Lucene search
K

16 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/11/14 8:49 p.m.8 views

Security Bulletin: Multiple vulnerabilities in IBM Planning Analytics Advanced Certified Containers

Summary Multiple vulnerabilities were addressed in IBM Planning Analytics Advanced Certified Containers 3.1.2. Vulnerability Details CVEID:CVE-2025-23166 DESCRIPTION: The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a...

8CVSS6.5AI score0.00763EPSS
Exploits3Affected Software5
IBM Security Bulletins
IBM Security Bulletins
added 2025/09/11 11:41 a.m.14 views

Security Bulletin: Multiple vulnerabilities in NodeJS affect IBM Business Automation Workflow Configuration Editor

Summary IBM Business Automation Workflow Configuration Editor packages a vulnerable version of the NodeJS runtime and a vulnerable module. Vulnerability Details CVEID:CVE-2025-23165 DESCRIPTION: In Node.js, the ReadFileUtf8 internal binding leaks memory due to a corrupted pointer in uvfss.file: a...

7.5CVSS6.5AI score0.09752EPSS
Exploits6Affected Software2
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-23167

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using \r\n\rX instead of the required \r\n\r\n. This inconsistency enables...

6.5CVSS6.9AI score0.00466EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2025/07/15 5:51 p.m.285 views

Exploit for CVE-2025-23167

CVE-2025-23167 – Node.js HTTP Request Smuggling Exploit Worki...

6.5CVSS7AI score0.00466EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/06/26 12:0 a.m.3 views

SUSE SLES15 Security Update : nodejs20 (SUSE-SU-2025:02039-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02039-1 advisory. Update to 20.19.2: - CVE-2025-23166: improper error handling in async cryptographic operations crashes process bsc1243218. -...

7.5CVSS6.9AI score0.00763EPSS
Exploits1References11
Tenable Nessus
Tenable Nessus
added 2025/06/25 12:0 a.m.6 views

Photon OS 4.0: Nodejs PHSA-2025-4.0-0820

An update of the nodejs package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0820. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

6.5CVSS7.3AI score0.00466EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2025/06/23 12:0 a.m.2 views

openSUSE Security Advisory (SUSE-SU-2025:02045-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.9AI score0.00763EPSS
Exploits1References7
OSV
OSV
added 2025/06/20 9:40 a.m.2 views

SUSE-SU-2025:02039-1 Security update for nodejs20

This update for nodejs20 fixes the following issues: Update to 20.19.2: - CVE-2025-23166: improper error handling in async cryptographic operations crashes process bsc1243218. - CVE-2025-23167: improper HTTP header block termination in llhttp bsc1243220. - CVE-2025-23165: add missing call to...

7.5CVSS6.9AI score0.00763EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2025/05/28 12:0 a.m.8 views

Fedora 41 : nodejs20 (2025-0c2b7a8f32)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-0c2b7a8f32 advisory. Update to 20.19.2 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...

7.5CVSS6.9AI score0.00763EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2025/05/28 12:0 a.m.6 views

Fedora: Security Advisory (FEDORA-2025-0c2b7a8f32)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.2AI score0.00763EPSS
Exploits1References9
OpenVAS
OpenVAS
added 2025/05/23 12:0 a.m.12 views

Node.js < 20.19.2 HTTP Request Smuggling Vulnerability - Windows

Node.js is prone to an HTTP request smuggling vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js";...

6.5CVSS6.6AI score0.00466EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2025/05/23 12:0 a.m.11 views

Node.js < 20.19.2 HTTP Request Smuggling Vulnerability - Mac OS X

Node.js is prone to an HTTP request smuggling vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js";...

6.5CVSS6.7AI score0.00466EPSS
Exploits1References2
NVD
NVD
added 2025/05/19 2:15 a.m.13 views

CVE-2025-23167

A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using \r\n\rX instead of the required \r\n\r\n. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by...

6.5CVSS0.00466EPSS
Exploits1References1
OSV
OSV
added 2025/05/19 2:15 a.m.7 views

CVE-2025-23167

A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using \r\n\rX instead of the required \r\n\r\n. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by...

6.9AI score
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/19 1:25 a.m.7 views

CVE-2025-23167

A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using \r\n\rX instead of the required \r\n\r\n. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by...

6.5CVSS6.4AI score0.00466EPSS
Exploits1References1
Circl
Circl
added 2025/05/15 1:6 a.m.16 views

CVE-2025-23167

creationtimestamp| type| source ---|---|--- 2025-05-15 01:06:34+00:00| seen| https://bsky.app/profile/bluesky.awakari.com/post/3lp6d5gqzx327 2025-05-19 02:38:12+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/16795 2025-05-19 03:22:00+00:00| seen|...

6.5CVSS6.8AI score0.00466EPSS
Exploits1References7
Rows per page
Query Builder