Lucene search
K

9 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 2:26 p.m.6 views

Security Bulletin: Vulnerability in auth0/node-jws affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in auth0/node-jws has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

7.5CVSS6AI score0.00193EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/25 4:32 p.m.9 views

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in Node.js and LangChain

Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in Node.js and LangChain. CVE-2025-65945, CVE-2025-68664, CVE-2025-12758 The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-65945 DESCRIPTION:...

9.3CVSS5.9AI score0.1383EPSS
Exploits8Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/11 4:52 p.m.14 views

Security Bulletin: Multiple vulnerabilities in IBM Security QRadar EDR Software

Summary Multiple vulnerabilities were addressed in IBM Security QRadar EDR Software version 3.12.24 Vulnerability Details CVEID:CVE-2026-21441 DESCRIPTION: urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by readi...

8.9CVSS5.9AI score0.02667EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/03 9:28 a.m.11 views

Security Bulletin: auth0/node-jws HS256 signature verification bypass via improper HMAC secret handling (≤3.2.2, 4.0.0)

Summary auth0/node-jws HS256 signature verification bypass due to improper HMAC secret handling versions ≤ 3.2.2 and 4.0.0 Vulnerability Details CVEID:CVE-2025-65945 DESCRIPTION: auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0,...

7.5CVSS5.3AI score0.00193EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/02 2:19 p.m.13 views

Security Bulletin: Security Vulnerabilities affect IBM Voice Gateway

Summary Security Vulnerabilities affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-65945 DESCRIPTION: auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an...

8.8CVSS5.8AI score0.17044EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 5:50 a.m.9 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses jws-3.2.2.tgz which are vulnerable to CVE-2025-65945.

Summary IBM Maximo Application Suite - Monitor Component uses jws-3.2.2.tgz which are vulnerable to CVE-2025-65945. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-65945 DESCRIPTION: auth0/node-jws is a JSON Web Signature...

7.5CVSS5.8AI score0.00193EPSS
Exploits1Affected Software1
Chainguard
Chainguard
added 2025/12/08 7:17 a.m.4 views

CVE-2025-65945 vulnerabilities

Vulnerabilities for packages: sqlpad, librechat, dbgate-fips, saf, kubeflow-pipelines, redisinsight, kibana, kubeflow-centraldashboard, renovate, langfuse, langfuse-fips, jitsucom-jitsu, dbgate...

7.5CVSS6.1AI score0.00193EPSS
Exploits1
CVE
CVE
added 2025/12/04 6:45 p.m.41 views

CVE-2025-65945

CVE-2025-65945 affects auth0/node-jws (Node.js). In affected versions (3.2.2 and earlier; 4.0.0) there is an improper HS256 signature verification under specific conditions when using jws.createVerify() with user-provided header/payload data in HMAC secret lookups. IBM bulletins corroborate the i...

7.5CVSS6.4AI score0.00193EPSS
Exploits1References2Affected Software1
vulnersOsv
vulnersOsv
added 2025/12/04 4:54 p.m.6 views

@bigchaindb/jwt (>=0.0.18 <=0.0.20), @compas/store (>=0.0.172 <=0.20.0) +35 more potentially affected by CVE-2025-65945 via jws (=4.0.0)

jws NPM version =4.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on jws and may be impacted: - @bigchaindb/jwt =0.0.18, =0.0.172, =11.8.0, =1.0.0-beta.2, =1.1.0, =0.0.22, =15.2.0, =17.1.6, =13.0.0, =10.1.0, =10.4.0, =10.1.0, =10.3.0-snapshot, =0.1.1...

7.5CVSS6AI score0.00193EPSS
Exploits1
Rows per page
Query Builder