CWE-489 84 個 CVE MITRE 定義 ↗

CWE-489:Active Debug Code

概覽

CWE-489(Active Debug Code)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

The product is released with debugging code still enabled or active.

適用平台

類型 名稱 普遍性 OS / CPE
language Not Language-Specific Undetermined
technology Not Technology-Specific Undetermined
technology ICS/OT Undetermined

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2026-58378 2026-07-09 Allwinner H616 TV Box TV98 has ADB enabled and exposed to the network on production. An attacker could request for ADB authorization and gain root level privileges if the victim allows access.
CVE-2026-54799 2026-07-09 A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application contains a vulnerability …
CVE-2026-54798 2026-07-09 A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.20), SICORE Base system (All versions < V26.20.0). The affected application includes a debugging inte…
CVE-2026-58191 2026-07-08 Appium is a cross-platform automation framework for all kinds of apps, built on top of the W3C WebDriver protocol. Prior to 10.7.0, Appium's base-driver unconditionally mounts the /test/guinea-pig, /t…
CVE-2026-59092 2026-07-02 JuiceFS through 1.3.1, fixed in commit a46979c, contains an authentication bypass vulnerability that allows unauthenticated remote attackers to access sensitive debug and metrics endpoints by exploiti…
CVE-2026-49188 2026-06-04 The ai_cmd utility executes with full root permissions. It pipes socket inputs directly to popen(), paving the way for unauthenticated users to execute arbitrary root commands.
CVE-2026-45728 2026-05-26 Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is invoked with a single file path instead of a directory, singleFileMode is set to true and debugMode is forcibly…
CVE-2026-9133 2026-05-20 Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before version 0.2.1. A debug ARN scheme (arn:aws-debug:file) accepted by the PUT /api/aws/arn/validate validation endpoint might…
CVE-2026-40035 2026-04-08 Unfurl through 2025.08 contains an improper input validation vulnerability in config parsing that enables Flask debug mode by default. The debug configuration value is read as a string and passed dire…
CVE-2026-32662 2026-04-03 Development and test API endpoints are present that mirror production functionality.
CVE-2026-33201 2026-03-26 Digital Photo Frame GH-WDF10A provided by GREEN HOUSE CO., LTD. contains an active debug code vulnerability. If this vulnerability is exploited, files or configurations on the affected device may be r…
CVE-2026-27131 2026-03-23 The Sprig Plugin for Craft CMS is a reactive Twig component framework for Craft CMS. Starting in version 2.0.0 and prior to versions 2.15.2 and 3.15.2, admin users, and users with explicit permission …
CVE-2025-15017 2025-12-31 A vulnerability exists in serial device servers where active debug code remains enabled in the UART interface. An attacker with physical access to the device can directly connect to the UART interface…
CVE-2025-42872 2025-12-09 Due to a Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Enterprise Portal, an unauthenticated attacker could inject malicious scripts that execute in the context of other users� browsers, a…
CVE-2025-2486 2025-11-26 The Ubuntu edk2 UEFI firmware packages accidentally allowed the UEFI Shell to be accessed in Secure Boot environments, possibly allowing bypass of Secure Boot constraints. Versions 2024.05-2ubuntu0.3 …
CVE-2025-64983 2025-11-26 Smart Video Doorbell firmware versions prior to 2.01.078 contain an active debug code vulnerability that allows an attacker to connect via Telnet and gain access to the device.
CVE-2025-54660 2025-11-18 An active debug code vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.10, FortiClientWindows 7.0 all versions may allow a local attacker to run th…
CVE-2025-30185 2025-11-11 Active debug code for some Intel UEFI reference platforms within Ring 0: Kernel may allow a denial of service and escalation of privilege. System software adversary with a privileged user combined wit…
CVE-2025-52663 2025-10-30 A vulnerability was identified in certain UniFi Talk devices where internal debugging functionality remained unintentionally enabled. This issue could allow an attacker with access to the UniFi Talk m…
CVE-2025-4106 2025-10-24 An authenticated admin user with access to both the management WebUI and command line interface on a Firebox can enable a diagnostic debug shell by uploading a platform and version-specific diagnostic…

曾用名

  • Leftover Debug Code (2020-02-24)

內容提交

名稱
7 Pernicious Kingdoms
日期
2006-07-19
版本
Draft 3

內容修訂

日期 名稱 版本 重要性 評論
2008-07-01 Eric Dalci 1.0 updated Potential_Mitigations, Time_of_Introduction
2008-08-01 1.0 added/updated white box definitions
2008-09-08 CWE Content Team 1.0 updated Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings
2009-07-27 CWE Content Team 1.5 updated Demonstrative_Examples
2009-10-29 CWE Content Team 1.6 updated Common_Consequences
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2011-06-27 CWE Content Team 2.0 updated Common_Consequences
2012-05-11 CWE Content Team 2.2 updated Relationships
2012-10-30 CWE Content Team 2.3 updated Potential_Mitigations
2014-06-23 CWE Content Team 2.7 updated Description, Modes_of_Introduction, Other_Notes, Time_of_Introduction
2014-07-30 CWE Content Team 2.8 updated Relationships, Taxonomy_Mappings
2017-11-08 CWE Content Team 3.0 updated Applicable_Platforms, Relationships, White_Box_Definitions
2019-01-03 CWE Content Team 3.2 updated Weakness_Ordinalities
2019-06-20 CWE Content Team 3.3 updated Related_Attack_Patterns
2020-02-24 CWE Content Team 4.0 updated Description, Name, References, Relationships
2021-03-15 CWE Content Team 4.4 updated Related_Attack_Patterns
2021-07-20 CWE Content Team 4.5 updated Alternate_Terms
2023-01-31 CWE Content Team 4.10 updated Applicable_Platforms, Description, Relationships
2023-04-27 CWE Content Team 4.11 updated Detection_Factors, Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2025-09-09 CWE Content Team 4.18 updated Common_Consequences, Description, Diagram, Modes_of_Introduction
2025-12-11 CWE Content Team 4.19 updated Relationships
2026-04-30 CWE Content Team 4.20 updated Observed_Examples
cvelogic Threat Intelligence