algernon 安全漏洞

Algernon is a web server developed by Alexander F. Rødseth. Versions of Algernon prior to 1.17.7 contained security vulnerabilities. These vulnerabilities stemmed from the forced activation of debugging mode in single-file mode, allowing the leakage of the file’s absolute path and complete byte...

CVE-2026-33280

Hidden functionality issue exists in BUFFALO Wi-Fi router products, which may allow an attacker to gain access to the product’s debugging functionality, resulting in the execution of arbitrary OS commands...

EUVD-2010-1671

Malware in sbrugna...

EUVD-2023-45034

Malicious code in bioql PyPI...

EUVD-2025-3056

Malicious code in bioql PyPI...

Improper Output Neutralization for Logs

Overview litestar is a Litestar - A production-ready, highly performant, extensible ASGI API Framework Affected versions of this package are vulnerable to Improper Output Neutralization for Logs via the exception logging process. An attacker can manipulate log files and forge log entries by...

CVE-2025-0071

SAP Web Dispatcher and SAP Internet Communication Manager contain a vulnerability where an attacker with administrative privileges can enable debugging trace mode via a specific parameter, leading to unencrypted passwords being written to logs. This affects confidentiality (C) with high impact, w...

PT-2025-9030 · Motorola Mobility · Droid Razr Hd

Name of the Vulnerable Software and Affected Versions: Motorola Mobility Droid Razr HD version 9.18.94.XT926.Verizon.en.US Description: An issue in the device allows physically proximate unauthorized attackers to access USB debugging, leading to control of the host device itself. This issue can b...

CVE-2025-22962

A critical remote code execution RCE vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters when debugging mode is enabled. An attacker with a valid session ID sessid can send specially crafted POST requests to the /json endpoint, enabling arbitrary...

CVE-2025-22962

A critical remote code execution RCE vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters when debugging mode is enabled. An attacker with a valid session ID sessid can send specially crafted POST requests to the /json endpoint, enabling arbitrary...

CVE-2025-22962

The CVE-2025-22962 issue affects GatesAir Maxiva UAXT and VAXT transmitters’ web-based management interface. The root cause is improper request handling when debugging mode is enabled, allowing an attacker with a valid sess_id to send crafted POST requests to /json and achieve arbitrary command e...

CVE-2025-22962

A critical remote code execution RCE vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters when debugging mode is enabled. An attacker with a valid session ID sessid can send specially crafted POST requests to the /json endpoint, enabling arbitrary...

PT-2024-10860 · Applock · Applock

Name of the Vulnerable Software and Affected Versions: Smartphones affected versions not specified Description: The system has a logic judging error under certain scenarios, allowing an attacker to gain certain information from apps locked by Applock if they obtain permission to execute commands ...

CVE-2023-40463

When configured in debugging mode by an authenticated user with administrative privileges, ALEOS 4.16 and earlier store the SHA512 hash of the common root password for that version in a directory accessible to a user with root privileges or equivalent access...

Design/Logic Flaw

When configured in debugging mode by an authenticated user with administrative privileges, ALEOS 4.16 and earlier store the SHA512 hash of the common root password for that version in a directory accessible to a user with root privileges or equivalent access...

CVE-2023-40463

CVE-2023-40463 affects Sierra Wireless AirLink ALEOS firmware (versions 4.16 and earlier). The root cause is in debugging mode: when enabled by an authenticated user with administrative privileges, ALEOS stores the SHA-512 hash of the common root password in a directory accessible to a user with ...

CVE-2023-40463 Use of Hard-Coded Credentials

When configured in debugging mode by an authenticated user with administrative privileges, ALEOS 4.16 and earlier store the SHA512 hash of the common root password for that version in a directory accessible to a user with root privileges or equivalent access...

PT-2023-7521 · Sierra Wireless · Aleos

Name of the Vulnerable Software and Affected Versions: ALEOS versions 4.16 and earlier Description: The issue is related to the use of hardcoded credentials in the debugging mode of the ALEOS operating system for Sierra Wireless MP70, RV50x, RV55, LX40, LX60 ES450, GX450 wireless routers. When...

WordPress plugin Easy Forms for Mailchimp 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

CVE-2022-25481

ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php. NOTE: this is disputed by a third party because system environment exposure is an intended feature of the debugging mode...