Threats Tagged 'cwe-489'

The ai_cmd utility executes with full root permissions. It pipes socket inputs directly to popen(), paving the way for unauthenticated users to execute arbitrary root commands.

Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is invoked with a single file path instead of a directory, singleFileMode is set to true and debugMode is forcibly enabled.debugMode activates the PrettyError renderer, which on any Lua or template error response dumps the absolute path of the file that errored, complete byte contents of that file, and exception or parser error text. This response is served with HTTP 200 OK to whoever sent the request that triggered the error. Any client able to reach the server and able to provoke a runtime error in the served script obtains the full server-side source of that script and of any sibling Lua data file consulted during the request. This vulnerability is fixed in 1.17.7.

CVE-2026-9133 is a high-severity vulnerability in the amazon-mq rabbitmq-aws plugin version 0.1.0. It involves active debug code in the ARN resolver that accepts a debug ARN scheme, allowing remote authenticated users to read arbitrary files accessible to the RabbitMQ process. This can lead to unauthorized disclosure of sensitive information. AWS recommends upgrading to version 0.2.1 and rotating private certificate keys if TLS is used. The vulnerability has a CVSS score of 7.7, indicating a high impact on confidentiality without affecting integrity or availability.

Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that enables Flask debug mode by default. The debug configuration value is read as a string and passed directly to app.run(), causing any non-empty string to evaluate truthy, allowing attackers to access the Werkzeug debugger and disclose sensitive information or achieve remote code execution.

Development and test API endpoints are present that mirror production functionality.

CVE-2026-27131 is a medium severity vulnerability in the Sprig plugin for Craft CMS that allows authorized admin users or users with explicit Sprig Playground access to expose sensitive information such as security keys and credentials. This exposure occurs in versions 2.0.0 up to but not including 2.15.2, and 3.0.0 up to but not including 3.15.2.

MediumVulnerabilityUnited StatesGermanyUnited Kingdom+7#cve#cve-2026-27131#cwe-200

CVE-2025-15017 is a high-severity vulnerability affecting Moxa NPort 5000AI-M12 Series serial device servers, where active debug code remains enabled on the UART interface. An attacker with physical access can connect directly to the UART interface and gain unauthorized privileged access without authentication or user interaction. This allows execution of privileged operations and access to sensitive system resources, severely impacting confidentiality, integrity, and availability of the device. Exploitation complexity is low, but no remote exploitation or impact on external systems has been identified. The vulnerability affects version 1.0 of the product and has a CVSS 4.0 score of 7.0. No known exploits are currently in the wild, and no patches have been published yet. European organizations using these devices in critical infrastructure or industrial environments should prioritize physical security and monitor for updates from the vendor.

HighVulnerabilityGermanyFranceItaly+7#cve#cve-2025-15017#cwe-489

CVE-2023-4804 is a critical vulnerability in Johnson Controls Quantum HD Unity Compressor products where unauthorized users can access active debug features that were unintentionally exposed. This flaw allows remote attackers to gain full control over the affected devices without any authentication or user interaction. Exploitation can lead to complete compromise of confidentiality, integrity, and availability of the system. The vulnerability has a CVSS score of 10.0, indicating maximum severity. No known exploits are currently reported in the wild, but the risk remains high due to ease of exploitation and critical impact. European organizations using these HVAC control systems could face operational disruptions and data breaches. Immediate mitigation involves restricting network access to these devices, applying vendor patches once available, and monitoring for unusual activity. Countries with significant deployments of Johnson Controls products and critical infrastructure relying on HVAC systems are at higher risk. Given the critical nature and potential for widespread impact, this vulnerability demands urgent attention from defenders.

CriticalVulnerabilityGermanyFranceItaly+7#cve#cve-2023-4804#cwe-489

Due to a Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal, an unauthenticated attacker could inject malicious scripts that execute in the context of other users� browsers, allowing the attacker to steal session cookies, tokens, and other sensitive information. As a result, the vulnerability has a low impact on confidentiality and integrity and no impact on availability.

MediumVulnerabilityGermanyFranceUnited Kingdom+5#cve#cve-2025-42872#cwe-489

CVE-2025-2486 is a low-severity vulnerability in Ubuntu's edk2 UEFI firmware packages that allowed unintended access to the UEFI Shell in Secure Boot environments, potentially bypassing Secure Boot restrictions. The issue stems from active debug code that permitted the UEFI Shell to run despite Secure Boot protections. Versions 2024.05-2ubuntu0.3 and 2024.02-2ubuntu0.3 disable the Shell to mitigate this risk. This vulnerability builds on an incomplete fix for CVE-2023-48733. Exploitation requires local access and user interaction, with high attack complexity and no known exploits in the wild. The vulnerability primarily affects systems running Ubuntu with affected edk2 versions, and its impact on confidentiality, integrity, and availability is limited due to the constraints on exploitation.

LowVulnerabilityGermanyFranceNetherlands+5#cve#cve-2025-2486#cwe-489