Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

95 matches found

NVD
NVDadded 2025/07/23 2:15 p.m.4 views

CVE-2015-10141

An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and earlier, a PHP debugging extension developed by Derick Rethans. When remote debugging is enabled, Xdebug listens on port 9000 and accepts debugger protocol commands without authentication. An attacker ca...

9.3CVSS0.65707EPSS
Exploits0References6
OSV
OSVadded 2025/07/23 2:15 p.m.1 views

DEBIAN-CVE-2015-10141

An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and earlier, a PHP debugging extension developed by Derick Rethans. When remote debugging is enabled, Xdebug listens on port 9000 and accepts debugger protocol commands without authentication. An attacker ca...

9.3CVSS6.3AI score0.65707EPSS
Exploits0References1
OSV
OSVadded 2025/07/23 2:15 p.m.3 views

CVE-2015-10141

An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and earlier, a PHP debugging extension developed by Derick Rethans. When remote debugging is enabled, Xdebug listens on port 9000 and accepts debugger protocol commands without authentication. An attacker ca...

7.7AI score
Exploits0References6
OSV
OSVadded 2025/07/23 2:15 p.m.0 views

UBUNTU-CVE-2015-10141

An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and earlier, a PHP debugging extension developed by Derick Rethans. When remote debugging is enabled, Xdebug listens on port 9000 and accepts debugger protocol commands without authentication. An attacker ca...

9.3CVSS6.2AI score0.65707EPSS
Exploits0References8
Cvelist
Cvelistadded 2025/07/23 1:53 p.m.9 views

CVE-2015-10141 Xdebug Remote Debugger Unauthenticated OS Command Execution

An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and earlier, a PHP debugging extension developed by Derick Rethans. When remote debugging is enabled, Xdebug listens on port 9000 and accepts debugger protocol commands without authentication. An attacker ca...

9.3CVSS0.65707EPSS
Exploits0References6
Debian CVE
Debian CVEadded 2025/07/23 1:53 p.m.3 views

CVE-2015-10141

An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and earlier, a PHP debugging extension developed by Derick Rethans. When remote debugging is enabled, Xdebug listens on port 9000 and accepts debugger protocol commands without authentication. An attacker ca...

9.3CVSS6.2AI score0.65707EPSS
Exploits0
CVE
CVEadded 2025/07/23 1:53 p.m.39 views

CVE-2015-10141

Summary: CVE-2015-10141 affects Xdebug (PHP debugging extension) ≤ 2.5.5. When remote debugging is enabled, Xdebug listens on port 9000 and accepts debugger protocol commands without authentication. An unauthenticated attacker can send a crafted eval command to execute arbitrary PHP code, potenti...

9.3CVSS7.9AI score0.65707EPSS
Exploits0References6
Vulnrichment
Vulnrichmentadded 2025/07/23 1:53 p.m.3 views

CVE-2015-10141 Xdebug Remote Debugger Unauthenticated OS Command Execution

An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and earlier, a PHP debugging extension developed by Derick Rethans. When remote debugging is enabled, Xdebug listens on port 9000 and accepts debugger protocol commands without authentication. An attacker ca...

9.3CVSS7.9AI score0.65707EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2025/07/23 12:0 a.m.6 views

PT-2025-30581 · Xdebug · Xdebug

Name of the Vulnerable Software and Affected Versions: Xdebug versions 2.5.5 and earlier Description: An unauthenticated OS command injection vulnerability exists in Xdebug, a PHP debugging extension. When remote debugging is enabled, Xdebug listens on port 9000 and accepts debugger protocol...

9.3CVSS8AI score0.65707EPSS
Exploits0References13
CNNVD
CNNVDadded 2025/07/23 12:0 a.m.1 views

Xdebug 安全漏洞

Xdebug is an extension for debugging and analyzing PHP code from the Xdebug open source. A security vulnerability exists in Xdebug 2.5.5 and earlier versions, which stems from unauthenticated OS command injection and could lead to the execution of arbitrary PHP code...

