11 matches found
Security Bulletin: Vulnerabilities in Formidable affects IBM watsonx Orchestrate with watsonx Assistant Cartridge
Summary Potential vulnerability in Formidable has been identified that affects IBM watsonx Orchestrate with watsonx Assistant Cartridge - UAB Component. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2025-46653 DESCRIPTION:...
Security Bulletin: Formidable 2.1.0–3.5.2 Uses Non-Cryptographically Secure hexoid for Filename Randomization, affects watsonx.data
Summary Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid...
Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in formidable
Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in formidable Vulnerability Details CVEID:CVE-2025-46653 DESCRIPTION: Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted...
CVE-2025-46653 vulnerabilities
Vulnerabilities for packages: tileserver-gl...
CVE-2025-46653
Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid string nee...
@compas/server (>=0.0.219 <=0.17.0), @eamic/server (>=1.0.1 <=1.0.3) +22 more potentially affected by CVE-2025-46653 via formidable (>=2.1.1 <=2.1.2)
formidable NPM version =2.1.1, =0.0.219, =1.0.1, =3.0.0-alpha.21, =1.0.10, =1.8.8, =0.141.0, =0.0.219, =1.13.0, =1.0.9, =1.3.15, =0.1.0, =0.21.7, =3.0.0-alpha.0, =3.0.0-alpha.17 and more Source cves: CVE-2025-46653 Source advisory: OSV:GHSA-75V8-2H7P-7M2M...
CVE-2025-46653
Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid string nee...
CVE-2025-46653
creationtimestamp| type| source ---|---|--- 2025-04-26 21:09:40+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/13587 2025-04-26 21:37:10+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lnqow6bsi772 2025-04-26...
CVE-2025-46653
CVE-2025-46653 affects Formidable (node-formidable) 2.1.0–3.x up to 3.5.3. The issue is that it relies on hexoid to prevent filename guessing for untrusted executable content, but hexoid is not cryptographically secure, which could enable guessing of hexoid strings in some cases. The IBM security...
CVE-2025-46653
Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid string nee...
org.webjars.npm:angular-lock (=2.0.3), org.webjars.npm:auth0-js (>=8.4.0 <=9.28.0) +11 more potentially affected by CVE-2025-46653 via org.webjars.npm:formidable (>=1.2.2 <=2.1.2)
org.webjars.npm:formidable MAVEN version =1.2.2, =8.4.0, =4.0.0-alpha, =1.1.0, =2.1.7, =1.0.6, =3.3.1, =7.1.6 - org.webjars.npm:supertest =3.4.2 Source cves: CVE-2025-46653 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-10006768...