CVE-2025-62188 Apache DolphinScheduler: Users can access sensitive information through the actuator endpoint.

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler. This vulnerability may allow unauthorized actors to access sensitive information, including database credentials. This issue affects Apache DolphinScheduler versions 3.1.. Users are...

CVE-2025-62188 Apache DolphinScheduler: Users can access sensitive information through the actuator endpoint.

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler. This vulnerability may allow unauthorized actors to access sensitive information, including database credentials. This issue affects Apache DolphinScheduler versions 3.1.. Users are...

Versa Concerto Improper Authentication Vulnerability

Versa Concerto SD-WAN orchestration platform contains an improper authentication vulnerability in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs...

CVE-2025-15141

A vulnerability was determined in Halo up to 2.21.10. This issue affects some unknown processing of the file /actuator of the component Configuration Handler. Executing a manipulation can lead to information disclosure. The attack may be performed from remote. This attack is characterized by high...

CVE-2025-15141

A vulnerability was determined in Halo up to 2.21.10. This issue affects some unknown processing of the file /actuator of the component Configuration Handler. Executing a manipulation can lead to information disclosure. The attack may be performed from remote. This attack is characterized by high...

EUVD-2025-205514

A vulnerability was determined in Halo up to 2.21.10. This issue affects some unknown processing of the file /actuator of the component Configuration Handler. Executing manipulation can lead to information disclosure. The attack may be performed from remote. This attack is characterized by high...

CVE-2025-15141

A vulnerability was determined in Halo up to 2.21.10. This issue affects some unknown processing of the file /actuator of the component Configuration Handler. Executing a manipulation can lead to information disclosure. The attack may be performed from remote. This attack is characterized by high...

CVE-2025-15141

CVE-2025-15141 affects Halo up to 2.21.10 in the Configuration Handler, where manipulating the /actuator file may cause information disclosure. The issue is exploitable from remote with high complexity; exploit has been publicly disclosed. Connected sources (Red Hat, CIRCL, NVD/CVE feeds, PT Secu...

PT-2025-53656

Name of the Vulnerable Software and Affected Versions Halo versions up to 2.21.10 Description A flaw exists in Halo, specifically within the Configuration Handler component. This issue involves the processing of the /actuator file and can lead to information disclosure. The attack can be carried...

EUVD-2025-12575

Malicious code in bioql PyPI...

Security Bulletin: EndpointRequest.to() creates a matcher for null/** if the actuator endpoint is disabled or not exposed, which affects IBM watsonx.data

Summary EndpointRequest.to creates a matcher for null/ if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are met: You use Spring Security EndpointRequest.to has been used i...

CVE-2025-8738

A vulnerability has been found in zlt2000 microservices-platform up to 6.0.0 and classified as problematic. This vulnerability affects unknown code of the file /actuator of the component Spring Actuator Interface. The manipulation leads to information disclosure. The attack can be initiated...

CVE-2025-34026

The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.This issue is kno...

CVE-2025-34026

The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.This issue is kno...

CVE-2025-34026 Versa Concerto Actuator Authentication Bypass Information Leak

The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.This issue is kno...

PT-2025-22440

Name of the Vulnerable Software and Affected Versions Versa Concerto versions 12.1.2 through 12.2.0 Description The Versa Concerto SD-WAN orchestration platform has an authentication bypass issue in the Traefik reverse proxy configuration. This allows an attacker to access administrative endpoint...

Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed

EndpointRequest.to creates a matcher for null/ if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are met: You use Spring Security EndpointRequest.to has been used in a Spri...

GHSA-RC42-6C7J-7H5R Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed

EndpointRequest.to creates a matcher for null/ if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are met: You use Spring Security EndpointRequest.to has been used in a Spri...

CVE-2025-22235 Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed

EndpointRequest.to creates a matcher for null/ if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are met: You use Spring Security EndpointRequest.to has been used in a Spri...

CVE-2025-22235

CVE-2025-22235 : EndpointRequest.to() creates a matcher for /null when the actuator endpoint is disabled or not exposed. IBM advisories confirm this CVE as addressed by IBM Library Support for Spring: upgrade to fixed versions in the remediation table (e.g., IBM Library Support for Spring 6.2.x →...