9.3CVSS7.6AI score0.65707EPSS
Exploits0References7
OpenVAS
OpenVASadded 2024/11/18 12:0 a.m.10 views

Fedora: Security Advisory (FEDORA-2024-e7bb8bc2da)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

4.3CVSS4.4AI score0.00502EPSS
Exploits0References5
GithubExploit
GithubExploitadded 2024/09/30 5:33 p.m.871 views

Exploit for Deserialization of Untrusted Data in Givewp

This post is a research article published by EQSTLabhttps://g...

10CVSS10AI score0.94173EPSS
Exploits11
OSV
OSVadded 2022/12/30 11:4 a.m.2 views

OESA-2022-2164 trafficserver security update

Apache Traffic Server is an OpenSource HTTP / HTTPS / HTTP/2 / QUIC reverse,forward and transparent proxy and cache. Security Fixes: Improper Check for Unusual or Exceptional Conditions vulnerability handling requests in Apache Traffic Server allows an attacker to crash the server under certain...

7.5CVSS6.2AI score0.08233EPSS
Exploits0References4
OSV
OSVadded 2022/12/30 11:4 a.m.2 views

OESA-2022-2166 trafficserver security update

Apache Traffic Server is an OpenSource HTTP / HTTPS / HTTP/2 / QUIC reverse,forward and transparent proxy and cache. Security Fixes: Improper Check for Unusual or Exceptional Conditions vulnerability handling requests in Apache Traffic Server allows an attacker to crash the server under certain...

7.5CVSS6.2AI score0.08233EPSS
Exploits0References4
OSV
OSVadded 2022/12/19 12:15 p.m.1 views

DEBIAN-CVE-2022-40743

Improper Input Validation vulnerability for the xdebug plugin in Apache Software Foundation Apache Traffic Server can lead to cross site scripting and cache poisoning attacks.This issue affects Apache Traffic Server: 9.0.0 to 9.1.3. Users should upgrade to 9.1.4 or later versions...

6.1CVSS5.4AI score0.08233EPSS
Exploits0References1
NVD
NVDadded 2022/12/19 12:15 p.m.13 views

CVE-2022-40743

Improper Input Validation vulnerability for the xdebug plugin in Apache Software Foundation Apache Traffic Server can lead to cross site scripting and cache poisoning attacks.This issue affects Apache Traffic Server: 9.0.0 to 9.1.3. Users should upgrade to 9.1.4 or later versions...

6.1CVSS0.08233EPSS
Exploits0References1
Prion
Prionadded 2022/12/19 12:15 p.m.25 views

Input validation

Improper Input Validation vulnerability for the xdebug plugin in Apache Software Foundation Apache Traffic Server can lead to cross site scripting and cache poisoning attacks.This issue affects Apache Traffic Server: 9.0.0 to 9.1.3. Users should upgrade to 9.1.4 or later versions...

5.8CVSS6.2AI score0.08233EPSS
Exploits0References1Affected Software1
OSV
OSVadded 2022/12/19 12:15 p.m.0 views

UBUNTU-CVE-2022-40743

Improper Input Validation vulnerability for the xdebug plugin in Apache Software Foundation Apache Traffic Server can lead to cross site scripting and cache poisoning attacks.This issue affects Apache Traffic Server: 9.0.0 to 9.1.3. Users should upgrade to 9.1.4 or later versions...

6.1CVSS5.7AI score0.08233EPSS
Exploits0References5
Cvelist
Cvelistadded 2022/12/19 11:6 a.m.15 views

CVE-2022-40743 Apache Traffic Server: Security issues with the xdebug plugin

Improper Input Validation vulnerability for the xdebug plugin in Apache Software Foundation Apache Traffic Server can lead to cross site scripting and cache poisoning attacks.This issue affects Apache Traffic Server: 9.0.0 to 9.1.3. Users should upgrade to 9.1.4 or later versions...

6.5AI score0.08233EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2022/12/19 11:6 a.m.3 views

CVE-2022-40743 Apache Traffic Server: Security issues with the xdebug plugin

Improper Input Validation vulnerability for the xdebug plugin in Apache Software Foundation Apache Traffic Server can lead to cross site scripting and cache poisoning attacks.This issue affects Apache Traffic Server: 9.0.0 to 9.1.3. Users should upgrade to 9.1.4 or later versions...

6.1AI score0.08233EPSS
Exploits0References1
Rows per page
Query Builder