, =3.1.2, =4.0, =3.1.2, =4.0, =4.0, =6.2.5, =9.0.0-M2 and more Source cves: CVE-2024-9343 Source advisory:...

org.glassfish.main.distributions:glassfish (>=4.0 <=4.0-b90), org.glassfish.main.distributions:web (>=4.0 <=4.0-b90) +4 more potentially affected by CVE-2024-10032 via org.glassfish.main.admingui:console-cluster-plugin (>=4.0 <=7.0.25)

org.glassfish.main.admingui:console-cluster-plugin MAVEN version =4.0, =4.0, =4.0, =6.2.5, =4.1, =4.1, =4.0, =5.0 Source cves: CVE-2024-10032 Source advisory: OSV:GHSA-62G9-99M7-W8WV...

CVE-2024-6234

A flaw was found in the Ansible Automation Platform. The Event-Driven Ansible server exposes the WebSocket JSON web token JWT when running Rulebook activations in debug mode, which, if obtained by an attacker, can be used to connect to the socket and issue commands that return Playbook content or...

Red Hat Ansible Automation Platform 安全漏洞

Red Hat Ansible Automation Platform Red Hat AAP is a unified solution for enabling strategic automation from Red Hat, USA. A security vulnerability exists in Red Hat Ansible Automation Platform that originates from exposing a WebSocket JSON web token in debug mode, which could lead to accessing...

Sensitive Information Disclosure

github.com/juju/juju is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the /log endpoint allowing any authenticated user to read debug log messages, which may contain sensitive information, without requiring specific permissions...

KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop

...

cifs: avoid NULL pointer dereference in dbg call

...

CVE-2025-53512

The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information...

CVE-2025-38294

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix NULL access in assign channel context handler Currently, when ath12kmacassignviftovdev fails, the radio handle ar gets accessed from the link VIF handle arvif for debug logging, This is incorrect. In the fail...

CVE-2025-38294

The CVE-2025-38294 entry concerns the Linux kernel wifi driver ath12k. The vulnerability arises when ath12k_mac_assign_vif_to_vdev() fails, causing a NULL radio handle (ar) to be dereferenced during debug logging via arvif, which is invalid in fail scenarios where the radio handle is NULL. The fi...