4641 matches found
Important: Red Hat Security Advisory: Kiali 2.17.4 for Red Hat OpenShift Service Mesh 3.2
Kiali 2.17.4 for Red Hat OpenShift Service Mesh 3.2 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Kiali 2.17.4, for Re...
Important: Red Hat Security Advisory: Kiali 2.4.13 for Red Hat OpenShift Service Mesh 3.0
Kiali 2.4.13 for Red Hat OpenShift Service Mesh 3.0 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Kiali 2.4.13, for Re...
Important: Red Hat Security Advisory: Kiali 2.11.7 for Red Hat OpenShift Service Mesh 3.1
Kiali 2.11.7 for Red Hat OpenShift Service Mesh 3.1 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Kiali 2.11.7, for Re...
CVE-2025-70058
An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in the HTTPS agent configuration for Axios requests...
CVE-2025-70058
An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in the HTTPS agent configuration for Axios requests...
Sean1025 YMFE YApi 安全漏洞
Sean1025 YMFE YApi is an open-source application developed by Sean1025. It provides a visual interface for managing platforms. Version 1.12.0 of Sean1025 YMFE YApi contains a security vulnerability. This vulnerability stems from improper certificate verification, which may lead to the disabling o...
CVE-2025-70058
CVE-2025-70058 affects YMFE yapi v1.12.0. The root cause is improper TLS/SSL certificate validation caused by Axios HTTPS agent configuration that sets rejectUnauthorized to false, enabling MITM-like interception. Documented in multiple sources (YAPI-related advisories and NVD/Red Hat entries). T...
Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues
Summary Multiple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and fixpack Vulnerability Details CVEID:CVE-2025-8885 DESCRIPTION: Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcprov on All...
Linux Distros Unpatched Vulnerability : CVE-2026-25639
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeErro...
DEBIAN-CVE-2026-25639
Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing proto as an own property. An attacker can trigger this by providing a malicious...
CVE-2026-25639
Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing proto as an own property. An attacker can trigger this by providing a malicious...
CVE-2026-25639
Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing proto as an own property. An attacker can trigger this by providing a malicious...
UBUNTU-CVE-2026-25639
Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing proto as an own property. An attacker can trigger this by providing a malicious...
Prototype Pollution
Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Prototype Pollution via the mergeConfig function. An attacker can cause the application to crash by supplying a malicious configuration object containing ...
Prototype Pollution
Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Prototype Pollution via the mergeConfig function. An attacker can cause the application to crash by supplying a malicious configuration object containing a proto property...
1inch-agent-kit (=1.0.53), @0xchain/auth (>=0.0.1 <=1.1.0-beta.18) +4225 more potentially affected by CVE-2026-25639 via axios (>=1.0.0-alpha.1 <=1.13.4)
axios NPM version =1.0.0-alpha.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.2-beta.0, =8.0.5, =6.1.0, =0.0.1-alpha.3, =0.1.6-alpha.11, =1.0.3-rc.0, =2.0.1 - @1tokenfe/hd-ble-sdk =1.1.15 - @1tokenfe/hd-common-connect-sdk =1.1.15 - @1tokenfe/hd-core =1.1.15 and more Source cves: CVE-2026-25639 Source...
CVE-2026-25639
Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing proto as an own property. An attacker can trigger this by providing a malicious...
CVE-2026-25639 Axios affected by Denial of Service via __proto__ Key in mergeConfig
Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing proto as an own property. An attacker can trigger this by providing a malicious...
CVE-2026-25639 Axios affected by Denial of Service via __proto__ Key in mergeConfig
Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing proto as an own property. An attacker can trigger this by providing a malicious...
CVE-2026-25639 Axios affected by Denial of Service via __proto__ Key in mergeConfig
Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing proto as an own property. An attacker can trigger this by providing a malicious...