Important: Red Hat Security Advisory: Red Hat Web Terminal Operator 1.15.0 release.

Red Hat Web Terminal Operator 1.15.0 has been released. The Web Terminal provides a way to access a fully in-browser terminal emulator within the OpenShift Console. Command-line tools for interacting with the OpenShift cluster are pre-installed...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses axios-1.15.0.tgz which is vulnerable to multiple CVEs.

Summary IBM Maximo Application Suite - Visual Inspection component uses axios-1.15.0.tgz which is vulnerable to multiple CVEs CVE-2026-42033, CVE-2026-42034, CVE-2026-42035, CVE-2026-42036, CVE-2026-42037, CVE-2026-42038, CVE-2026-42039, CVE-2026-42040, CVE-2026-42041, CVE-2026-42042,...

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in axios (CVE-2026-25639)

Summary A Denial of Service vulnerability in the axios library CVE-2026-25639 used by IBM InfoSphere Optim Archive Viewer has been addressed by upgrading the library to version 1.15.0. Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is a promise based HTTP client for the browser and...

CVE-2026-39821 affecting package kured for versions less than 1.15.0-5

CVE-2026-39821 affecting package kured for versions less than 1.15.0-5. A patched version of the package is available...

Security Bulletin: IBM Edge Data Collector uses axios-1.15.0.tgz which is vulnerable to CVE-2026-42264

Summary IBM Edge Data Collector Component uses axios-1.15.0.tgz which is vulnerable to CVE-2026-42264. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-42264 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. From...

Security Bulletin: IBM z/TPF Development is affected by multiple vulnerabilities reported in the axios package

Summary Multiple vulnerabilities were identified in the open-source package axios version 1.15.0, which provides the HTTPS/HTTP client used by the extension. Fixes for these vulnerabilities were made available in axios version 1.15.2. Vulnerability Details CVEID:CVE-2026-42033 DESCRIPTION: Axios ...

Files or Directories Accessible to External Parties

Overview Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties via the jarURI parameter in FlinkSessionJob's validateSessionJob, which is not properly validated. A user with Custom Resource create permissions can access arbitrary files from the...

WordPress Corbesier theme <= 1.15.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Corbesier versions = 1.15.0...

CLEANSTART-2026-NR54556 Security fixes for CVE-2025-11579, CVE-2026-1229, CVE-2026-21726, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, CVE-2026-33762, CVE-2026-34040, CVE-2026-34165, CVE-2026-34986, CVE-2026-39882, ghsa-3xc5-wrhm-f963, ghsa-497x-rrr9-68jp, ghsa-6g7g-w4f8-9c9x, ghsa-78h2-9frx-2jm8, ghsa-9h8m-3fm2-qjrq, ghsa-fw7p-63qq-7hpr, ghsa-gm2x-2g9h-ccm8, ghsa-jhf3-xxhw-2wpp, ghsa-jqcq-xjh3-6g23, ghsa-p77j-4mvh-x3m3, ghsa-q9hv-hpm4-hj6x, ghsa-rwvp-r38j-9rgg, ghsa-w8rr-5gcm-pp58, ghsa-x6gf-mpr2-68h6, ghsa-xmrv-pmrh-hhx2 applied in versions: 1.12.1-r2, 1.15.0-r0, 1.15.0-r1, 1.15.0-r2, 1.15.1-r0

Multiple security vulnerabilities affect the grafana-alloy-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality (CVE-2025-62718)

Summary Node.js module axios is used by IBM App Connect Enterprise Certified Container for HTTP communications. IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality. This bulletin provides patch information to address the reported vulnerability in...

OpenTelemetry 安全漏洞

OpenTelemetry is an open-source, vendor-neutral, open-source observability framework developed by OpenTelemetry. Versions of OpenTelemetry 1.15.0-beta.1 and earlier contain security vulnerabilities. These vulnerabilities stem from the AzureVmMetaDataRequestor class, which reads response bodies...

Fedora 44 : pgadmin4 (2026-34c2bf6df4)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-34c2bf6df4 advisory. Update axios to 1.15.0, fixes CVE-2026-40175 and CVE-2025-62718. ---- Update to pgadmin4-9.14. Tenable has extracted the preceding description block...

Important: Red Hat Security Advisory: Red Hat Web Terminal Operator 1.15.0 release.

Red Hat Web Terminal Operator 1.15.0 has been released. The Web Terminal provides a way to access a fully in-browser terminal emulator within the OpenShift Console. Command-line tools for interacting with the OpenShift cluster are pre-installed...

CVE-2026-40175

Axios is a promise based HTTP client for the browser and Node.js. Versions prior to 1.15.0 and 0.3.1 are vulnerable to a specific gadget-style attack chain in which prototype pollution in a third-party dependency may be leveraged to inject unsanitized header values into outbound requests. This...

EUVD-2025-209381

Axios has a NOPROXY Hostname Normalization Bypass Leads to SSRF...

CVE-2025-62718 Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NOPROXY rules. Requests to loopback addresses like localhost. with a trailing dot or ::1 IPv6 literal skip NOPROXY matching and go...

CVE-2025-62718 Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NOPROXY rules. Requests to loopback addresses like localhost. with a trailing dot or ::1 IPv6 literal skip NOPROXY matching and go...

CVE-2025-62718

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NOPROXY rules. Requests to loopback addresses like localhost. with a trailing dot or ::1 IPv6 literal skip NOPROXY matching and go...

PT-2026-31616

Name of the Vulnerable Software and Affected Versions Axios versions prior to 0.31.0 Axios versions prior to 1.15.0 Description Axios does not correctly handle hostname normalization when checking NO PROXY rules. Because the software performs a literal string comparison instead of normalizing...

Permissive Cross-domain Policy with Untrusted Domains

Overview Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted Domains via a misconfigured CORS policy that reflects arbitrary origins and allows credentials. An attacker can gain unauthorized access to sensitive data and perform actions on behalf of...