2419 matches found
Puppet Server/PuppetDB - Sensitive Information Disclosure
Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints, which may contain sensitive information when left exposed. id: CVE-2020-7943 info: name: Puppet Server/PuppetDB - Sensitive Information Disclosure author: c-sh0 severity: high...
Xdebug <= 2.5.5 - Command Injection
Xdebug = 2.5.5 contains an unauthenticated command injection caused by accepting debugger protocol commands without authentication when remote debugging is enabled, letting remote attackers execute arbitrary PHP code and system commands, exploit requires remote debugging enabled. id: CVE-2015-101...
CVE-2026-54798
A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.20, SICORE Base system All versions V26.20.0. The affected application includes a debugging interface that is accessible through HTTP endpoints. This could allow an authenticated attacker to disrupt th...
CVE-2026-54798
A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.20, SICORE Base system All versions V26.20.0. The affected application includes a debugging interface that is accessible through HTTP endpoints. This could allow an authenticated attacker to disrupt th...
EUVD-2026-42593
A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.20, SICORE Base system All versions V26.20.0. The affected application includes a debugging interface that is accessible through HTTP endpoints. This could allow an authenticated attacker to disrupt th...
CVE-2026-54798
The CVE-2026-54798 entry concerns CPCI85 Central Processing/Communication (all versions < V26.20) and SICORE Base system (all versions
CVE-2026-36027
An issue in Code27 Companion Hub SQ3A.220705.003.A1 allows a physically proximate attacker to execute arbitrary code via the USB debugging ADB and Android Debug Bridge components...
BIT-PYTHON-2026-5713 Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target
The "profiling.sampling" module Python 3.15+ and "asyncio introspection capabilities" 3.14+, "python -m asyncio ps" and "python -m asyncio pstree" features could be used to read and write addresses in a privileged process if that process connected to a malicious or "infected" Python process via t...
CVE-2026-36027
An issue in Code27 Companion Hub SQ3A.220705.003.A1 allows a physically proximate attacker to execute arbitrary code via the USB debugging ADB and Android Debug Bridge components...
ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API
The threat actor known as ToddyCat has been attributed to a new malware called Umbrij that's designed to gain surreptitious access to a victim's email correspondence via the Google API. "In this campaign, the attackers focused their attention on corporate email communications hosted on Gmail,...
CVE-2026-57350
Unauthenticated Cross Site Scripting XSS in WP Debugging = 2.12.2 versions...
CVE-2026-57350 WordPress WP Debugging plugin <= 2.12.2 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in WP Debugging = 2.12.2 versions...
CVE-2026-57350
WP Debugging plugin for WordPress with versions ≤2.12.2 is affected by an unauthenticated Cross Site Scripting (XSS) vulnerability. The CVE entry specifies the vulnerable component as the WP Debugging plugin and lists CVSS v3.1 base score 7.1 (High) with Network attack vector, no privileges requi...
EUVD-2026-41349
Unauthenticated Cross Site Scripting XSS in WP Debugging = 2.12.2 versions...
Malicious code in pino-debugging (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83f0ecc81a618444e701cf5302ced1fa1e92aadc8df2ae2821d2a94a30683d9d Package name 'pino-debugging' is a single-edit typosquat of the legitimate 'pino-debug'. The shipped index.js requires a dependency named 'loadutils'...
MAL-2026-6583 Malicious code in pino-debugging (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83f0ecc81a618444e701cf5302ced1fa1e92aadc8df2ae2821d2a94a30683d9d Package name 'pino-debugging' is a single-edit typosquat of the legitimate 'pino-debug'. The shipped index.js requires a dependency named 'loadutils'...
[SECURITY] Fedora 43 Update: goose-1.36.0-1.fc43
Goose is your on-machine AI agent, capable of automating complex development tasks from start to finish. More than just code suggestions, goose can build entire projects from scratch, write and execute code, debug failures, orchestrate workflows, and interact with external APIs - autonomously...
Malicious code in @nullzero/urlcat (npm)
@nullzero/urlcat version 1.4.2, published by [email protected] is a trojanized npm package belonging to the wshu.net credential-stealer campaign. The campaign published trojanized look-alike utility packages across 12+ scopes whose publisher accounts all follow the pattern [email protected], with...
binary-exploitation-labs
Binary Exploitation & Reverse Engineering Labs Hands-on labs...
EUVD-2026-36800
Multiple out-of-bounds read vulnerabilities were found in GStreamer's pcapparse element. Malformed PCAP records can trigger reads beyond buffer boundaries during IPv4/TCP header parsing. This element is primarily used in debugging pipelines, limiting real-world exposure. A local attacker could...