CVE-2025-6108

Vulnerability CVE-2025-6108 affects hansonwang99 Spring-Boot-In-Action up to a specific commit. The path-traversal flaw is in the watermarkTest function of ImageUploadService.java under the File Upload component, allowing remote exploitation. Multiple sources confirm the issue and public disclosu...

CVE-2025-6108 hansonwang99 Spring-Boot-In-Action File Upload ImageUploadService.java watermarkTest path traversal

A vulnerability was found in hansonwang99 Spring-Boot-In-Action up to 807fd37643aa774b94fd004cc3adbd29ca17e9aa. It has been declared as critical. Affected by this vulnerability is the function watermarkTest of the file...

hansonwang99 Spring-Boot-In-Action 路径遍历漏洞

hansonwang99 Spring-Boot-In-Action is hansonwang99 individual developer of a Spring Boot series of practical collection. hansonwang99 Spring-Boot-In-Action has a path traversal vulnerability that stems from a path traversal issue that could lead to file manipulation...

cn.herodotus.engine:message-spring-boot-starter (>=2.7.3.4 <=3.0.0-M2), com.airbus-cyber-security.graylog:graylog-plugin-aggregation-count (>=4.0.0 <=4.1.1) +179 more potentially affected by CVE-2025-27819 via org.apache.kafka:kafka_2.13 (>=2.4.0 <=3.3.2)

org.apache.kafka:kafka2.13 MAVEN version =2.4.0, =2.7.3.4, =4.0.0, =4.0.0, =4.0.0, =4.0.1, =2.10.6.9, =2.10.6.9, =2.10.6.9, =2.10.6.9, =2.10.6.9, =2.10.6.9, =2.10.6.9, =2.10.6.9, =1.0.0, =1.2.0 - com.cerner.c...

WebStack-Guns 安全漏洞

WebStack-Guns is an open source URL navigation website project by Dana Keeling, an individual developer, with a backend based on Guns and Springboot. A security vulnerability exists in WebStack-Guns version 1.0, which stems from cross-site scripting due to incorrect manipulation of the parameter...

shiyi-blog 授权问题漏洞

shiyi-blog is a vue+springboot front-end and back-end separated blog system by bule individual developer. An authorization issue vulnerability exists in shiyi-blog 1.2.1 and earlier versions, which stems from improper authentication...

web-flash 安全漏洞

web-flash is an open source web system based on Spring Boot and Vue.js by enilu. A security vulnerability exists in web-flash version 1.0, which originates from a cross-site scripting attack due to a misuse of the parameter File...

CVE-2025-48927

The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025...

CVE-2025-48927

The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025...

TeleMessage 安全漏洞

TeleMessage is a secure and compliant messaging solution for organizations from TeleMessage Israel. A security vulnerability exists in TeleMessage version 2025-05-05 and earlier, which stems from exposing a heap dump endpoint when configuring Spring Boot Actuator...

CVE-2025-48927

CVE-2025-48927 concerns TeleMessage service configuring Spring Boot Actuator with an exposed /heapdump endpoint. Connected sources confirm the heapdump exposure stems from Actuator configuration and is implicated by multiple advisories (NVD entry, CISA KEV listing, and related GitHub/GHSA advisor...

VulnCheck KEV: CVE-2025-48927

TeleMessage TM SGNL contains an initialization of a resource with an insecure default vulnerability. This vulnerability relies on how the Spring Boot Actuator is configured with an exposed heap dump endpoint at a /heapdump URI...

CVE-2025-48927

The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

CVE-2025-48927

The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025...

CVE-2025-48927

The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025...

PT-2025-23110 · Unknown · Telemessage +1

Name of the Vulnerable Software and Affected Versions: TeleMessage versions through 2025-05-05 TeleMessage TM SGNL affected versions not specified Description: The TeleMessage service configures Spring Boot Actuator with an exposed heap dump endpoint at the /heapdump URI. This vulnerability has...

Tmall_demo 安全特征问题漏洞

Tmalldemo is a Spring Boot-based mini Tmall by the Xianqi Mall projectteam team. A security feature issue vulnerability exists in Tmalldemo 20250505 and earlier versions, which stems from insufficient random values in the file /tmall/order/pay/...

Tmall_demo 代码注入漏洞

Tmalldemo is a Spring Boot-based mini Tmall by the Xianqi Mall projectteam team. A code injection vulnerability exists in Tmalldemo 20250505 and earlier versions, which stems from a misbehavior of the component Search Box resulting in cross-site scripting...

Tmall_demo 代码问题漏洞

Tmalldemo is a Spring Boot-based mini Tmall by the Xianqi Mall projectteam team. A code issue vulnerability exists in Tmalldemo 20250505 and earlier versions, which stems from the incorrect operation of the parameter File in the file tmall/admin/uploadProductImage, resulting in unlimited uploads...

Tmall_demo 安全漏洞

Tmalldemo is a Spring Boot-based mini Tmall by the Xianqi Mall projectteam team. A security vulnerability exists in Tmalldemo 20250505 and earlier versions, which stems from a cross-site request forgery due to misuse of the file tmall/admin/account/logout...