Lucene search
K

17 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/26 4:58 p.m.3 views

Security Bulletin:IBM Spectrum Control is vulnerable to weaknesses related to axios (CVE-2025-62718, CVE-2026-40175)

Summary Axios is vulnerable to infrastructure tampering and Critical SSRF and exposure of private internal/loopback endpoints attacks. These vulnerabilities affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2025-62718 DESCRIPTION: Axios is a promise based HTTP client for the browser an...

9.9CVSS6.6AI score0.01815EPSS
Exploits6Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.11 views

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update (Important) (RHSA-2026:24761)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:24761 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...

9.9CVSS7.2AI score0.02907EPSS
Exploits10References36
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 7:24 p.m.10 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in axios-1.12.2.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in axios-1.12.2.tgz Vulnerability Details CVEID:CVE-2025-62718 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when...

9.9CVSS5.8AI score0.01186EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/01 3:16 p.m.10 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerabilities in axios-1.12.2.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerabilities in axios-1.12.2.tgz Vulnerability Details CVEID:CVE-2025-62718 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when...

9.9CVSS6.8AI score0.01815EPSS
Exploits12Affected Software1
vulnersOsv
vulnersOsv
added 2026/05/29 3:59 p.m.6 views

0xpay-cc-sdk (>=0.0.8 <=0.1.0), 0xtrails (>=0.0.0-20251106131028 <=0.16.2) +7274 more potentially affected by CVE-2025-62718 +1 more via axios (>=1.0.0 <=1.15.2)

axios NPM version =1.0.0, =0.0.8, =0.0.0-20251106131028, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =1.0.0, =0.0.2-beta.0, =8.0.5, =6.1.0, =0.0.0-canary-847463221a9a1bee28641d8c0ecfaca98ee142f6, =0.0.1-alpha.3, =0.0.1-alpha.4 and more Source cves: CVE-2025-62718, CVE-2026-44492 Source advisory:...

9.9CVSS6.8AI score0.01186EPSS
Exploits2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/28 3:53 p.m.22 views

Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (2025-62718)

Summary IBM Security SOAR uses an older version of the Axios component that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.10.0 Vulnerability Details CVEID:CVE-2025-62718 DESCRIPTION: Axios i...

9.9CVSS6.4AI score0.01186EPSS
Exploits1Affected Software1
OSV
OSV
added 2026/05/18 1:36 p.m.12 views

