Lucene search
K

19 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 5:16 p.m.10 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in axios-1.12.2.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in axios-1.12.2.tgz Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a...

7.5CVSS5.8AI score0.02591EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 9:38 a.m.8 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses axios-1.12.1.tgz which is vulnerable to CVE-2026-25639

Summary IBM Maximo Application Suite - Visual Inspection component uses axios-1.12.1.tgz which is vulnerable to CVE-2026-25639, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is a promise based HTTP...

7.5CVSS7.4AI score0.02591EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 2:25 p.m.8 views

Security Bulletin: Vulnerability in Axios affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Axios has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerability...

7.5CVSS7AI score0.02591EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 12:19 p.m.8 views

Security Bulletin: Denial of Service in Axios via Malicious __proto__ in Configuration Object

Summary Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing proto as an own property. An attacker can trigger this by providing a maliciou...

7.5CVSS6.8AI score0.02591EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/01 12:13 p.m.6 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses axios-1.12.2.tgz, axios-1.13.1.tgz, axios-1.13.2.tgz which is vulnerable to CVE-2026-25639.

Summary IBM Maximo Application Suite - Monitor Component uses axios-1.12.2.tgz, axios-1.13.1.tgz, axios-1.13.2.tgz which is vulnerable to CVE-2026-25639. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is a promise bas...

7.5CVSS7AI score0.02591EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 1:32 p.m.8 views

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the Axios HTTP client library

Summary Due to use of the Axios HTTP client library, DevOps Test Performance and Rational Performance Tester contain a potentil denial of service DoS vulnerability. CVE-2026-25639 Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is a promise based HTTP client for the browser and...

7.5CVSS6.9AI score0.02591EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 6:44 a.m.8 views

Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest release and fixpack Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability issue that...

7.5CVSS5.9AI score0.02591EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 7:4 a.m.6 views

Security Bulletin: IBM Edge Data Collector uses axios-1.12.2.tgz, axios-1.13.2.tgz which is vulnerable to CVE-2026-25639.

Summary IBM Edge Data Collector uses axios-1.12.2.tgz, axios-1.13.2.tgz which is vulnerable to CVE-2026-25639. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js...

7.5CVSS7.3AI score0.02591EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/20 3:44 p.m.7 views

Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2026-25639)

Summary IBM Security SOAR uses an older version of the Axios component that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.9.0 Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is...

7.5CVSS7.4AI score0.02591EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/13 3:46 p.m.5 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to denial of service due to Node.js module axios (CVE-2026-25639)

Summary IBM App Connect Enterprise runtime and IBM App Connect Enterprise Connector Discovery and OpenAPI Editor are vulnerable to denial of service due to Node.js module axios. Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.j...

7.5CVSS5.8AI score0.02591EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/07 12:0 a.m.3 views

Fedora 44 : nextcloud (2026-94519b94d8)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-94519b94d8 advisory. 32.0.6 release Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

8.2CVSS7.3AI score0.02591EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.4 views

Fedora 43 : nextcloud (2026-ae48fa379e)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-ae48fa379e advisory. 32.0.6 release Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...

8.2CVSS5.9AI score0.02591EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/03/05 12:0 a.m.6 views

Fedora 42 : pgadmin4 (2026-9a4d6dd8eb)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-9a4d6dd8eb advisory. Refresh vendored bundle. fixes multiple CVEs. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

7.5CVSS6AI score0.02591EPSS
Exploits1References6
OpenVAS
OpenVAS
added 2026/03/02 12:0 a.m.3 views

Fedora: Security Advisory (FEDORA-2026-ae48fa379e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.2CVSS6.2AI score0.02591EPSS
Exploits1References9
RedHat Linux
RedHat Linux
added 2026/02/23 5:16 p.m.6 views

Important: Red Hat Security Advisory: Kiali 1.73.27 for Red Hat OpenShift Service Mesh 2.6

Kiali 1.73.27 for Red Hat OpenShift Service Mesh 2.6 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Kiali 1.73.27, for...

7.5CVSS7AI score0.02591EPSS
Exploits3References6
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.1 views

Linux Distros Unpatched Vulnerability : CVE-2026-25639

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeErro...

7.5CVSS6.9AI score0.02591EPSS
Exploits1References3
NVD
NVD
added 2026/02/09 9:15 p.m.5 views

CVE-2026-25639

Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing proto as an own property. An attacker can trigger this by providing a malicious...

7.5CVSS0.02591EPSS
Exploits1References48
vulnersOsv
vulnersOsv
added 2026/02/09 8:53 p.m.12 views

1inch-agent-kit (=1.0.53), @0xchain/auth (>=0.0.1 <=1.1.0-beta.18) +4225 more potentially affected by CVE-2026-25639 via axios (>=1.0.0-alpha.1 <=1.13.4)

axios NPM version =1.0.0-alpha.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.2-beta.0, =8.0.5, =6.1.0, =0.0.1-alpha.3, =0.1.6-alpha.11, =1.0.3-rc.0, =2.0.1 - @1tokenfe/hd-ble-sdk =1.1.15 - @1tokenfe/hd-common-connect-sdk =1.1.15 - @1tokenfe/hd-core =1.1.15 and more Source cves: CVE-2026-25639 Source...

7.5CVSS7AI score0.02591EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/02/09 8:11 p.m.3 views

CVE-2026-25639

Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing proto as an own property. An attacker can trigger this by providing a malicious...

7.5CVSS5.9AI score0.02591EPSS
Exploits1References8Affected Software1
Rows per page
Query Builder