19 matches found
Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in axios-1.12.2.tgz
Summary IBM Watson Discovery Cartridge affected by vulnerability in axios-1.12.2.tgz Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses axios-1.12.1.tgz which is vulnerable to CVE-2026-25639
Summary IBM Maximo Application Suite - Visual Inspection component uses axios-1.12.1.tgz which is vulnerable to CVE-2026-25639, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is a promise based HTTP...
Security Bulletin: Vulnerability in Axios affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in Axios has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerability...
Security Bulletin: Denial of Service in Axios via Malicious __proto__ in Configuration Object
Summary Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing proto as an own property. An attacker can trigger this by providing a maliciou...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses axios-1.12.2.tgz, axios-1.13.1.tgz, axios-1.13.2.tgz which is vulnerable to CVE-2026-25639.
Summary IBM Maximo Application Suite - Monitor Component uses axios-1.12.2.tgz, axios-1.13.1.tgz, axios-1.13.2.tgz which is vulnerable to CVE-2026-25639. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is a promise bas...
Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the Axios HTTP client library
Summary Due to use of the Axios HTTP client library, DevOps Test Performance and Rational Performance Tester contain a potentil denial of service DoS vulnerability. CVE-2026-25639 Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is a promise based HTTP client for the browser and...
Security Bulletin: IBM Sterling External Authentication Server is vulnerable to multiple issues
Summary Multiple vulnerabilities affect IBM Sterling External Authentication Server and are addressed in the latest release and fixpack Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability issue that...
Security Bulletin: IBM Edge Data Collector uses axios-1.12.2.tgz, axios-1.13.2.tgz which is vulnerable to CVE-2026-25639.
Summary IBM Edge Data Collector uses axios-1.12.2.tgz, axios-1.13.2.tgz which is vulnerable to CVE-2026-25639. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js...
Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2026-25639)
Summary IBM Security SOAR uses an older version of the Axios component that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.9.0 Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is...
Security Bulletin: IBM App Connect Enterprise is vulnerable to denial of service due to Node.js module axios (CVE-2026-25639)
Summary IBM App Connect Enterprise runtime and IBM App Connect Enterprise Connector Discovery and OpenAPI Editor are vulnerable to denial of service due to Node.js module axios. Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.j...
Fedora 44 : nextcloud (2026-94519b94d8)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-94519b94d8 advisory. 32.0.6 release Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...
Fedora 43 : nextcloud (2026-ae48fa379e)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-ae48fa379e advisory. 32.0.6 release Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...
Fedora 42 : pgadmin4 (2026-9a4d6dd8eb)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-9a4d6dd8eb advisory. Refresh vendored bundle. fixes multiple CVEs. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...
Fedora: Security Advisory (FEDORA-2026-ae48fa379e)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Important: Red Hat Security Advisory: Kiali 1.73.27 for Red Hat OpenShift Service Mesh 2.6
Kiali 1.73.27 for Red Hat OpenShift Service Mesh 2.6 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Kiali 1.73.27, for...
Linux Distros Unpatched Vulnerability : CVE-2026-25639
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeErro...
CVE-2026-25639
Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing proto as an own property. An attacker can trigger this by providing a malicious...
1inch-agent-kit (=1.0.53), @0xchain/auth (>=0.0.1 <=1.1.0-beta.18) +4225 more potentially affected by CVE-2026-25639 via axios (>=1.0.0-alpha.1 <=1.13.4)
axios NPM version =1.0.0-alpha.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.2-beta.0, =8.0.5, =6.1.0, =0.0.1-alpha.3, =0.1.6-alpha.11, =1.0.3-rc.0, =2.0.1 - @1tokenfe/hd-ble-sdk =1.1.15 - @1tokenfe/hd-common-connect-sdk =1.1.15 - @1tokenfe/hd-core =1.1.15 and more Source cves: CVE-2026-25639 Source...
CVE-2026-25639
Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing proto as an own property. An attacker can trigger this by providing a malicious...