4 matches found
CVE-2025-48929
The CVE-2025-48929 affects the TeleMessage service up to 2025-05-05, where authentication relies on a long‑lived credential that can be reused if discovered. This is the stated root cause. Some connected sources indicate this vulnerability has been exploited in the wild (May 2025) and suggest rem...
CVE-2025-48927
The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025...
CVE-2024-58136
Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025...
CVE-2024-58136
Yii 2 before 2.0.52 mishandles the attaching of behavior that is defined by an class array key, a CVE-2024-4990 regression, as exploited in the wild in February through April 2025...