CVE-2026-33153

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the Recipe API endpoint exposes a hidden ?debug=true query parameter that returns the complete raw SQL query being executed, including all table names, column names, JO...

PT-2026-28472

Name of the Vulnerable Software and Affected Versions Tandoor Recipes versions prior to 2.6.0 Description The application is designed for managing recipes, planning meals, and creating shopping lists. A hidden query parameter, ?debug=true, within the Recipe API endpoint reveals the complete raw S...

EUVD-2024-42200

Malicious code in bioql PyPI...

EUVD-2023-25236

Malicious code in bioql PyPI...

Multiple vulnerabilities in ELECOM wireless LAN routers

Overview Multiple wireless LAN routers provided by ELECOM CO.,LTD. contain multiple vulnerabilities listed below. Hidden functionality CWE-912 - CVE-2025-46267 OS command injection in WebGUI CWE-78 - CVE-2025-53472 Chuya Hayakawa of 00One, Inc. reported this vulnerability to JPCERT/CC. JPCERT/CC...

PT-2025-30391 · Unknown · Wrc-Be36Qs-B +1

Name of the Vulnerable Software and Affected Versions: WRC-BE36QS-B WRC-W701-B Description: A hidden functionality issue exists that may allow a remote attacker to enable the product’s hidden debug function by logging into the WebGUI. Recommendations: At the moment, there is no information about ...

CVE-2025-46117

An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where a hidden debug script .apdebug.sh invoked from the restricted CLI does not properly sanitize its input, allowing an authenticated attacker to...

CVE-2023-21068

In TBD of TBD, there is a possible way to boot with a hidden debug policy due to a missing warning to the user. This could lead to local escalation of privilege after preparing the device, hiding the warning, and passing the phone to a new user, with no additional execution privileges needed. Use...

CVE-2021-39653

In TBD of TBD, there is a possible way to boot with a hidden debug policy due to a missing warning to the user. This could lead to local escalation of privilege after preparing the device, hiding the warning, and passing the phone to a new user, with no additional execution privileges needed. Use...

CVE-2024-47864

home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain a buffer overflow vulnerability in the hidden debug function. A remote unauthenticated attacker may get the web console of the product down...

CVE-2024-47864

The CVE-2024-47864 issue affects Sharp home 5G HR02, Wi‑Fi STATION SH‑52B, and SH‑54C. It is a buffer overflow in the hidden debug function that can cause the product’s web console to go down. Evidence across multiple sources confirms the affected models and the vulnerability class, but explicit ...

CVE-2024-47864

home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain a buffer overflow vulnerability in the hidden debug function. A remote unauthenticated attacker may get the web console of the product down...

CVE-2024-46873

CVE-2024-46873 concerns SHARP routers (SH-05L, SH-52B, SH-54C, HR02). The root cause is a hidden debug function that, when enabled, allows a remote unauthenticated attacker to execute arbitrary OS commands with root privileges. Public docs confirm this vulnerability alongside other SHARP router C...

CVE-2024-46873

Multiple SHARP routers leave the hidden debug function enabled. An arbitrary OS command may be executed with the root privilege by a remote unauthenticated attacker...

PT-2024-32856 · Unknown · Home 5G Hr02 +2

Name of the Vulnerable Software and Affected Versions: home 5G HR02 affected versions not specified Wi-Fi STATION SH-52B affected versions not specified Wi-Fi STATION SH-54C affected versions not specified Description: The issue is related to a buffer overflow vulnerability in the hidden debug...

Multiple vulnerabilities in SHARP routers

Overview SHARP routers contain multiple vulnerabilities listed below. OS command injection vulnerability in the HOST name configuration screen CWE-78 - CVE-2024-45721 The hidden debug function is enabled CWE-489 - CVE-2024-46873 Buffer overflow vulnerability in the hidden debug function CWE-120 -...

CVE-2024-37994

A vulnerability has been identified in SIMATIC Reader RF610R CMIIT 6GT2811-6BC10-2AA0 All versions V4.2, SIMATIC Reader RF610R ETSI 6GT2811-6BC10-0AA0 All versions V4.2, SIMATIC Reader RF610R FCC 6GT2811-6BC10-1AA0 All versions V4.2, SIMATIC Reader RF615R CMIIT 6GT2811-6CC10-2AA0 All versions V4....

PT-2024-7406 · Siemens · Simatic Reader Rf615R +11

Name of the Vulnerable Software and Affected Versions: SIMATIC Reader RF610R CMIIT versions prior to V4.2 SIMATIC Reader RF610R ETSI versions prior to V4.2 SIMATIC Reader RF610R FCC versions prior to V4.2 SIMATIC Reader RF615R CMIIT versions prior to V4.2 SIMATIC Reader RF615R ETSI versions prior...

Siemens 多款产品 安全漏洞

SIMATIC RTLS Locating Manager is used to configure, operate and maintain the SIMATIC RTLS unit, a real-time wireless positioning system that provides locating solutions. A hidden function vulnerability exists in Siemens SIMATIC RTLS Locating Manager due to an affected application containing hidde...

CVE-2023-21068

In TBD of TBD, there is a possible way to boot with a hidden debug policy due to a missing warning to the user. This could lead to local escalation of privilege after preparing the device, hiding the warning, and passing the phone to a new user, with no additional execution privileges needed. Use...