CVE-2025-7353

A security issue exists due to the web-based debugger agent enabled on Rockwell Automation ControlLogix® Ethernet Modules. If a specific IP address is used to connect to the WDB agent, it can allow remote attackers to perform memory dumps, modify memory, and control execution flow...

MAL-2025-18145 Malicious code in debugger-for-ios-web (npm)

The package debugger-for-ios-web was found to contain malicious code...

CVE-2025-7353 Rockwell Automation ControlLogix® Ethernet Remote Code Execution Vulnerability

A security issue exists due to the web-based debugger agent enabled on Rockwell Automation ControlLogix® Ethernet Modules. If a specific IP address is used to connect to the WDB agent, it can allow remote attackers to perform memory dumps, modify memory, and control execution flow...

CVE-2025-7353

A security issue exists due to the web-based debugger agent enabled on Rockwell Automation ControlLogix® Ethernet Modules. If a specific IP address is used to connect to the WDB agent, it can allow remote attackers to perform memory dumps, modify memory, and control execution flow...

CVE-2025-7353

CVE-2025-7353 affects Rockwell Automation ControlLogix Ethernet Modules via the web-based debugger agent (WDB). The connected PT-2025-33275 entry specifies affected software versions pre-12.001 and explains that connecting to the WDB agent from a specific IP can enable remote attackers to perform...

Rockwell Automation ControlLogix Series 安全漏洞

Rockwell Automation ControlLogix Series is a family of programmable controllers from Rockwell Automation, USA. A security vulnerability exists in Rockwell Automation ControlLogix Series, which stems from a web-based debugger agent that could allow a remote attacker to perform memory dumps and...

MADEFORNET HTTP Debugger 竞争条件问题漏洞

MADEFORNET HTTP Debugger is a flagship product from the Estonian company MADEFORNET that helps Web developers, IT managers, and system and network administrators locate and eliminate Web site errors and identify performance bottlenecks. A security vulnerability exists in MADEFORNET HTTP Debugger...

Unauthorized Access Vulnerability in Whistle Web Debugger

whistle is based on Node implementation of cross-platform web debugging agent . Whistle Web Debugger suffers from an unauthorized access vulnerability that can be exploited by attackers to obtain sensitive information...

Interview with a malware hunter: Jérôme Segura

In our series "Interview with a malware hunter," our feature role today goes to Jérôme Segura, Malwarebytes’ Head of Threat Intelligence and world-renowned exploit kits researcher. The goal of this series is to introduce our readers to our malware intelligence crew by involving them in these Q&A...

Infogram: Stored Cross-Site scripting in the infographics using links

Description Hello. I discovered, that it is possible to conduct Stored XSS attack in the public infographics pages. Upon pasting the link, we can intercept the request, and change the link source to the malicious - which will result to the Stored XSS POC...

Razer US: DOM XSS and Open Redirect on the themes.razerzone.com

We appreciate the report and look forward to working with sp1d3rs in the future. I discovered the Open Redirect on the https://themes.razerzone.com/developers/signin endpoint. The root cause of the redirect was the insecure changing of window.location without validation - the original URL paramet...

Grab: Authorization bypass using login by phone option+horizontal escalation possible on Grab Android App

Description: After my previous report about 2FA bypass on the Profile Edit endpoint i was interested to find enpoint, which will allow me horizontal privileges escalation. So, I found the endpoint using android app https://p.grabtaxi.com/api/passenger/v2/profiles/activationsms which allow me to...