CLEANSTART-2026-BE61221 Security fixes for CVE-2025-62718, CVE-2025-69873, CVE-2026-29045, CVE-2026-29085, CVE-2026-29086, CVE-2026-29087, CVE-2026-2950, CVE-2026-30827, CVE-2026-33750, CVE-2026-33891, CVE-2026-33894, CVE-2026-33895, CVE-2026-33896, CVE-2026-33916, CVE-2026-33937, CVE-2026-34043, CVE-2026-35213, CVE-2026-39406, CVE-2026-39407, CVE-2026-39408, CVE-2026-39409, CVE-2026-39410, CVE-2026-40175, CVE-2026-41238, CVE-2026-41239, CVE-2026-41240, CVE-2026-42033, CVE-2026-42034, CVE-2026-42035, CVE-2026-42036, CVE-2026-42037, CVE-2026-42038, CVE-2026-42039, CVE-2026-42040, CVE-2026-42041, CVE-2026-42042, CVE-2026-42043, CVE-2026-42044, CVE-2026-42264, CVE-2026-42338, CVE-2026-44455, CVE-2026-44456, CVE-2026-44457, CVE-2026-44458, CVE-2026-44459, CVE-2026-4800, CVE-2026-4923, CVE-2026-4926, CVE-2026-6321, CVE-2026-6322, ghsa-2328-f5f3-gj25, ghsa-26pp-8wgv-hjvm, ghsa-27v5-c462-wpq7, ghsa-2g4f-4pwh-qvx6, ghsa-2qvq-rjwj-gvw9, ghsa-2w6w-674q-4c4q, ghsa-39q2-94rc-95cp, ghsa-3mfm-83xf-c92r, ghsa-3p68-rc4w-qgx5, ghsa-3v7f-55p6-f55p, ghsa-3w6x-2g7m-8v23, ghsa-442j-39wm-28r2, ghsa-445q-vr5w-6q77, ghsa-458j-xx4x-4375, ghsa-46wh-pxpv-q5gq, ghsa-5c6j-r48x-rmvq, ghsa-5c9x-8gcm-mpgx, ghsa-5m6q-g25r-mvwx, ghsa-5pq2-9x2x-5p6w, ghsa-62hf-57xw-28j9, ghsa-69xw-7hcm-h432, ghsa-6chq-wfr3-2hj9, ghsa-7rx3-28cr-v5wh, ghsa-92pp-h63x-v22m, ghsa-9cx6-37pm-9jff, ghsa-9vqf-7f2p-gf9v, ghsa-c2c7-rcm5-vvqj, ghsa-crv5-9vww-q3g8, ghsa-f23m-r3pf-42rh, ghsa-f886-m6hf-6m8v, ghsa-fvcv-3m26-pcqx, ghsa-h7mw-gpvr-xq4m, ghsa-j3q9-mxjg-w52f, ghsa-jg4p-7fhp-p32p, ghsa-m7pr-hjqh-92cm, ghsa-p6xx-57qc-3wxr, ghsa-p77w-8qqv-26rm, ghsa-pf86-5x62-jrwf, ghsa-pmwg-cvhr-8vh7, ghsa-ppp5-5v6c-4jwp, ghsa-q3j6-qgpj-74h6, ghsa-q5qw-h33p-qvwr, ghsa-q67f-28xg-22rw, ghsa-q8qp-cvcw-x6jj, ghsa-qj8w-gfj5-8c6v, ghsa-qp7p-654g-cw7p, ghsa-r4q5-vmmm-2653, ghsa-r5fr-rjxr-66jc, ghsa-r5rp-j6wh-rvv4, ghsa-v2v4-37r5-5v8g, ghsa-v39h-62p7-jpjc, ghsa-v8w9-8mx6-g223, ghsa-v9jr-rg53-9pgp, ghsa-vf2m-468p-8v99, ghsa-w9j2-pvgh-6h63, ghsa-wc8c-qw6v-h7f6, ghsa-wmmm-f939-6g9c, ghsa-xf4j-xp2r-rqqx, ghsa-xhjh-pmcv-23jw, ghsa-xhpv-hc6g-r9c6, ghsa-xjpj-3mr7-gcpf, ghsa-xpcf-pg52-r92g, ghsa-xx6v-rp6x-q39c applied in versions: 2.19.5-r0

Multiple security vulnerabilities affect the opensearch-dashboards-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS6.5AI score0.01815EPSS
Exploits29References164
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/05 9:39 a.m.12 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses axios-1.13.5.tgz which is vulnerable to CVE-2025-62718 and CVE-2026-40175

Summary IBM Maximo Application Suite - Visual Inspection component uses axios-1.13.5.tgz which is vulnerable to CVE-2025-62718 and CVE-2026-40175, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-40175 DESCRIPTION: Axios is a...

9.9CVSS6AI score0.01815EPSS
Exploits6Affected Software1
OSV
OSV
added 2026/05/05 12:20 a.m.4 views

GHSA-PMWG-CVHR-8VH7 Axios: Incomplete Fix for CVE-2025-62718 — NO_PROXY Protection Bypassed via RFC 1122 Loopback Subnet (127.0.0.0/8) in Axios 1.15.0

Executive Summary This report documents an incomplete security patch for the previously disclosed vulnerability GHSA-3p68-rc4w-qgx5 CVE-2025-62718, which affects the NOPROXY hostname resolution logic in the Axios HTTP library. Background — The Original Vulnerability The original vulnerability...

7.2CVSS5.9AI score0.00661EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 6:51 a.m.5 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses axios-1.13.6.tgz which is vulnerable to CVE-2025-62718.

