CVEs classified under CWE-489, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (50)
CVE-2023-4804 — CVSS 10.0 (critical): An unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed.
CVE-2026-49188 — CVSS 9.8 (critical): The ai_cmd utility executes with full root permissions. It pipes socket inputs directly to popen(), paving the way for unauthenticated…
CVE-2024-46873 — CVSS 9.8 (critical): Multiple SHARP routers leave the hidden debug function enabled. An arbitrary OS command may be executed with the root privilege by a remote…
CVE-2024-21785 — CVSS 9.8 (critical): A leftover debug code vulnerability exists in the Telnet Diagnostic Interface functionality of AutomationDirect P3-550E 1.2.10.9. A…
CVE-2024-32047 — CVSS 9.8 (critical): Hard-coded credentials for the CyberPower PowerPanel test server can be found in the production code. This might result in an attacker…
CVE-2024-28008 — CVSS 9.8 (critical): Active Debug Code in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2…
CVE-2023-32645 — CVSS 9.8 (critical): A leftover debug code vulnerability exists in the httpd debug credentials functionality of Yifan YF325 v1.0_20221108. A specially crafted…
CVE-2023-22357 — CVSS 9.8 (critical): Active debug code exists in OMRON CP1L-EL20DR-D all versions, which may lead to a command that is not specified in FINS protocol being…
CVE-2022-32585 — CVSS 9.8 (critical): A command execution vulnerability exists in the clish art2 functionality of Robustel R1510 3.3.0. A specially-crafted network request can…
CVE-2019-10939 — CVSS 9.8 (critical): A vulnerability has been identified in TIM 3V-IE (incl. SIPLUS NET variants) (All versions < V2.8), TIM 3V-IE Advanced (incl. SIPLUS NET…
CVE-2026-40035 — CVSS 9.1 (critical): Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that enables Flask debug mode by default. The…
CVE-2025-4106: An authenticated admin user with access to both the management WebUI and command line interface on a Firebox can enable a diagnostic debug…
CVE-2025-2486 — CVSS 8.8 (high): The Ubuntu edk2 UEFI firmware packages accidentally allowed the UEFI Shell to be accessed in Secure Boot environments, possibly allowing…
CVE-2024-31406 — CVSS 8.8 (high): Active debug code vulnerability exists in RoamWiFi R10 prior to 4.8.45. If this vulnerability is exploited, a network-adjacent…
CVE-2022-38715 — CVSS 8.8 (high): A leftover debug code vulnerability exists in the httpd shell.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A…
CVE-2022-30543 — CVSS 8.8 (high): A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted…
CVE-2022-28689 — CVSS 8.8 (high): A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted…
CVE-2022-25995 — CVSS 8.8 (high): A command execution vulnerability exists in the console inhand functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted…
CVE-2021-33591 — CVSS 8.8 (high): An exposed remote debugging port in Naver Comic Viewer prior to 1.0.15.0 allowed a remote attacker to execute arbitrary code via a crafted…
CVE-2025-36899 — CVSS 8.4 (high): There is a possible escalation of privilege due to test/debugging code left in a production build. This could lead to physical escalation…
CVE-2023-0954 — CVSS 8.3 (high): A debug feature in Sensormatic Electronics Illustra Pro Gen 4 Dome and PTZ cameras allows a user to compromise credentials after a long…
CVE-2022-20649 — CVSS 8.1 (high): A vulnerability in Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform remote code…
CVE-2022-29888 — CVSS 8.1 (high): A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. A…
CVE-2018-5454 — CVSS 8.1 (high): Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability where code debugging methods are enabled, which could…
CVE-2025-64983 — CVSS 8.0 (high): Smart Video Doorbell firmware versions prior to 2.01.078 contain an active debug code vulnerability that allows an attacker to connect via…
CVE-2025-30185 — CVSS 7.9 (high): Active debug code for some Intel UEFI reference platforms within Ring 0: Kernel may allow a denial of service and escalation of privilege…
CVE-2024-44092 — CVSS 7.8 (high): There is a possible LCS signing enforcement missing due to test/debugging code left in a production build. This could lead to local…
CVE-2026-59092 — CVSS 7.7 (high): JuiceFS through 1.3.1, fixed in commit a46979c, contains an authentication bypass vulnerability that allows unauthenticated remote…
CVE-2026-9133 — CVSS 7.7 (high): Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before version 0.2.1. A debug ARN scheme (arn:aws-debug:file)…
CVE-2024-29511 — CVSS 7.5 (high): Artifex Ghostscript before 10.03.1, when Tesseract is used for OCR, has a directory traversal issue that allows arbitrary file reading (and…
CVE-2022-33323 — CVSS 7.5 (high): Active Debug Code vulnerability in robot controller of Mitsubishi Electric Corporation industrial robot MELFA SD/SQ Series and MELFA…
CVE-2022-32760 — CVSS 7.5 (high): A denial of service vulnerability exists in the XCMD doDebug functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and…
CVE-2021-40419 — CVSS 7.5 (high): A firmware update vulnerability exists in the 'factory' binary of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted series of…
CVE-2025-52663 — CVSS 7.3 (high): A vulnerability was identified in certain UniFi Talk devices where internal debugging functionality remained unintentionally enabled. This…
CVE-2023-49593 — CVSS 7.2 (high): Leftover debug code exists in the boa formSysCmd functionality of LevelOne WBR-6013 RER4_A_v3411b_2T2R_LEV_09_170623. A specially crafted…
CVE-2024-21827 — CVSS 7.2 (high): A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.4.1 Build…
CVE-2022-46156 — CVSS 7.2 (high): The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring application provides probe functionality and executes network checks for…
CVE-2020-25156 — CVSS 7.2 (high): Active debug code in the B. Braun Melsungen AG SpaceCom Version L8/U61, and the Data module compactplus Versions A10 and A11 and earlier…
CVE-2025-15017: A vulnerability exists in serial device servers where active debug code remains enabled in the UART interface. An attacker with physical…
CVE-2026-33201 — CVSS 6.8 (medium): Digital Photo Frame GH-WDF10A provided by GREEN HOUSE CO., LTD. contains an active debug code vulnerability. If this vulnerability is…
CVE-2025-7705 — CVSS 6.8 (medium): : Active Debug Code vulnerability in ABB Switch Actuator 4 DU-83330, ABB Switch actuator, door/light 4 DU -83330-500.This issue affects…
CVE-2025-2919 — CVSS 6.8 (medium): A vulnerability was found in Netis WF-2404 1.1.124EN. It has been declared as critical. This vulnerability affects unknown code of the…
CVE-2024-53648 — CVSS 6.8 (medium): A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.90), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5…
CVE-2024-41999 — CVSS 6.8 (medium): Smart-tab Android app installed April 2023 or earlier contains an active debug code vulnerability. If this vulnerability is exploited, an…
CVE-2024-7756 — CVSS 6.8 (medium): A potential vulnerability was reported in the ThinkPad L390 Yoga and 10w Notebook that could allow a local attacker to escalate privileges…
CVE-2024-30219 — CVSS 6.8 (medium): Active debug code vulnerability exists in PLANEX COMMUNICATIONS wireless LAN routers. If a logged-in user who knows how to use the debug…
CVE-2021-1398 — CVSS 6.8 (medium): A vulnerability in the boot logic of Cisco IOS XE Software could allow an authenticated, local attacker with level 15 privileges or an…
CVE-2021-3972 — CVSS 6.7 (medium): A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices' BIOS that was mistakenly…
CVE-2021-3971 — CVSS 6.7 (medium): A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was…
CVE-2022-29481 — CVSS 6.5 (medium): A leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted…