9 matches found
Security Bulletin: Vulnerability in auth0/node-jws affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.
Summary Potential vulnerability in auth0/node-jws has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...
Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in Node.js and LangChain
Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in Node.js and LangChain. CVE-2025-65945, CVE-2025-68664, CVE-2025-12758 The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-65945 DESCRIPTION:...
Security Bulletin: Multiple vulnerabilities in IBM Security QRadar EDR Software
Summary Multiple vulnerabilities were addressed in IBM Security QRadar EDR Software version 3.12.24 Vulnerability Details CVEID:CVE-2026-21441 DESCRIPTION: urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by readi...
Security Bulletin: auth0/node-jws HS256 signature verification bypass via improper HMAC secret handling (≤3.2.2, 4.0.0)
Summary auth0/node-jws HS256 signature verification bypass due to improper HMAC secret handling versions ≤ 3.2.2 and 4.0.0 Vulnerability Details CVEID:CVE-2025-65945 DESCRIPTION: auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0,...
Security Bulletin: Security Vulnerabilities affect IBM Voice Gateway
Summary Security Vulnerabilities affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-65945 DESCRIPTION: auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses jws-3.2.2.tgz which are vulnerable to CVE-2025-65945.
Summary IBM Maximo Application Suite - Monitor Component uses jws-3.2.2.tgz which are vulnerable to CVE-2025-65945. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-65945 DESCRIPTION: auth0/node-jws is a JSON Web Signature...
CVE-2025-65945 vulnerabilities
Vulnerabilities for packages: sqlpad, librechat, dbgate-fips, saf, kubeflow-pipelines, redisinsight, kibana, kubeflow-centraldashboard, renovate, langfuse, langfuse-fips, jitsucom-jitsu, dbgate...
CVE-2025-65945
CVE-2025-65945 affects auth0/node-jws (Node.js). In affected versions (3.2.2 and earlier; 4.0.0) there is an improper HS256 signature verification under specific conditions when using jws.createVerify() with user-provided header/payload data in HMAC secret lookups. IBM bulletins corroborate the i...
@bigchaindb/jwt (>=0.0.18 <=0.0.20), @compas/store (>=0.0.172 <=0.20.0) +35 more potentially affected by CVE-2025-65945 via jws (=4.0.0)
jws NPM version =4.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on jws and may be impacted: - @bigchaindb/jwt =0.0.18, =0.0.172, =11.8.0, =1.0.0-beta.2, =1.1.0, =0.0.22, =15.2.0, =17.1.6, =13.0.0, =10.1.0, =10.4.0, =10.1.0, =10.3.0-snapshot, =0.1.1...