CWE-489
Active Debug Code
Description
The product is released with debugging code still enabled or active.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-121 · CAPEC-661
CVEs mapped to this weakness (25)
page 2 of 2| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-32662 | Med | 0.34 | 5.3 | 0.00 | Apr 3, 2026 | Development and test API endpoints are present that mirror production functionality. | ||
| CVE-2025-1479 | Med | 0.34 | 5.3 | 0.00 | May 30, 2025 | An open debug interface was reported in the Legion Space software included on certain Legion devices that could allow a local attacker to execute arbitrary code. | ||
| CVE-2024-29075 | Med | 0.30 | 4.6 | 0.00 | Nov 12, 2024 | Active debug code vulnerability exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-adjacent authenticated attacker may obtain or alter the settings of the device . | ||
| CVE-2026-27131 | Med | 0.29 | 5.5 | 0.00 | Mar 23, 2026 | The Sprig Plugin for Craft CMS is a reactive Twig component framework for Craft CMS. Starting in version 2.0.0 and prior to versions 2.15.2 and 3.15.2, admin users, and users with explicit permission to access the Sprig Playground, could potentially expose the security key,… | ||
| CVE-2022-46156 | 0.00 | — | 0.00 | Nov 30, 2022 | The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring application provides probe functionality and executes network checks for monitoring remote targets. Users running the Synthetic Monitoring agent prior to version 0.12.0 in their local network are impacted. The… |
- risk 0.34cvss 5.3epss 0.00
Development and test API endpoints are present that mirror production functionality.
- risk 0.34cvss 5.3epss 0.00
An open debug interface was reported in the Legion Space software included on certain Legion devices that could allow a local attacker to execute arbitrary code.
- risk 0.30cvss 4.6epss 0.00
Active debug code vulnerability exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-adjacent authenticated attacker may obtain or alter the settings of the device .
- risk 0.29cvss 5.5epss 0.00
The Sprig Plugin for Craft CMS is a reactive Twig component framework for Craft CMS. Starting in version 2.0.0 and prior to versions 2.15.2 and 3.15.2, admin users, and users with explicit permission to access the Sprig Playground, could potentially expose the security key,…
- CVE-2022-46156Nov 30, 2022risk 0.00cvss —epss 0.00
The Synthetic Monitoring Agent for Grafana's Synthetic Monitoring application provides probe functionality and executes network checks for monitoring remote targets. Users running the Synthetic Monitoring agent prior to version 0.12.0 in their local network are impacted. The…