CVE-2025-12772

Brocade SANnav before 2.4.0b logs the Brocade Fabric OS Switch admin password on the SANnav support save logs. When OOM occurs on a Brocade SANnav server, the call stack trace for the Brocade switch is also collected in the heap dump file which contains this switch password in clear text. The...

CVE-2025-12772

Brocade SANnav before 2.4.0b logs the Brocade Fabric OS Switch admin password on the SANnav support save logs. When OOM occurs on a Brocade SANnav server, the call stack trace for the Brocade switch is also collected in the heap dump file which contains this switch password in clear text. The...

CVE-2025-12772 Plaintext Switch admin login password is seen in Brocade SANnav support save

Brocade SANnav before 2.4.0b logs the Brocade Fabric OS Switch admin password on the SANnav support save logs. When OOM occurs on a Brocade SANnav server, the call stack trace for the Brocade switch is also collected in the heap dump file which contains this switch password in clear text. The...

CVE-2025-12772

CVE-2025-12772 affects Brocade SANnav before 2.4.0b. The issue arises when an OOM condition causes a heap dump to include the switch admin password in plaintext within SANnav support logs. This could allow a remote authenticated attacker with admin privileges to read the password from logs or the...

CVE-2025-12772 Plaintext Switch admin login password is seen in Brocade SANnav support save

Brocade SANnav before 2.4.0b logs the Brocade Fabric OS Switch admin password on the SANnav support save logs. When OOM occurs on a Brocade SANnav server, the call stack trace for the Brocade switch is also collected in the heap dump file which contains this switch password in clear text. The...

EUVD-2019-7947

Malware in sbrugna...

EUVD-2019-7946

Malware in sbrugna...

EUVD-2025-16207

Malicious code in bioql PyPI...

PT-2025-28022 · Zipkin +1 · Zipkin +1

Name of the Vulnerable Software and Affected Versions: Zipkin versions prior to 3.5.2 Description: The issue is related to the exposure of heap dump information through the "/heapdump" endpoint, which is associated with the use of Spring Boot Actuator. This endpoint is similar to a previously...

TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability

TeleMessage TM SGNL contains an initialization of a resource with an insecure default vulnerability. This vulnerability relies on how the Spring Boot Actuator is configured with an exposed heap dump endpoint at a /heapdump URI...

CVE-2025-48927

The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025...

CVE-2025-48927

The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025...

TeleMessage 安全漏洞

TeleMessage is a secure and compliant messaging solution for organizations from TeleMessage Israel. A security vulnerability exists in TeleMessage version 2025-05-05 and earlier, which stems from exposing a heap dump endpoint when configuring Spring Boot Actuator...

CVE-2025-48927

CVE-2025-48927 concerns TeleMessage service configuring Spring Boot Actuator with an exposed /heapdump endpoint. Connected sources confirm the heapdump exposure stems from Actuator configuration and is implicated by multiple advisories (NVD entry, CISA KEV listing, and related GitHub/GHSA advisor...

CVE-2025-48927

The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

CVE-2025-48927

The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025...

CVE-2025-48927

The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025...

PT-2025-23110 · Unknown · Telemessage +1

Name of the Vulnerable Software and Affected Versions: TeleMessage versions through 2025-05-05 TeleMessage TM SGNL affected versions not specified Description: The TeleMessage service configures Spring Boot Actuator with an exposed heap dump endpoint at the /heapdump URI. This vulnerability has...

CVE-2020-6190

Certain vulnerable endpoints in SAP NetWeaver AS Java Heap Dump Application, versions 7.30, 7.31, 7.40, 7.50, provide valuable information about the system like hostname, server node and installation path that could be misused by an attacker leading to Information Disclosure...

SUSE CVE-2014-2068

The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump...