240 matches found
-fides-amor-et-lux (=1.0.0), -tompan-reacttemplate (>=1.0.1 <=1.1.0) +41756 more potentially affected by CVE-2026-33891 via node-forge (>=0.10.0 <=1.3.3)
node-forge NPM version =0.10.0, =1.0.1, =1.1.0 - 00ld8nuivn =2.1.0 - 00rqiw31nd =2.1.0 - 01dk01majk =2.1.0 - 02rjq8i863 =1.1.0 - 02vx8qsp01 =2.1.0 - 05y6tjgmws =1.1.0 - 066m7q8o0z =2.1.0 - 06buj9h3su =2.1.0 - 06dre15t8r =2.1.0 - 0726react =0.1.1 - 07fgapmu9l =1.1.0 - 07t2xvu6t4 =2.1.0 - 0850u4lkp...
Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input
Summary A Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library. When modInverse is called with a zero value as input, the internal Extended Euclidean Algorithm enters an unreachab...
PT-2026-28556
Name of the Vulnerable Software and Affected Versions node-forge versions prior to 1.4.0 Description A Denial of Service DoS issue exists in the node-forge library due to an infinite loop within the BigInteger.modInverse function, inherited from the bundled jsbn library. When modInverse is called...
Important: Red Hat Security Advisory: Red Hat OpenShift GitOps v1.18.4 security update
Important: Red Hat OpenShift GitOps v1.18.4 security update An update is now available for Red Hat OpenShift GitOps. Bug Fixes and Enhancements: GITOPS-8439 CVE-2025-12816 openshift-gitops-1/console-plugin-rhel8: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic...
Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues
Summary Multiple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and fixpack Vulnerability Details CVEID:CVE-2025-64756 DESCRIPTION: Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the...
[SECURITY] [DLA 4471-1] debian-security-support update
Debian LTS Advisory DLA-4471-1 [email protected] https://www.debian.org/lts/security/ Santiago Ruano Rincón February 06, 2026 https://wiki.debian.org/LTS Package : debian-security-support Version : 1:11+2026.02.06 Debian Bug : 1117607 1119290 1124248 debian-security-support, the Debian...
Debian dla-4471 : debian-security-support - security update
The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4471 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4471-1 [email protected] https://www.debian.org/lts/security/...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses node-forge which is vulnerable to CVE-2025-66030, CVE-2025-66031
Summary IBM Maximo Application Suite - Visual Inspection component uses node-forge which is vulnerable to CVE-2025-66030, CVE-2025-66031, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-66030 DESCRIPTION: Forge also called...
Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses node-forge which is vulnerable to CVE-2025-12816
Summary IBM Maximo Application Suite - Visual Inspection component uses node-forge which is vulnerable to CVE-2025-12816 , This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-12816 DESCRIPTION: An interpretation-conflict CWE-436...
Security Bulletin: IBM Maximo Application Suite uses node-forge-1.3.1.tgz,aiohttp-3.13.2-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl and WebSphere Application Server v.25.0.0.10 which is vulnerable to multiple CVEs.
Summary IBM Maximo Application Suite uses node-forge-1.3.1.tgz,aiohttp-3.13.2-cp311-cp311-manylinux2014x8664.manylinux217x8664.manylinux228x8664.whl and WebSphere Application Server v.25.0.0.10 which is vulnerable to CVE-2025-12816, CVE-2025-69223, CVE-2025-69224, CVE-2025, CVE-2025-66030,...
K000159607: Node-forge vulnerability CVE-2025-12816
Security Advisory Description An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic...
SUSE CVE-2025-12816
An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions...
Security Bulletin: IBM App Connect Enterprise Certified Container is vulnerable to denial of service and loss of integrity [CVE-2025-12816, CVE-2025-66030, CVE-2025-66031]
Summary Node.js module node-forge is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container IntegrationRuntime and IntegrationServer operands are vulnerable to denial of service and loss of integrity. This bulletin provides patch information to...
Important: Red Hat Security Advisory: Kiali 2.17.2 for Red Hat OpenShift Service Mesh 3.2
Kiali 2.17.2 for Red Hat OpenShift Service Mesh 3.2 Kiali 2.17.2, for Red Hat OpenShift Service Mesh 3.2, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently. Security Fixes:...
Important: Red Hat Security Advisory: Kiali 2.11.5 for Red Hat OpenShift Service Mesh 3.1
Kiali 2.11.5 for Red Hat OpenShift Service Mesh 3.1 This update has a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Kiali 2.11.5, for Red...
Important: Red Hat Security Advisory: Kiali 2.4.11 for Red Hat OpenShift Service Mesh 3.0
Kiali 2.4.11 for Red Hat OpenShift Service Mesh 3.0 Kiali 2.4.11, for Red Hat OpenShift Service Mesh 3.0, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently Security Fixes:...
CVE-2025-66030
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be...
CVE-2025-12816
A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 Abstract Syntax Notation One structures to desynchronize schema validations, yielding a semantic divergence. Mitigation...
CVE-2025-66031
Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This...
Security Bulletin: Security Vulnerabilities in node.js packages affect IBM Voice Gateway
Summary Security Vulnerabilities in node.js packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-12816 DESCRIPTION: An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attacke...