CWE-489 · Active Debug Code
79 CVEs classified under CWE-489 (Active Debug Code). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-4804 | Critical | 10.0 | 2023-11-10 | An unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed. |
CVE-2026-49188 | Critical | 9.8 | 2026-06-04 | The ai_cmd utility executes with full root permissions. It pipes socket inputs directly to popen(), paving the way for unauthenticated users to execute arbitra… |
CVE-2024-9644 | Critical | 9.8 | 2025-02-04 | The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an authentication bypass vulnerability in the administrative web server. Authentication is… |
CVE-2024-9643 | Critical | 9.8 | 2025-02-04 | The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web server. An att… |
CVE-2024-46873 | Critical | 9.8 | 2024-12-23 | Multiple SHARP routers leave the hidden debug function enabled. An arbitrary OS command may be executed with the root privilege by a remote unauthenticated att… |
CVE-2024-21785 | Critical | 9.8 | 2024-05-28 | A leftover debug code vulnerability exists in the Telnet Diagnostic Interface functionality of AutomationDirect P3-550E 1.2.10.9. A specially crafted series of… |
CVE-2024-32047 | Critical | 9.8 | 2024-05-15 | Hard-coded credentials for the CyberPower PowerPanel test server can be found in the production code. This might result in an attacker gaining access to the… |
CVE-2024-28008 | Critical | 9.8 | 2024-03-28 | Active Debug Code in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG120… |
CVE-2023-34346 | Critical | 9.8 | 2023-10-11 | A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.0_20221108. A specially crafted network packet ca… |
CVE-2023-32645 | Critical | 9.8 | 2023-10-11 | A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can l… |
CVE-2022-45677 | Critical | 9.8 | 2023-02-21 | SQL Injection Vulnerability in tanujpatra228 Tution Management System (TMS) via the email parameter to processes/student_login.process.php. |
CVE-2023-22357 | Critical | 9.8 | 2023-01-17 | Active debug code exists in OMRON CP1L-EL20DR-D all versions, which may lead to a command that is not specified in FINS protocol being executed without authent… |
CVE-2022-29520 | Critical | 9.8 | 2022-10-25 | An OS command injection vulnerability exists in the console_main_loop :sys functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-… |
CVE-2022-32585 | Critical | 9.8 | 2022-06-30 | A command execution vulnerability exists in the clish art2 functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary com… |
CVE-2019-10939 | Critical | 9.8 | 2020-04-14 | A vulnerability has been identified in TIM 3V-IE (incl. SIPLUS NET variants) (All versions < V2.8), TIM 3V-IE Advanced (incl. SIPLUS NET variants) (All version… |
CVE-2026-40035 | Critical | 9.1 | 2026-04-08 | Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that enables Flask debug mode by default. The debug configuration… |
CVE-2025-2486 | High | 8.8 | 2025-11-26 | The Ubuntu edk2 UEFI firmware packages accidentally allowed the UEFI Shell to be accessed in Secure Boot environments, possibly allowing bypass of Secure Boot… |
CVE-2024-36475 | High | 8.8 | 2024-07-17 | FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain an active debug code vulnerability. If a user who knows how to us… |
CVE-2024-31406 | High | 8.8 | 2024-04-24 | Active debug code vulnerability exists in RoamWiFi R10 prior to 4.8.45. If this vulnerability is exploited, a network-adjacent unauthenticated attacker with ac… |
CVE-2022-38715 | High | 8.8 | 2023-01-26 | A leftover debug code vulnerability exists in the httpd shell.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request… |