Lucene search
K

4641 matches found

RedHat Linux
RedHat Linux
added 2026/02/23 5:26 p.m.6 views

Important: Red Hat Security Advisory: Kiali 2.17.4 for Red Hat OpenShift Service Mesh 3.2

Kiali 2.17.4 for Red Hat OpenShift Service Mesh 3.2 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Kiali 2.17.4, for Re...

7.5CVSS7.6AI score0.01564EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/02/23 5:14 p.m.7 views

Important: Red Hat Security Advisory: Kiali 2.4.13 for Red Hat OpenShift Service Mesh 3.0

Kiali 2.4.13 for Red Hat OpenShift Service Mesh 3.0 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Kiali 2.4.13, for Re...

7.5CVSS7.6AI score0.01564EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/02/23 5:14 p.m.7 views

Important: Red Hat Security Advisory: Kiali 2.11.7 for Red Hat OpenShift Service Mesh 3.1

Kiali 2.11.7 for Red Hat OpenShift Service Mesh 3.1 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Kiali 2.11.7, for Re...

7.5CVSS7.6AI score0.01564EPSS
Exploits1References4
NVD
NVD
added 2026/02/23 4:29 p.m.7 views

CVE-2025-70058

An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in the HTTPS agent configuration for Axios requests...

7.4CVSS0.00169EPSS
Exploits0References3
OSV
OSV
added 2026/02/23 4:29 p.m.7 views

CVE-2025-70058

An issue pertaining to CWE-295: Improper Certificate Validation was discovered in YMFE yapi v1.12.0. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in the HTTPS agent configuration for Axios requests...

7.4CVSS5.9AI score
Exploits0References3
CNNVD
CNNVD
added 2026/02/23 12:0 a.m.9 views

Sean1025 YMFE YApi 安全漏洞

Sean1025 YMFE YApi is an open-source application developed by Sean1025. It provides a visual interface for managing platforms. Version 1.12.0 of Sean1025 YMFE YApi contains a security vulnerability. This vulnerability stems from improper certificate verification, which may lead to the disabling o...

7.4CVSS5.8AI score0.00169EPSS
Exploits0References3
CVE
CVE
added 2026/02/23 12:0 a.m.18 views

CVE-2025-70058

CVE-2025-70058 affects YMFE yapi v1.12.0. The root cause is improper TLS/SSL certificate validation caused by Axios HTTPS agent configuration that sets rejectUnauthorized to false, enabling MITM-like interception. Documented in multiple sources (YAPI-related advisories and NVD/Red Hat entries). T...

7.4CVSS5.4AI score0.00169EPSS
Exploits0References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/17 12:10 p.m.9 views

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and fixpack Vulnerability Details CVEID:CVE-2025-8885 DESCRIPTION: Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. BC Java bcprov on All...

7.5CVSS5.7AI score0.01099EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.1 views

Linux Distros Unpatched Vulnerability : CVE-2026-25639

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeErro...

7.5CVSS6.9AI score0.01564EPSS
Exploits1References3
OSV
OSV
added 2026/02/09 9:15 p.m.3 views

DEBIAN-CVE-2026-25639

Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing proto as an own property. An attacker can trigger this by providing a malicious...

7.5CVSS6.9AI score0.01564EPSS
Exploits1References1
NVD
NVD
added 2026/02/09 9:15 p.m.4 views

CVE-2026-25639

Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing proto as an own property. An attacker can trigger this by providing a malicious...

7.5CVSS0.01564EPSS
Exploits1References48
UbuntuCve
UbuntuCve
added 2026/02/09 9:15 p.m.2 views

CVE-2026-25639

Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing proto as an own property. An attacker can trigger this by providing a malicious...

7.5CVSS7AI score0.01564EPSS
Exploits1References4
OSV
OSV
added 2026/02/09 9:15 p.m.3 views

UBUNTU-CVE-2026-25639

Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing proto as an own property. An attacker can trigger this by providing a malicious...

7.5CVSS5.8AI score0.01564EPSS
Exploits1References5
Snyk
Snyk
added 2026/02/09 8:53 p.m.4 views

Prototype Pollution

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Prototype Pollution via the mergeConfig function. An attacker can cause the application to crash by supplying a malicious configuration object containing ...

8.7CVSS6.8AI score0.01564EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/09 8:53 p.m.9 views

Prototype Pollution

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Prototype Pollution via the mergeConfig function. An attacker can cause the application to crash by supplying a malicious configuration object containing a proto property...

8.7CVSS6.8AI score0.01564EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2026/02/09 8:53 p.m.11 views

1inch-agent-kit (=1.0.53), @0xchain/auth (>=0.0.1 <=1.1.0-beta.18) +4225 more potentially affected by CVE-2026-25639 via axios (>=1.0.0-alpha.1 <=1.13.4)

axios NPM version =1.0.0-alpha.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.2-beta.0, =8.0.5, =6.1.0, =0.0.1-alpha.3, =0.1.6-alpha.11, =1.0.3-rc.0, =2.0.1 - @1tokenfe/hd-ble-sdk =1.1.15 - @1tokenfe/hd-common-connect-sdk =1.1.15 - @1tokenfe/hd-core =1.1.15 and more Source cves: CVE-2026-25639 Source...

7.5CVSS7AI score0.01564EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/02/09 8:11 p.m.3 views

CVE-2026-25639

Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing proto as an own property. An attacker can trigger this by providing a malicious...

7.5CVSS5.9AI score0.01564EPSS
Exploits1References8Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/09 8:11 p.m.1 views

CVE-2026-25639 Axios affected by Denial of Service via __proto__ Key in mergeConfig

Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing proto as an own property. An attacker can trigger this by providing a malicious...

7.5CVSS5.9AI score0.01564EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/02/09 8:11 p.m.31 views

CVE-2026-25639 Axios affected by Denial of Service via __proto__ Key in mergeConfig

Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing proto as an own property. An attacker can trigger this by providing a malicious...

7.5CVSS0.01564EPSS
Exploits1References7
OSV
OSV
added 2026/02/09 8:11 p.m.6 views

CVE-2026-25639 Axios affected by Denial of Service via __proto__ Key in mergeConfig

Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing proto as an own property. An attacker can trigger this by providing a malicious...

7.5CVSS5.9AI score0.01564EPSS
Exploits1References9
Rows per page
Query Builder