46 matches found
CVE-2026-11458
A weakness has been identified in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This issue affects some unknown processing of the file /base-boot/actuator of the component Boot Actuator Endpoint. Executing a manipulation can lead to information disclosure. The attack can be...
CVE-2026-11458
A weakness has been identified in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This issue affects some unknown processing of the file /base-boot/actuator of the component Boot Actuator Endpoint. Executing a manipulation can lead to information disclosure. The attack can be...
EUVD-2026-34988
A weakness has been identified in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This issue affects some unknown processing of the file /base-boot/actuator of the component Boot Actuator Endpoint. Executing a manipulation can lead to information disclosure. The attack can be...
CVE-2026-11458 erzhongxmu JeeWMS Boot Actuator Endpoint actuator information disclosure
A weakness has been identified in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This issue affects some unknown processing of the file /base-boot/actuator of the component Boot Actuator Endpoint. Executing a manipulation can lead to information disclosure. The attack can be...
CVE-2026-11458 erzhongxmu JeeWMS Boot Actuator Endpoint actuator information disclosure
A weakness has been identified in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This issue affects some unknown processing of the file /base-boot/actuator of the component Boot Actuator Endpoint. Executing a manipulation can lead to information disclosure. The attack can be...
CVE-2025-62188 Apache DolphinScheduler: Users can access sensitive information through the actuator endpoint.
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler. This vulnerability may allow unauthorized actors to access sensitive information, including database credentials. This issue affects Apache DolphinScheduler versions 3.1.. Users are...
CVE-2025-62188 Apache DolphinScheduler: Users can access sensitive information through the actuator endpoint.
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler. This vulnerability may allow unauthorized actors to access sensitive information, including database credentials. This issue affects Apache DolphinScheduler versions 3.1.. Users are...
CVE-2025-62188
CVE-2025-62188 concerns an exposure of sensitive information via the management actuator endpoints in Apache DolphinScheduler. The affected line is 3.1.x, with guidance to upgrade to version 3.2.0 or later. A temporary workaround is to constrain exposed endpoints using the environment variable MA...
Versa Concerto Improper Authentication Vulnerability
Versa Concerto SD-WAN orchestration platform contains an improper authentication vulnerability in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs...
CVE-2025-15141
A vulnerability was determined in Halo up to 2.21.10. This issue affects some unknown processing of the file /actuator of the component Configuration Handler. Executing a manipulation can lead to information disclosure. The attack may be performed from remote. This attack is characterized by high...
CVE-2025-15141
A vulnerability was determined in Halo up to 2.21.10. This issue affects some unknown processing of the file /actuator of the component Configuration Handler. Executing a manipulation can lead to information disclosure. The attack may be performed from remote. This attack is characterized by high...
CVE-2025-15141
CVE-2025-15141 affects Halo up to 2.21.10 in the Configuration Handler, where manipulating the /actuator file may cause information disclosure. The issue is exploitable from remote with high complexity; exploit has been publicly disclosed. Connected sources (Red Hat, CIRCL, NVD/CVE feeds, PT Secu...
CVE-2025-15141
A vulnerability was determined in Halo up to 2.21.10. This issue affects some unknown processing of the file /actuator of the component Configuration Handler. Executing a manipulation can lead to information disclosure. The attack may be performed from remote. This attack is characterized by high...
EUVD-2025-205514
A vulnerability was determined in Halo up to 2.21.10. This issue affects some unknown processing of the file /actuator of the component Configuration Handler. Executing manipulation can lead to information disclosure. The attack may be performed from remote. This attack is characterized by high...
PT-2025-53656
Name of the Vulnerable Software and Affected Versions Halo versions up to 2.21.10 Description A flaw exists in Halo, specifically within the Configuration Handler component. This issue involves the processing of the /actuator file and can lead to information disclosure. The attack can be carried...
PT-2025-42472
Name of the Vulnerable Software and Affected Versions Spring Cloud Gateway Server Webflux affected versions not specified Description Spring Cloud Gateway Server Webflux is susceptible to a SpEL Spring Expression Language injection issue. This flaw allows unauthenticated attackers to access...
EUVD-2025-12575
Malicious code in bioql PyPI...
Security Bulletin: EndpointRequest.to() creates a matcher for null/** if the actuator endpoint is disabled or not exposed, which affects IBM watsonx.data
Summary EndpointRequest.to creates a matcher for null/ if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed. Your application may be affected by this if all the following conditions are met: You use Spring Security EndpointRequest.to has been used i...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to an Improper Input Validation in Spring [CVE-2025-22235]
Summary IBM Watson Speech Services Cartridge is vulnerable to an Improper Input Validation in Spring , caused by Spring Boot EndpointRequest.to creating the wrong matcher if the actuator endpoint is not exposed CVE-2025-22235 . Spring is used as part of our Java Microservices. This vulnerabilitiy...
CVE-2025-8738
A vulnerability has been found in zlt2000 microservices-platform up to 6.0.0 and classified as problematic. This vulnerability affects unknown code of the file /actuator of the component Spring Actuator Interface. The manipulation leads to information disclosure. The attack can be initiated...