Lucene search
K

240 matches found

vulnersOsv
vulnersOsv
added 2026/03/26 9:57 p.m.8 views

-fides-amor-et-lux (=1.0.0), -tompan-reacttemplate (>=1.0.1 <=1.1.0) +41756 more potentially affected by CVE-2026-33891 via node-forge (>=0.10.0 <=1.3.3)

node-forge NPM version =0.10.0, =1.0.1, =1.1.0 - 00ld8nuivn =2.1.0 - 00rqiw31nd =2.1.0 - 01dk01majk =2.1.0 - 02rjq8i863 =1.1.0 - 02vx8qsp01 =2.1.0 - 05y6tjgmws =1.1.0 - 066m7q8o0z =2.1.0 - 06buj9h3su =2.1.0 - 06dre15t8r =2.1.0 - 0726react =0.1.1 - 07fgapmu9l =1.1.0 - 07t2xvu6t4 =2.1.0 - 0850u4lkp...

7.5CVSS5.7AI score0.00596EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2026/03/26 9:57 p.m.6 views

Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input

Summary A Denial of Service DoS vulnerability exists in the node-forge library due to an infinite loop in the BigInteger.modInverse function inherited from the bundled jsbn library. When modInverse is called with a zero value as input, the internal Extended Euclidean Algorithm enters an unreachab...

7.5CVSS5.8AI score0.00596EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.4 views

PT-2026-28556

Name of the Vulnerable Software and Affected Versions node-forge versions prior to 1.4.0 Description A Denial of Service DoS issue exists in the node-forge library due to an infinite loop within the BigInteger.modInverse function, inherited from the bundled jsbn library. When modInverse is called...

7.5CVSS5.9AI score0.00596EPSS
Exploits1References186
RedHat Linux
RedHat Linux
added 2026/03/05 11:31 a.m.7 views

Important: Red Hat Security Advisory: Red Hat OpenShift GitOps v1.18.4 security update

Important: Red Hat OpenShift GitOps v1.18.4 security update An update is now available for Red Hat OpenShift GitOps. Bug Fixes and Enhancements: GITOPS-8439 CVE-2025-12816 openshift-gitops-1/console-plugin-rhel8: node-forge: Interpretation conflict vulnerability allows bypassing cryptographic...

10CVSS6.9AI score0.02667EPSS
Exploits2References10
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/26 3:4 a.m.10 views

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and fixpack Vulnerability Details CVEID:CVE-2025-64756 DESCRIPTION: Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the...

9.8CVSS6.7AI score0.03092EPSS
Exploits4Affected Software1
Debian
Debian
added 2026/02/06 9:24 p.m.7 views

[SECURITY] [DLA 4471-1] debian-security-support update

Debian LTS Advisory DLA-4471-1 [email protected] https://www.debian.org/lts/security/ Santiago Ruano Rincón February 06, 2026 https://wiki.debian.org/LTS Package : debian-security-support Version : 1:11+2026.02.06 Debian Bug : 1117607 1119290 1124248 debian-security-support, the Debian...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/02/06 12:0 a.m.4 views

Debian dla-4471 : debian-security-support - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4471 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4471-1 [email protected] https://www.debian.org/lts/security/...

5.5AI score
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 8:28 a.m.11 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses node-forge which is vulnerable to CVE-2025-66030, CVE-2025-66031

Summary IBM Maximo Application Suite - Visual Inspection component uses node-forge which is vulnerable to CVE-2025-66030, CVE-2025-66031, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-66030 DESCRIPTION: Forge also called...

8.7CVSS5.7AI score0.00373EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 8:27 a.m.9 views

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses node-forge which is vulnerable to CVE-2025-12816

Summary IBM Maximo Application Suite - Visual Inspection component uses node-forge which is vulnerable to CVE-2025-12816 , This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2025-12816 DESCRIPTION: An interpretation-conflict CWE-436...

8.6CVSS5.9AI score0.00689EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 5:39 a.m.9 views

Security Bulletin: IBM Maximo Application Suite uses node-forge-1.3.1.tgz,aiohttp-3.13.2-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl and WebSphere Application Server v.25.0.0.10 which is vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite uses node-forge-1.3.1.tgz,aiohttp-3.13.2-cp311-cp311-manylinux2014x8664.manylinux217x8664.manylinux228x8664.whl and WebSphere Application Server v.25.0.0.10 which is vulnerable to CVE-2025-12816, CVE-2025-69223, CVE-2025-69224, CVE-2025, CVE-2025-66030,...

8.7CVSS5.9AI score0.00689EPSS
Exploits1Affected Software1
F5 Networks
F5 Networks
added 2026/01/22 9:27 p.m.11 views

K000159607: Node-forge vulnerability CVE-2025-12816

Security Advisory Description An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic...

8.6CVSS6.4AI score0.00689EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2025/12/25 12:46 a.m.7 views

SUSE CVE-2025-12816

An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions...

8.6CVSS7AI score0.00689EPSS
Exploits1References9
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/19 3:32 p.m.7 views

Security Bulletin: IBM App Connect Enterprise Certified Container is vulnerable to denial of service and loss of integrity [CVE-2025-12816, CVE-2025-66030, CVE-2025-66031]

Summary Node.js module node-forge is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container IntegrationRuntime and IntegrationServer operands are vulnerable to denial of service and loss of integrity. This bulletin provides patch information to...

8.7CVSS6.4AI score0.00689EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2025/12/09 3:24 p.m.9 views

Important: Red Hat Security Advisory: Kiali 2.17.2 for Red Hat OpenShift Service Mesh 3.2

Kiali 2.17.2 for Red Hat OpenShift Service Mesh 3.2 Kiali 2.17.2, for Red Hat OpenShift Service Mesh 3.2, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently. Security Fixes:...

8.7CVSS6.9AI score0.03092EPSS
Exploits2References7
RedHat Linux
RedHat Linux
added 2025/12/09 2:59 p.m.7 views

Important: Red Hat Security Advisory: Kiali 2.11.5 for Red Hat OpenShift Service Mesh 3.1

Kiali 2.11.5 for Red Hat OpenShift Service Mesh 3.1 This update has a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Kiali 2.11.5, for Red...

8.7CVSS6.9AI score0.03092EPSS
Exploits2References7
RedHat Linux
RedHat Linux
added 2025/12/09 2:59 p.m.5 views

Important: Red Hat Security Advisory: Kiali 2.4.11 for Red Hat OpenShift Service Mesh 3.0

Kiali 2.4.11 for Red Hat OpenShift Service Mesh 3.0 Kiali 2.4.11, for Red Hat OpenShift Service Mesh 3.0, provides observability for the service mesh by offering a visual representation of the mesh topology and metrics, helping users monitor, trace, and manage efficiently Security Fixes:...

8.7CVSS6.9AI score0.03092EPSS
Exploits2References7
RedhatCVE
RedhatCVE
added 2025/12/06 10:52 p.m.15 views

CVE-2025-66030

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be...

6.3CVSS6.9AI score0.00276EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/12/05 7:24 p.m.4 views

CVE-2025-12816

A flaw was found in node-forge. This vulnerability allows unauthenticated attackers to bypass downstream cryptographic verifications and security decisions via crafting ASN.1 Abstract Syntax Notation One structures to desynchronize schema validations, yielding a semantic divergence. Mitigation...

8.7CVSS4.1AI score0.00689EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2025/12/02 10:53 p.m.3 views

CVE-2025-66031

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This...

8.7CVSS4.1AI score0.00373EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/02 4:28 p.m.7 views

Security Bulletin: Security Vulnerabilities in node.js packages affect IBM Voice Gateway

Summary Security Vulnerabilities in node.js packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-12816 DESCRIPTION: An interpretation-conflict CWE-436 vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attacke...

8.7CVSS5.7AI score0.00689EPSS
Exploits2Affected Software1
Rows per page
Query Builder