OESA-2025-1997 python-werkzeug security update

A comprehensive WSGI web application library Security Fixes: Werkzeug is a comprehensive WSGI web application library. If an upload of a file that starts with CR or LF and then is followed by megabytes of data without these characters: all of these bytes are appended chunk by chunk into internal...

MAL-2025-18145 Malicious code in debugger-for-ios-web (npm)

The package debugger-for-ios-web was found to contain malicious code...

Malicious code in debugger-for-ios-web (npm)

The package debugger-for-ios-web was found to contain malicious code...

CVE-2025-7353

A security issue exists due to the web-based debugger agent enabled on Rockwell Automation ControlLogix® Ethernet Modules. If a specific IP address is used to connect to the WDB agent, it can allow remote attackers to perform memory dumps, modify memory, and control execution flow...

CVE-2025-7353 Rockwell Automation ControlLogix® Ethernet Remote Code Execution Vulnerability

A security issue exists due to the web-based debugger agent enabled on Rockwell Automation ControlLogix® Ethernet Modules. If a specific IP address is used to connect to the WDB agent, it can allow remote attackers to perform memory dumps, modify memory, and control execution flow...

CVE-2025-7353

A security issue exists due to the web-based debugger agent enabled on Rockwell Automation ControlLogix® Ethernet Modules. If a specific IP address is used to connect to the WDB agent, it can allow remote attackers to perform memory dumps, modify memory, and control execution flow...

CVE-2025-7353 Rockwell Automation ControlLogix® Ethernet Remote Code Execution Vulnerability

A security issue exists due to the web-based debugger agent enabled on Rockwell Automation ControlLogix® Ethernet Modules. If a specific IP address is used to connect to the WDB agent, it can allow remote attackers to perform memory dumps, modify memory, and control execution flow...

CVE-2025-7353

CVE-2025-7353 affects Rockwell Automation ControlLogix Ethernet Modules via the web-based debugger agent (WDB). The connected PT-2025-33275 entry specifies affected software versions pre-12.001 and explains that connecting to the WDB agent from a specific IP can enable remote attackers to perform...

Rockwell Automation ControlLogix Series 安全漏洞

Rockwell Automation ControlLogix Series is a family of programmable controllers from Rockwell Automation, USA. A security vulnerability exists in Rockwell Automation ControlLogix Series, which stems from a web-based debugger agent that could allow a remote attacker to perform memory dumps and...

PT-2025-33275

Name of the Vulnerable Software and Affected Versions: Rockwell Automation ControlLogix Ethernet Modules versions prior to 12.001 Description: A security issue exists in Rockwell Automation ControlLogix Ethernet Modules due to the web-based debugger agent. Connecting to the WDB agent using a...

OESA-2025-1976 gdb security update

GDB, the GNU Project debugger, allows you to see what is going on inside another program while it executes -- or what another program was doing at the moment it crashed. Security Fixes: A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this iss...

NewStart CGSL MAIN 7.02 : python-werkzeug Vulnerability (NS-SA-2025-0136)

The remote NewStart CGSL host, running version MAIN 7.02, has python-werkzeug packages installed that are affected by a vulnerability: - Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's...

OESA-2025-1854 gdb security update

GDB, the GNU Project debugger, allows you to see what is going on inside another program while it executes -- or what another program was doing at the moment it crashed. Security Fixes: GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the functi...

OESA-2025-1852 gdb security update

GDB, the GNU Project debugger, allows you to see what is going on inside another program while it executes -- or what another program was doing at the moment it crashed. Security Fixes: GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the functi...

AZL-65400 CVE-2025-7546 affecting package gdb for versions less than 13.2-5

A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfdelfsetgroupcontents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has bee...

This Week in Spring - July 8th, 2025

Hi, Spring fans! Welcome to another installment of This Week in Spring! I write this having spent a wonderful week in paradise Bora Bora, French Polynesia, to be precise with my partner Tam Mie. We were so very sad to have to say goodbye. But that means I'm officially back at my desk, with nary a...

RHEL 10 : delve (RHSA-2025:9317)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:9317 advisory. Delve is a debugger for the Go programming language. The goal of the project is to provide a simple, full featured debugging tool for Go. Delve shou...

ALSA-2025:9317 Moderate: delve security update

Delve is a debugger for the Go programming language. The goal of the project is to provide a simple, full featured debugging tool for Go. Delve should be easy to invoke and easy to use. Chances are if you're using a debugger, things aren't going your way. With that in mind, Delve should stay out ...

MAL-2025-4858 Malicious code in office-addin-debugger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4af71d95c178cd7b60b7f8f5f758ebd7003e5b853b2649a1ad465580d6751f6d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in office-addin-debugger (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4af71d95c178cd7b60b7f8f5f758ebd7003e5b853b2649a1ad465580d6751f6d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...