Lucene search
+L

11 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/01/22 5:7 a.m.9 views

Security Bulletin: Vulnerabilities in Formidable affects IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Potential vulnerability in Formidable has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-46653 DESCRIPTION:...

3.1CVSS6.5AI score0.0036EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/11 11:8 a.m.5 views

Security Bulletin: Formidable 2.1.0–3.5.2 Uses Non-Cryptographically Secure hexoid for Filename Randomization, affects watsonx.data

Summary Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid...

3.1CVSS5.5AI score0.0036EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/29 10:13 a.m.11 views

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in formidable

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in formidable Vulnerability Details CVEID:CVE-2025-46653 DESCRIPTION: Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted...

3.1CVSS6.4AI score0.0036EPSS
Exploits1Affected Software1
Wolfi
Wolfi
added 2025/05/02 7:44 p.m.14 views

CVE-2025-46653 vulnerabilities

Vulnerabilities for packages: tileserver-gl...

3.1CVSS7.1AI score0.0036EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/04/28 12:3 a.m.10 views

CVE-2025-46653

Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid string nee...

3.1CVSS7AI score0.0036EPSS
Exploits1References6
vulnersOsv
vulnersOsv
added 2025/04/26 9:31 p.m.10 views

@compas/server (>=0.0.219 <=0.17.0), @eamic/server (>=1.0.1 <=1.0.3) +22 more potentially affected by CVE-2025-46653 via formidable (>=2.1.1 <=2.1.2)

formidable NPM version =2.1.1, =0.0.219, =1.0.1, =3.0.0-alpha.21, =1.0.10, =1.8.8, =0.141.0, =0.0.219, =1.13.0, =1.0.9, =1.3.15, =0.1.0, =0.21.7, =3.0.0-alpha.0, =3.0.0-alpha.17 and more Source cves: CVE-2025-46653 Source advisory: OSV:GHSA-75V8-2H7P-7M2M...

3.1CVSS5.7AI score0.0036EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2025/04/26 9:15 p.m.7 views

CVE-2025-46653

Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid string nee...

3.1CVSS6.8AI score0.0036EPSS
Exploits1References4
Circl
Circl
added 2025/04/26 9:9 p.m.12 views

CVE-2025-46653

creationtimestamp| type| source ---|---|--- 2025-04-26 21:09:40+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/13587 2025-04-26 21:37:10+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lnqow6bsi772 2025-04-26...

3.1CVSS4.1AI score0.0036EPSS
Exploits1References5
CVE
CVE
added 2025/04/26 12:0 a.m.246 views

CVE-2025-46653

CVE-2025-46653 affects Formidable (node-formidable) 2.1.0–3.x up to 3.5.3. The issue is that it relies on hexoid to prevent filename guessing for untrusted executable content, but hexoid is not cryptographically secure, which could enable guessing of hexoid strings in some cases. The IBM security...

3.1CVSS7.3AI score0.0036EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2025/04/26 12:0 a.m.15 views

CVE-2025-46653

Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid string nee...

3.1CVSS0.0036EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2025/04/19 1:42 a.m.4 views

org.webjars.npm:angular-lock (=2.0.3), org.webjars.npm:auth0-js (>=8.4.0 <=9.28.0) +11 more potentially affected by CVE-2025-46653 via org.webjars.npm:formidable (>=1.2.2 <=2.1.2)

org.webjars.npm:formidable MAVEN version =1.2.2, =8.4.0, =4.0.0-alpha, =1.1.0, =2.1.7, =1.0.6, =3.3.1, =7.1.6 - org.webjars.npm:supertest =3.4.2 Source cves: CVE-2025-46653 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-10006768...

3.1CVSS5.8AI score0.0036EPSS
Exploits1
Rows per page
Query Builder