39 matches found
CVE-2025-43796
Liferay Portal 7.4.0 through 7.4.3.101, and Liferay DXP 2023.Q3.0 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA though update 35 does not limit the number of objects returned from a GraphQL queries, which allows remote attackers to perform denial-of-service DoS attacks on the application...
CVE-2025-43796
creationtimestamp| type| source ---|---|--- 2025-09-12 23:01:15+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lyoekr2mlg2j 2025-09-14 03:01:43+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3lyrchnigin2d...
CVE-2025-43796
Liferay Portal 7.4.0 through 7.4.3.101, and Liferay DXP 2023.Q3.0 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA though update 35 does not limit the number of objects returned from a GraphQL queries, which allows remote attackers to perform denial-of-service DoS attacks on the application...
Security Bulletin: Due to use of Nodejs Express.js, multiple vulnerabilities affect IBM Cloud Pak System[CVE-2024-43796, CVE-2024-43799, CVE-2024-43800]
Summary Multiple vulnerabilities in Send cross-site scripting XSS within the SendStream.redirect, serve-static built-in and response.redirect found in Node.js Express.js which is used by IBM Cloud Pak System. Vulnerabilities were addressed by IBM Cloud Pak System. Vulnerability Details...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in express-4.18.1.tgz
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of express-4.18.1.tgz Vulnerability Details CVEID:CVE-2024-43796 DESCRIPTION: Express.js minimalist web framework for node. In express 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect may...
Security Bulletin: IBM Maximo Application Suite - Manage Component uses express-4.19.2.tgz which is vulnerable to CVE-2024-43796
Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses express-4.19.2.tgz which is vulnerable to CVE-2024-43796. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-43796 DESCRIPTION: Express.js minimalist w...
Ubuntu: Security Advisory (USN-7581-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : Express vulnerabilities (USN-7581-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7581-1 advisory. It was discovered that Express incorrectly handled certain URLs, leading to an open redirect...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to Cross-site Scripting (XSS) due to express.js ( CVE-2024-43796 )
Summary Potential vulnerabilities in express.js package CVE-2024-43796 has been identified that may affect IBM Cloud Pak for Data. Vulnerability Details CVEID:CVE-2024-43796 DESCRIPTION: Express.js minimalist web framework for node. In express 4.20.0, passing untrusted user input - even after...
Fedora: Security Advisory (FEDORA-2024-9e85c72624)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Linux Distros Unpatched Vulnerability : CVE-2024-43796
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Express.js minimalist web framework for node. In express 4.20.0, passing untrusted user input - even after sanitizing it - to response.redirect may execute...
Azure Linux 3.0 Security Update: python-tensorboard / reaper (CVE-2024-43796)
The version of python-tensorboard / reaper installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-43796 advisory. - Express.js minimalist web framework for node. In express 4.20.0, passing untrusted user...
Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses express-4.19.2.tgz which is vulnerable to this CVE-2024-43796
Summary Security Bulletin: IBM Maximo Application Suite - AI Broker Component component uses express-4.19.2.tgz which is vulnerable to this CVE-2024-43796. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-43796 DESCRIPTION:...
Security Bulletin: QRadar Pulse application add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM has released a new version which addresses the vulnerabilities. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION: pillarjs Path-to-RegExp is vulnerable...
Security Bulletin: IBM Maximo Application Suite, IBM Truststore Manager and IBM Asset Data Dictionary Component uses third party libraries which is vulnerable to multiple CVEs
Summary IBM Maximo Application Suite, IBM Truststore Manager and IBM Asset Data Dictionary Component uses FlaskCors-4.0.1-py2.py3-none-any.whl, requests-2.31.0-py3-none-any.whl, express-4.19.2.tgz, commons-compress-1.22.jar, commons-io-2.11.0.jar, urllib3-1.26.18-py2.py3-none-any.whl,...
Important: Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.12.6 security update
An update is now available for Red Hat OpenShift GitOps v1.12.6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
CVE-2024-43796 affecting package python-tensorboard for versions less than 2.16.2-5
CVE-2024-43796 affecting package python-tensorboard for versions less than 2.16.2-5. A patched version of the package is available...
CBL Mariner 2.0 Security Update: python-tensorboard / reaper (CVE-2024-43796)
The version of python-tensorboard / reaper installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-43796 advisory. - Express.js minimalist web framework for node. In express 4.20.0, passing untrusted user...
CVE-2024-43796 affecting package reaper for versions less than 3.1.1-12
CVE-2024-43796 affecting package reaper for versions less than 3.1.1-12. A patched version of the package is available...
01-numacert (>=1.0.0 <=3.0.0), 10by10-react-app (=1.2.1) +15731 more potentially affected by CVE-2024-43796 via express (>=1.0.0 <=4.1.2)
express NPM version =1.0.0, =1.0.0, =0.0.1, =1.0.3, =0.2.0, =1.0.2, =1.0.0, =2.0.0, =0.2.0, =0.0.1, =0.1.6 and more Source cves: CVE-2024-43796 Source advisory: OSV:GHSA-QW6H-VGH9-J6WX...