2400 matches found
PT-2025-35882
Name of the Vulnerable Software and Affected Versions: affected versions not specified Description: A possible escalation of privilege exists due to test/debugging code remaining in a production build. This could lead to physical escalation of privilege without requiring additional execution...
CVE-2025-58598
Insertion of Sensitive Information Into Debugging Code vulnerability in Klarna Klarna Order Management for WooCommerce klarna-order-management-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Klarna Order Management for WooCommerce: from n/a through = 1.9.8...
CVE-2025-58598
CVE-2025-58598 (Klarna Order Management for WooCommerce) affects the WordPress Klarna plugin up to version 1.9.8. The root cause is insertion of sensitive information into debugging code, enabling retrieval of embedded sensitive data. Public descriptions indicate affected versions are from n/a th...
CVE-2025-58598 WordPress Klarna Order Management for WooCommerce Plugin <= 1.9.8 - Sensitive Data Exposure Vulnerability
Insertion of Sensitive Information Into Debugging Code vulnerability in Klarna Klarna Order Management for WooCommerce klarna-order-management-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Klarna Order Management for WooCommerce: from n/a through = 1.9.8...
CVE-2025-58598 WordPress Klarna Order Management for WooCommerce Plugin <= 1.9.8 - Sensitive Data Exposure Vulnerability
Insertion of Sensitive Information Into Debugging Code vulnerability in Klarna Klarna Order Management for WooCommerce klarna-order-management-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Klarna Order Management for WooCommerce: from n/a through = 1.9.8...
WordPress plugin Klarna Order Management for WooCommerce 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2025-35732
Name of the Vulnerable Software and Affected Versions: Klarna Order Management for WooCommerce versions through 1.9.8 Description: Klarna Order Management for WooCommerce is susceptible to a flaw that allows the retrieval of embedded sensitive data due to the insertion of sensitive information in...
CVE-2025-25736
Kapsch TrafficCom RIS-9260 RSU LEO v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to contain Android Debug Bridge ADB pre-installed /mnt/c3platpersistent/opt/platform-tools/adb and enabled by default, allowing unauthenticated root shell access to the cellular modem via the...
CVE-2025-8597
MacVim's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access e.g. via a malicious application to attach a debugger, read or modify the process memory, inject code in the application's context despite...
MacVim 安全漏洞
MacVim is a text editor in the MacVim open source. A security vulnerability exists in MacVim that stems from improper authorization of the debugging tool and could lead to a local attacker reading or modifying process memory...
Invoice Ninja 安全漏洞
Invoice Ninja is an Invoice Ninja open source application with invoice, quote, project and time tracking capabilities. A security vulnerability exists in Invoice Ninja versions prior to 5.0.175, which stems from improper authorization of the debugging tool and could allow a local attacker to read...
LLM-GUARD: Large Language Model-Based Detection and Repair of Bugs and Security Vulnerabilities in C++ and Python
Large Language Models LLMs such as ChatGPT-4, Claude 3, and LLaMA 4 are increasingly embedded in software/application development, supporting tasks from code generation to debugging. Yet, their real-world effectiveness in detecting diverse software bugs, particularly complex, security-relevant...
Linux Distros Unpatched Vulnerability : CVE-2017-15393
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debuggi...
Improper Output Neutralization for Logs
Overview litestar is a Litestar - A production-ready, highly performant, extensible ASGI API Framework Affected versions of this package are vulnerable to Improper Output Neutralization for Logs via the exception logging process. An attacker can manipulate log files and forge log entries by...
TraceLens: Question-Driven Debugging for Taint Flow Understanding
Taint analysis is a security analysis technique used to track the flow of potentially dangerous data through an application and its dependent libraries. Investigating why certain unexpected flows appear and why expected flows are missing is an important sensemaking process during end-user taint...
Linux Distros Unpatched Vulnerability : CVE-2021-23985
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If an attacker is able to alter specific about:config values for example malware running on the user's computer, the Devtools remote debugging feature could hav...
SUSE CVE-2025-54781
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. When debugging is enabled for Himmelblau in version 1.0.0, the himmelblaudtasks service leaks an Intune service access token to the system journal. This short-lived token can be used to detect the host's Intune...
CVE-2025-54781
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. When debugging is enabled for Himmelblau in version 1.0.0, the himmelblaudtasks service leaks an Intune service access token to the system journal. This short-lived token can be used to detect the host's Intune...
CVE-2025-54781
CVE-2025-54781 affects Himmelblau: in version 1.0.0, when debugging is enabled, the himmelblaud_tasks service leaks a short‑lived Intune service access token to the system journal. The token can reveal the host’s Intune compliance status and may enable undocumented administrative operations on th...
CVE-2025-54781 Himmelblau leaks an Intune service access token in its logs
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. When debugging is enabled for Himmelblau in version 1.0.0, the himmelblaudtasks service leaks an Intune service access token to the system journal. This short-lived token can be used to detect the host's Intune...