CVE-2025-38689

CVE-2025-38689 affects the Linux kernel’s x86 FPU code. When CONFIG_X86_DEBUG_FPU is enabled, AVX-512 timestamp handling calls x86_task_fpu() without a NULL check, returning NULL for kernel threads (PF_KTHREAD) and triggering a NULL pointer dereference when reading /proc/[kthread]/arch_status. Th...

CVE-2025-36899

There is a possible escalation of privilege due to test/debugging code left in a production build. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-36899

There is a possible escalation of privilege due to test/debugging code left in a production build. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2025-35882

Name of the Vulnerable Software and Affected Versions: affected versions not specified Description: A possible escalation of privilege exists due to test/debugging code remaining in a production build. This could lead to physical escalation of privilege without requiring additional execution...

CVE-2025-58598

Insertion of Sensitive Information Into Debugging Code vulnerability in Klarna Klarna Order Management for WooCommerce klarna-order-management-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Klarna Order Management for WooCommerce: from n/a through = 1.9.8...

CVE-2025-58598 WordPress Klarna Order Management for WooCommerce Plugin <= 1.9.8 - Sensitive Data Exposure Vulnerability

Insertion of Sensitive Information Into Debugging Code vulnerability in Klarna Klarna Order Management for WooCommerce klarna-order-management-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Klarna Order Management for WooCommerce: from n/a through = 1.9.8...

CVE-2025-58598 WordPress Klarna Order Management for WooCommerce Plugin <= 1.9.8 - Sensitive Data Exposure Vulnerability

Insertion of Sensitive Information Into Debugging Code vulnerability in Klarna Klarna Order Management for WooCommerce klarna-order-management-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Klarna Order Management for WooCommerce: from n/a through = 1.9.8...

CVE-2025-58598

CVE-2025-58598 (Klarna Order Management for WooCommerce) affects the WordPress Klarna plugin up to version 1.9.8. The root cause is insertion of sensitive information into debugging code, enabling retrieval of embedded sensitive data. Public descriptions indicate affected versions are from n/a th...

PT-2025-35732

Name of the Vulnerable Software and Affected Versions: Klarna Order Management for WooCommerce versions through 1.9.8 Description: Klarna Order Management for WooCommerce is susceptible to a flaw that allows the retrieval of embedded sensitive data due to the insertion of sensitive information in...

WordPress plugin Klarna Order Management for WooCommerce 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

CVE-2025-25736

Kapsch TrafficCom RIS-9260 RSU LEO v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to contain Android Debug Bridge ADB pre-installed /mnt/c3platpersistent/opt/platform-tools/adb and enabled by default, allowing unauthenticated root shell access to the cellular modem via the...

CVE-2025-8597

MacVim's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access e.g. via a malicious application to attach a debugger, read or modify the process memory, inject code in the application's context despite...

Invoice Ninja 安全漏洞

Invoice Ninja is an Invoice Ninja open source application with invoice, quote, project and time tracking capabilities. A security vulnerability exists in Invoice Ninja versions prior to 5.0.175, which stems from improper authorization of the debugging tool and could allow a local attacker to read...

MacVim 安全漏洞

MacVim is a text editor in the MacVim open source. A security vulnerability exists in MacVim that stems from improper authorization of the debugging tool and could lead to a local attacker reading or modifying process memory...

LLM-GUARD: Large Language Model-Based Detection and Repair of Bugs and Security Vulnerabilities in C++ and Python

Large Language Models LLMs such as ChatGPT-4, Claude 3, and LLaMA 4 are increasingly embedded in software/application development, supporting tasks from code generation to debugging. Yet, their real-world effectiveness in detecting diverse software bugs, particularly complex, security-relevant...

Linux Distros Unpatched Vulnerability : CVE-2017-15393

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debuggi...

Improper Output Neutralization for Logs

Overview litestar is a Litestar - A production-ready, highly performant, extensible ASGI API Framework Affected versions of this package are vulnerable to Improper Output Neutralization for Logs via the exception logging process. An attacker can manipulate log files and forge log entries by...

TraceLens: Question-Driven Debugging for Taint Flow Understanding

Taint analysis is a security analysis technique used to track the flow of potentially dangerous data through an application and its dependent libraries. Investigating why certain unexpected flows appear and why expected flows are missing is an important sensemaking process during end-user taint...

Linux Distros Unpatched Vulnerability : CVE-2021-23985

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If an attacker is able to alter specific about:config values for example malware running on the user's computer, the Devtools remote debugging feature could hav...

SUSE CVE-2025-54781

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. When debugging is enabled for Himmelblau in version 1.0.0, the himmelblaudtasks service leaks an Intune service access token to the system journal. This short-lived token can be used to detect the host's Intune...