Multiple vulnerabilities in Contec CONPROSYS HMI System (CHS)

Overview CONPROSYS HMI System CHS provided by Contec Co.,Ltd. contains multiple vulnerabilities listed below. Reflected cross-site scripting CWE-79 - CVE-2025-34080 Insertion of sensitive information into debugging code CWE-215 - CVE-2025-34081 Alex Williams of Converge Technology Solutions...

Vulnerability of the vmbus_connect() function in the drivers/hv/connection.c module – Microsoft Hyper-V guest mode support driver for Linux operating systems. This vulnerability allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

Vulnerability of the vmbusconnect function in the drivers/hv/connection.c module – Microsoft’s Linux-based Hyper-V guest mode driver has a vulnerability that exposes confidential system information due to unprocessed debugging information. Exploitation of this vulnerability could allow an attacke...

Vulnerability of the __vmbus_establish_gpadl() function in the drivers/hv/channel.c module – Microsoft Hyper-V guest mode support driver for Linux operating systems. This driver allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

Vulnerability of the vmbusestablishgpadl function in the drivers/hv/channel.c module – The Microsoft Hyper-V guest mode support driver for Linux operating systems is vulnerable because it exposes confidential system information due to uncleaned debugging information. Exploitation of this...

CVE-2022-50024

In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw-axi-dmac: do not print NULL LLI during error During debugging we have seen an issue where axichandumplli is passed a NULL LLI pointer which ends up causing an OOPS due to trying to get fields from it. Simply print...

CVE-2022-50024 dmaengine: dw-axi-dmac: do not print NULL LLI during error

In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw-axi-dmac: do not print NULL LLI during error During debugging we have seen an issue where axichandumplli is passed a NULL LLI pointer which ends up causing an OOPS due to trying to get fields from it. Simply print...

Water Curse Employs 76 GitHub Accounts to Deliver Multi-Stage Malware Campaign

Cybersecurity researchers have exposed a previously unknown threat actor known as Water Curse that relies on weaponized GitHub repositories to deliver multi-stage malware. "The malware enables data exfiltration including credentials, browser data, and session tokens, remote access, and long-term...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that originates from KVM x86 xen initializing timers multiple times, which could lead to debugging object conflicts...

PT-2025-25950

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved. The issue occurred during debugging when the axi chan dump lli function was passed a NULL LLI pointer, causing an OOPS due to...

CVE-2024-24915 - Potential vulnerability in SmartConsole where an administrator's credentials may be exposed to users with debugging privileges on the administrator's computer

Symptoms - Credentials are not cleared from memory after being used. A user with Administrator permissions can execute a memory dump for the SmartConsole process and fetch them. - This issue received the ID CVE-2024-24915. Solution This problem was fixed. The fix is included starting from: R82...

PT-2025-24035 · WordPress · Wp Email Debug

Name of the Vulnerable Software and Affected Versions: WP Email Debug plugin for WordPress versions 1.0 to 1.1.0 Description: The issue is related to a missing capability check on the WPMDBUG handle settings function. This allows unauthenticated attackers to enable debugging, send all emails to a...

Lenovo Legion Space 安全漏洞

Lenovo Legion Space is an application from Lenovo China developed specifically for Legion to help you manage game resources and purchase games. A security vulnerability exists in Lenovo Legion Space, which stems from an open debugging interface and could lead to the execution of arbitrary code...

CVE-2025-48414

There are several scripts in the web interface that are accessible via undocumented hard-coded credentials. The scripts provide access to additional administrative/debug functionality and are likely intended for debugging during development and provides an additional attack surface...

CVE-2024-44540

Ubiquiti AirMax firmware version firmware version 8 allows attackers with physical access to gain a privileged command shell via the UART Debugging Port...

CVE-2024-29291

An issue in Laravel Framework 8 through 11 might allow a remote attacker to discover database credentials in storage/logs/laravel.log. NOTE: this is disputed by multiple third parties because the owner of a Laravel Framework installation can choose to have debugging logs, but needs to set the...

CVE-2024-32912

there is a possible persistent Denial of Service due to test/debugging code left in a production build. This could lead to local denial of service of impaired use of the device with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-31799

Information Disclosure in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to read the WiFi passphrase via the UART Debugging Port...

CVE-2024-31800

Authentication Bypass in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to gain a privileged command shell via the UART Debugging Port...

CVE-2023-28895

The password for access to the debugging console of the PoWer Controller chip PWC of the MIB3 infotainment is hard-coded in the firmware. The console allows attackers with physical access to the MIB3 unit to gain full control over the PWC chip. Vulnerability found on Škoda Superb III 3V3 - 2.0 TD...

CVE-2023-21502

Improper input validation vulnerability in FactoryTest application prior to SMR May-2023 Release 1 allows local attackers to get privilege escalation via debugging commands...

CVE-2023-21122

In various functions of various files, there is a possible way to bypass the DISALLOWDEBUGGINGFEATURES restriction for tracing due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...