15 matches found
📄 Visual Studio 1.39.0 Remote Debugger
Visual Studio versions 1.30.0 through 1.39.0 had a remote debugger enabled by default that could cause multiple security issues. Code included to scan for any listeners...
GHSA-J4VQ-Q93M-4683 Keycloak has debug default bind address
A vulnerability exists in Keycloak's server distribution where enabling debug mode --debug insecurely defaults to binding the Java Debug Wire Protocol JDWP port to all network interfaces 0.0.0.0. This exposes the debug port to the local network, allowing an attacker on the same network segment to...
Duplicate Advisory: Keycloak allows Binding to an Unrestricted IP Address
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-j4vq-q93m-4683. This link is maintained to preserve external references. Original Description A vulnerability exists in Keycloak's server distribution where enabling debug mode --debug insecurely defaults to...
CVE-2025-11538
A vulnerability exists in Keycloak's server distribution where enabling debug mode --debug insecurely defaults to binding the Java Debug Wire Protocol JDWP port to all network interfaces 0.0.0.0. This exposes the debug port to the local network, allowing an attacker on the same network segment to...
CVE-2025-11538 Keycloak-server: debug default bind address
A vulnerability exists in Keycloak's server distribution where enabling debug mode --debug insecurely defaults to binding the Java Debug Wire Protocol JDWP port to all network interfaces 0.0.0.0. This exposes the debug port to the local network, allowing an attacker on the same network segment to...
CVE-2025-11538
Keycloak is affected by CVE-2025-11538 in versions prior to 26.4.4 where enabling debug mode (--debug) binds the JDWP port to all interfaces (0.0.0.0), exposing the debug port on the local network. This potentially allows a local-network attacker to attach a remote debugger and achieve remote cod...
PT-2025-46862
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A security issue exists in Keycloak where enabling debug mode with the --debug flag insecurely binds the Java Debug Wire Protocol JDWP port to all network interfaces 0.0.0.0. This exposes th...
EUVD-2025-3729
Malicious code in bioql PyPI...
CVE-2025-24481
An Incorrect Permission Assignment Vulnerability exists in the product and version listed above. The vulnerability is due to incorrect permissions being assigned to the remote debugger port and can allow for unauthenticated access to the system configuration...
PT-2025-5370 · Rockwell Automation · Factorytalk® View Site Edition
Name of the Vulnerable Software and Affected Versions: Product and version mentioned affected versions not specified Description: The issue is related to an incorrect permission assignment in the product, which is due to the incorrect assignment of permissions to the remote debugger port. This ca...
Exploit for Code Injection in Vmware Spring_Framework
Spring4Shell Spring4Shell CVE-2022-22965 Proof Of Concept wi...
CVE-2017-9462
In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary code, by using --debugger as a repository name...
Juniper Network and Security Manager XDB Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Juniper Network and Security Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the XDB service. The issue lies in the ability to connect to the...
VxWorks R5_0_31 Data Disclosure
Known Affected Versions: R5031 Created March 1st, 2007 Date Discovered: November 13, 2012 Obviously not anything new to get sensitive data out via the VxWorks remote debugger, but this seemed to warrant specific attention since it did allow for the disclosure of call logs and full access to all...
IDA Pro Remote Debugger Server Authentication Bypass
Binary data 3955.prm...