MiracleLinux 8 : dotnet5.0-5.0.206-1.el8.ML.1 (AXSA:2021-2360:10)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2360:10 advisory. dotnet: ASP.NET Core WebSocket frame processing DoS CVE-2021-26423 dotnet: Dump file created world-readable CVE-2021-34485 dotnet: ASP.NET Core JWT...

Amazon Linux 2023 : cairo, cairo-devel, cairo-gobject (ALAS2023-2025-1172)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1172 advisory. An issue was discovered in freedesktop poppler v25.04.0. The heap memory containing PDF stream objects is not cleared upon program exit, allowing attackers to obtain sensitive PDF content via a memory...

Linux Distros Unpatched Vulnerability : CVE-2023-32784

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. Th...

Exposure of Core Dump File to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Core Dump File to an Unauthorized Control Sphere via the heapdump endpoint, which is introduced through the use of Spring Boot Actuators. An attacker can access sensitive memory information by sending requests to this...

PT-2025-28022 · Zipkin +1 · Zipkin +1

Name of the Vulnerable Software and Affected Versions: Zipkin versions prior to 3.5.2 Description: The issue is related to the exposure of heap dump information through the "/heapdump" endpoint, which is associated with the use of Spring Boot Actuator. This endpoint is similar to a previously...

CISA Adds Two Known Exploited Vulnerabilities to Catalog

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2025-48927link is external TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability CVE-2025-48928link is external TeleMessage TM...

VulnCheck KEV: CVE-2025-48928

TeleMessage TM SGNL contains an exposure of core dump file to an unauthorized control sphere Vulnerability. This vulnerability is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dum...

Netwave IP camera 安全漏洞

Netwave IP camera is a webcam from Netwave. A security vulnerability exists in Netwave IP camera, which originates from a memory dump issue in //proc/kcore. An unauthenticated attacker can use this vulnerability to steal sensitive information from the network configuration...

GHSA-8RCQ-P4GH-VMJ8 Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ

The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting XSS attacks and consequently obtain sensitive information from a Java memory dump via vectors related to creating a...

IBM SPSS Modeler Information Disclosure Vulnerability

IBM SPSS Modeler formerly known as Clementine is a set of data mining platforms from the American company IBM. The platform provides a visual environment for rapid model building, and provides functions such as data source connection, data processing, modeling and analysis. A security vulnerabili...