2329 matches found
CVE-2025-14817
The component com.transsion.tranfacmode.entrance.main.MainActivity in com.transsion.tranfacmode has no permission control and can be accessed by third-party apps which can construct intents to directly open adb debugging functionality without user interaction...
EUVD-2025-203879
The component com.transsion.tranfacmode.entrance.main.MainActivity in com.transsion.tranfacmode has no permission control and can be accessed by third-party apps which can construct intents to directly open adb debugging functionality without user interaction...
CVE-2025-14817
The component com.transsion.tranfacmode.entrance.main.MainActivity in com.transsion.tranfacmode has no permission control and can be accessed by third-party apps which can construct intents to directly open adb debugging functionality without user interaction...
CVE-2025-14817
The CVE-2025-14817 entry affects the com.transsion.tranfacmode.entrance.main.MainActivity component in TECNO devices (e.g., Pova6 Pro 5G). The vulnerability arises from missing permission controls, allowing third-party apps to craft intents that directly open adb debugging functionality without u...
CVE-2025-14817 Factory Mode App Exists Privilege Escalation Issue Allowing Third-Party Apps to Open ADB
The component com.transsion.tranfacmode.entrance.main.MainActivity in com.transsion.tranfacmode has no permission control and can be accessed by third-party apps which can construct intents to directly open adb debugging functionality without user interaction...
PT-2025-51818
The component com.transsion.tranfacmode.entrance.main.MainActivity in com.transsion.tranfacmode has no permission control and can be accessed by third-party apps which can construct intents to directly open adb debugging functionality without user interaction...
CVE-2025-14485 EFM ipTIME A3004T Administrator Password timepro.cgi show_debug_screen command injection
A weakness has been identified in EFM ipTIME A3004T 14.19.0. This vulnerability affects the function showdebugscreen of the file /sess-bin/timepro.cgi of the component Administrator Password Handler. This manipulation of the argument aaksjdkfj with the input !@dnjsrureljrm& causes command...
Meatmeet Pro BBQ Thermometer 安全漏洞
Meatmeet Pro BBQ Thermometer is an advanced smart thermometer from Meatmeet. A security vulnerability exists in the Meatmeet Pro BBQ Thermometer that stems from an undisabled JTAG debugging interface, which could lead to malicious firmware flashing and unauthorized network access...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel, which stems from the presence of released and reused debugging information access in advmonitor processing...
CVE-2025-13494 SSP Debug <= 1.0.0 - Unauthenticated Sensitive Information Exposure
The SSP Debug plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.0. This is due to the plugin storing PHP error logs in a predictable, web-accessible location wp-content/uploads/ssp-debug/ssp-debug.log without any access controls. This...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an unhandled debugging initialization failure that could lead to a null pointer dereference...
Adobe Experience Manager (AEM) Debugging Client Libraries Exposure
This plugin detects the presence of the Adobe Experience Manager AEM Debugging Client Libraries on a web server. These libraries are intended for development and debugging purposes and should not be exposed in a production environment, as they may contain sensitive information or functionality th...
📄 Microsoft Windows 11 build 10.0.22631.6199 Dual-Path Privilege Escalation
Proof of concept exploit for a Microsoft Windows 11 build 10.0.22631.6199 dual-path elevation of privilege vulnerability in undocumented RPC and debugging objects...
ROS-20251202-03
Vulnerability in DecodeConfig component of Golang programming language is related to uncontrolled consumption of resources. resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial-of-service condition. denial of service A vulnerability in the Downloa...
SwitchBot Smart Video Doorbell 安全漏洞
SwitchBot Smart Video Doorbell is a smart video doorbell from SwitchBot USA. A security vulnerability exists in SwitchBot Smart Video Doorbell versions prior to 2.01.078, which stems from the presence of active debugging code that could allow an attacker to access the device via Telnet...
Revive Adserver Information Disclosure Vulnerability
Revive Adserver is an open source ad serving system that allows advertisers, publishers, and networks to place ads on multiple platforms e.g., websites, apps, video players and supports ad effectiveness tracking, campaign management, and placement rule definition. Revive Adserver suffers from an...
Exploit for Deserialization of Untrusted Data in Google Android
CVE-2024-31317 Debuggable App Exploit A Python-based exploit...
Fortinet FortiClientWindows 安全漏洞
Fortinet FortiClientWindows is a Windows-based mobile endpoint security solution from Fortinet, Inc. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance, and two-factor authentication when connected to a FortiGate firewall appliance. A security vulnerability exis...
Binding to an Unrestricted IP Address
Overview Affected versions of this package are vulnerable to Binding to an Unrestricted IP Address due to the insecure default binding of the Java Debug Wire Protocol JDWP port to all network interfaces when debug mode is enabled. An attacker can gain unauthorized access to the Java virtual machi...
Red Hat build of Keycloak 安全漏洞
Red Hat build of Keycloak is a web application for single sign-on from Red Hat, Inc. A security vulnerability exists in Red Hat build of Keycloak version 26.4 that stems from debug mode insecurely binding the JDWP port to all network interfaces, which could lead to remote code execution...