EUVD-2022-4826

Malicious code in bioql PyPI...

EUVD-2025-20090

Malicious code in bioql PyPI...

CVE-2025-53602

Zipkin through 3.5.1 has a /heapdump endpoint associated with the use of Spring Boot Actuator, a similar issue to CVE-2025-48927...

Exposure of Core Dump File to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Core Dump File to an Unauthorized Control Sphere via the heapdump endpoint, which is introduced through the use of Spring Boot Actuators. An attacker can access sensitive memory information by sending requests to this...

GHSA-794X-8X6X-QPFC Zipkin Server vulnerable to Insecure Resource Initialization through its /heapdump endpoint

Zipkin through 3.5.1 has a /heapdump endpoint associated with the use of Spring Boot Actuator, a similar issue to CVE-2025-48927...

Zipkin Server vulnerable to Insecure Resource Initialization through its /heapdump endpoint

Zipkin through 3.5.1 has a /heapdump endpoint associated with the use of Spring Boot Actuator, a similar issue to CVE-2025-48927...

CVE-2025-53602

Zipkin through 3.5.1 has a /heapdump endpoint associated with the use of Spring Boot Actuator, a similar issue to CVE-2025-48927...

CVE-2025-53602

Zipkin through 3.5.1 has a /heapdump endpoint associated with the use of Spring Boot Actuator, a similar issue to CVE-2025-48927...

CVE-2025-53602

Zipkin through 3.5.1 has a /heapdump endpoint associated with the use of Spring Boot Actuator, a similar issue to CVE-2025-48927...

zipkin 安全漏洞

zipkin is a distributed tracking system open-sourced by Open Zipkin. A security vulnerability exists in zipkin 3.5.1 and earlier versions, which originates from an attacker who can access sensitive system memory information via the /heapdump endpoint, leading to information disclosure...

CVE-2025-53602

CVE-2025-53602 affects Zipkin up to version 3.5.1 with a /heapdump endpoint (via Spring Boot Actuator). The root cause is exposure of sensitive heap memory information leading to potential information disclosure. The CVE is linked to related advisories (e.g., GHSA-794X-8X6X-QPFC) describing insec...

CVE-2025-53602

Zipkin through 3.5.1 has a /heapdump endpoint associated with the use of Spring Boot Actuator, a similar issue to CVE-2025-48927...

VulnCheck KEV: CVE-2025-48927

TeleMessage TM SGNL contains an initialization of a resource with an insecure default vulnerability. This vulnerability relies on how the Spring Boot Actuator is configured with an exposed heap dump endpoint at a /heapdump URI...

CVE-2024-3928 Dromara open-capacity-platform auth-server heapdump information disclosure

A vulnerability was found in Dromara open-capacity-platform 2.0.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /actuator/heapdump of the component auth-server. The manipulation leads to information disclosure. The attack can be...

Dromara open-capacity-platform 信息泄露漏洞

Dromara open-capacity-platform is a microservices capacity open platform from Dromara. An information disclosure vulnerability exists in Dromara open-capacity-platform version 2.0.1, which stems from an information disclosure vulnerability in file/actuator/heapdump...

Information Disclosure

jenkins is vulnerable to information disclosure. The vulnerability exists as it allows remotely authenticated user with ADMINISTER permission to obtain sensitive information through heapDump...

CVE-2014-2068

The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump...

CVE-2014-2068

The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump...

CVE-2014-2068

The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump...

CVE-2014-2068

The doIndex function in hudson/util/RemotingDiagnostics.java in CloudBees Jenkins before 1.551 and LTS before 1.532.2 allows remote authenticated users with the ADMINISTER permission to obtain sensitive information via vectors related to heapDump...