Summary IBM Maximo Application Suite - Monitor Component uses axios-1.13.6.tgz which is vulnerable to CVE-2025-62718. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-62718 DESCRIPTION: Axios is a promise based HTTP client for the browser and...

9.9CVSS6.2AI score0.01186EPSS
Exploits1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/25 12:0 a.m.11 views

Fedora 44 : pgadmin4 (2026-34c2bf6df4)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-34c2bf6df4 advisory. Update axios to 1.15.0, fixes CVE-2026-40175 and CVE-2025-62718. ---- Update to pgadmin4-9.14. Tenable has extracted the preceding description block...

9.9CVSS5.8AI score0.01815EPSS
Exploits7References5
vulnersOsv
vulnersOsv
added 2026/04/24 7:20 p.m.6 views

@bynder/bynder-js-sdk (=2.5.3), @craftgate/craftgate (=1.0.66) +3 more potentially affected by CVE-2025-62718 +1 more via axios (=0.31.0)

axios NPM version =0.31.0 is affected by a known vulnerability. The following packages have a transitive dependency on axios and may be impacted: - @bynder/bynder-js-sdk =2.5.3 - @craftgate/craftgate =1.0.66 - @extrahorizon/exh-cli =1.13.2, =8.10.0, =8.10.0-dev-162-aab55c5 - amio-sdk-js =4.4.4...

10CVSS6.5AI score0.01186EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2026/04/16 1:44 p.m.11 views

Critical: Red Hat Security Advisory: Kiali 1.73.29 for Red Hat OpenShift Service Mesh 2.6

Kiali 1.73.29 for Red Hat OpenShift Service Mesh 2.6 is now available. An update is now available for Red Hat OpenShift Service Mesh 2.6. This advisory contains the RPM packages for the Kiali component. Red Hat Product Security has rated this update as having a security impact of Critical. A Comm...

10CVSS6.3AI score0.01945EPSS
Exploits11References12
Wolfi
Wolfi
added 2026/04/10 2:50 p.m.6 views

CVE-2025-62718 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines, jitsucom-jitsu, saf, opensearch-dashboards, kubeflow-centraldashboard, langfuse, prism, lerna, nextcloud-server...

9.9CVSS6.8AI score0.01186EPSS
Exploits1
Chainguard
Chainguard
added 2026/04/10 2:16 p.m.6 views

CVE-2025-62718 vulnerabilities

Vulnerabilities for packages: prism, gitlab-rails-ce, jitsucom-jitsu, nextcloud-server, saf, kibana, lerna, awx, langfuse, kubeflow-centraldashboard, langfuse-fips, opensearch-dashboards, opensearch-dashboards-fips, redisinsight, kubeflow-pipelines, wazuh-dashboard, gitlab-rails-ce-fips, librecha...

9.9CVSS6.8AI score0.01186EPSS
Exploits1
Circl
Circl
added 2026/04/09 4:39 p.m.3 views

CVE-2025-62718

creationtimestamp| type| source ---|---|--- 2026-04-09 16:39:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mj3ap6fdyn2z 2026-04-09 17:32:19+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-3p68-rc4w-qgx5 2026-04-10 05:55:04+00:00| seen|...

9.9CVSS6.8AI score0.01186EPSS
Exploits1References13
vulnersOsv
vulnersOsv
added 2026/04/09 4:14 p.m.8 views

0xpay-cc-sdk (>=0.0.8 <=0.1.0), 1inch-agent-kit (=1.0.53) +6110 more potentially affected by CVE-2025-62718 via axios (>=1.0.0 <=1.14.0)

axios NPM version =1.0.0, =0.0.8, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.2-beta.0, =8.0.5, =6.1.0, =0.0.1-alpha.3, =0.1.6-alpha.11, =1.0.3-rc.0, =2.1.0 - @1tokenfe/hd-ble-sdk =1.1.15 - @1tokenfe/hd-common-connect-sdk =1.1.15 and more Source cves: CVE-2025-62718 Source advisory: SNYK:JS-AXIOS-159658...

9.9CVSS6.7AI score0.01186EPSS
Exploits1
Rows per page
Query Builder