Lucene search
K

10 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 1:16 p.m.3 views

Security Bulletin: Vulnerability in Undici affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Undici has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabilit...

9.8CVSS7.2AI score0.0115EPSS
Exploits0Affected Software2
Tenable Nessus
Tenable Nessus
added 2026/04/14 12:0 a.m.8 views

RHEL 9 : nodejs:22 (RHSA-2026:7983)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7983 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

9.8CVSS6.8AI score0.26356EPSS
Exploits2References20
Rockylinux
Rockylinux
added 2026/04/12 6:7 a.m.10 views

nodejs22 security update

An update is available for nodejs22. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Node.js is a platform built on Chrome's JavaScript runtime \ for easily...

9.8CVSS6.9AI score0.26356EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2026/04/09 8:27 p.m.21 views

Important: Red Hat Security Advisory: nodejs:24 security update

An update for the nodejs:24 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS6.7AI score0.26356EPSS
Exploits1References19
Amazon
Amazon
added 2026/04/01 12:0 a.m.5 views

Important: nodejs24

Issue Overview: Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-length. This produces malformed HTTP/1.1 requests with multiple conflicting Content-Length values on the wire. Who is impacted:...

9.8CVSS7AI score0.0115EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/13 8:7 p.m.5 views

@01.software/cli (>=0.1.1 <=0.2.0-dev.260310.cf511cb), @01.software/sdk (>=0.0.1-251008.90016 <=0.3.0) +398 more potentially affected by CVE-2026-1525 via undici (>=7.0.0 <=7.22.0)

undici NPM version =7.0.0, =0.1.1, =0.0.1-251008.90016, =0.0.6, =0.0.1, =0.0.2, =0.1.0, =0.0.33, =0.0.1, =1.0.0, =21.0.0, =0.5.0, =1.0.1, =2.8.7 and more Source cves: CVE-2026-1525 Source advisory: OSV:GHSA-2MJP-6Q6P-2QXM...

9.8CVSS7AI score0.00493EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/13 8:7 p.m.8 views

0utmailauth (=1.0.0), 0xsodium (>=0.2.0 <=0.14.0) +13862 more potentially affected by CVE-2026-1525 via undici (>=0.3.3 <=6.23.0)

undici NPM version =0.3.3, =0.2.0, =1.0.0, =0.2.0, =0.4.0, =0.1.0, =0.0.1, =1.0.21, =2.1.0, =2.1.0, =2.1.1 and more Source cves: CVE-2026-1525 Source advisory: OSV:GHSA-2MJP-6Q6P-2QXM...

9.8CVSS7AI score0.00493EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/12 7:56 p.m.6 views

org.webjars.npm:actions__core (>=1.10.0 <=1.11.1), org.webjars.npm:actions__http-client (>=2.2.1 <=2.2.3) +14 more potentially affected by CVE-2026-1525 via org.webjars.npm:undici (>=4.12.2 <=5.29.0)

org.webjars.npm:undici MAVEN version =4.12.2, =1.10.0, =2.2.1, =0.1.16, =0.1.28 - org.webjars.npm:elasticelasticsearch =8.6.0 - org.webjars.npm:elastictransport =8.3.1 - org.webjars.npm:firebase =10.13.0 - org.webjars.npm:firebaseauth =1.7.7 - org.webjars.npm:firebaseauth-compat =0.5.12 -...

9.8CVSS6.8AI score0.00493EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/03/12 7:56 p.m.8 views

@01.software/cli (>=0.1.1 <=0.2.0-dev.260310.cf511cb), @01.software/sdk (>=0.0.1-251008.90016 <=0.3.0) +399 more potentially affected by CVE-2026-1525 via undici (>=7.0.0-alpha.3 <=7.22.0)

undici NPM version =7.0.0-alpha.3, =0.1.1, =0.0.1-251008.90016, =0.0.6, =0.0.1, =0.0.2, =0.1.0, =0.0.33, =0.0.1, =1.0.0, =21.0.0, =0.5.0, =1.0.1, =2.8.7 and more Source cves: CVE-2026-1525 Source advisory: SNYK:JS-UNDICI-15518061...

9.8CVSS7AI score0.00493EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/03/12 7:56 p.m.0 views

CVE-2026-1525 undici is vulnerable to Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-length. This produces malformed HTTP/1.1 requests with multiple conflicting Content-Length values on the wire. Who is impacted: Applications...

6.5CVSS5.8AI score0.00493EPSS
Exploits0References5
Rows per page
Query Builder