Lucene search
+L

251 matches found

Rosalinux
Rosalinux
added 2026/01/26 12:11 p.m.7 views

Advisory ROSA-SA-2026-3117

software: ffmpeg 4.4.6 OS: ROSA-CHROME unaffected versions = ffmpeg-4.4.6-2 affected versions ffmpeg-4.4.6-2 CVE-ID: CVE-2023-6601 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in FFmpeg's HLS demultiplexer allows bypassing dangerous file extension checks and launching arbitrary...

4.7CVSS5.9AI score0.00397EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.5 views

Oracle GoldenGate (January 2026 CPU)

The detected versions of GoldenGate installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2026 CPU advisory. - axios is a promise based HTTP client for the browser and node.js. The issue occurs when passing absolute URLs rather than protocol-relative...

8.7CVSS6.7AI score0.0106EPSS
Exploits2References4
OSV
OSV
added 2026/01/15 8:12 p.m.5 views

GHSA-58Q2-9X27-H2JM solspace/craft-freeform Has a DoS Vulnerability

Summary Freeform plugin v4.1.29 uses vulnerable Axios ^1.7.7 allowing unauthenticated attackers to crash servers via malicious data: URIs causing memory exhaustion CVE-2025-58754. Freeform version: 4.1.29 Craft CMS version: 4.16.8 Impact When Axios runs on Node.js and is given a URL with the data...

6.9CVSS6.6AI score
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/01/15 8:12 p.m.10 views

solspace/craft-freeform Has a DoS Vulnerability

Summary Freeform plugin v4.1.29 uses vulnerable Axios ^1.7.7 allowing unauthenticated attackers to crash servers via malicious data: URIs causing memory exhaustion CVE-2025-58754. Freeform version: 4.1.29 Craft CMS version: 4.16.8 Impact When Axios runs on Node.js and is given a URL with the data...

7.5CVSS6.1AI score0.0106EPSS
Exploits1References8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/15 6:50 p.m.6 views

Security Bulletin: A vulnerability in axios affects IBM Robotic Process Automation and may result in a denial of service (CVE-2025-58754)

Summary A vulnerability in axios affects IBM Robotic Process Automation and may result in a denial of service. form-data is used by IBM Robotic Process Automation as part of the UI framework. This bulletin identifies the fixes required to address this vulnerability. Vulnerability Details...

7.5CVSS8.4AI score0.0106EPSS
Exploits1Affected Software1
AstraLinux
AstraLinux
added 2026/01/13 2:1 p.m.4 views

Astra Linux – Vulnerability in libsoup3

A flaw was discovered in libsoup. The libsoup soupuridecodedatauri function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service DoS attack...

5.9CVSS6.3AI score0.00519EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/02 6:10 p.m.6 views

Security Bulletin: Rational Performance Tester contains a vulnerability which could affect its use of the JavaScript HTTP client Axios

Summary Due to the use of the JavaScript HTTP client Axios, Rational Performance Tester contains a vulnerability which can result in a potential dential of service attack. Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Whe...

7.5CVSS6.7AI score0.0106EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2025/12/10 6:0 p.m.5 views

axios: Axios DoS via lack of data size check

A denial of service flaw has been discovered in the Axios npm package. When Axios runs on Node.js and is given a URL with the data: scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory Buffer/Blob and returns a synthetic 200 response. This path...

7.5CVSS7.1AI score0.0106EPSS
Exploits1References8
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/02 2:51 p.m.15 views

Security Bulletin: Multiple vulnerabilities in IBM QRadar Use Case Manager app

Summary Multiple vulnerabilities were addressed in IBM QRadar Use Case Manager app version 4.1.0 Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a...

9.4CVSS5.5AI score0.02342EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/10 8:26 a.m.20 views

Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.

Summary Multiple vulnerabilities were addressed in IBM Concert Software version 2.1.0 Vulnerability Details CVEID:CVE-2023-47038 DESCRIPTION: A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attack...

7.8CVSS6.9AI score0.0118EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/06 6:41 a.m.4 views

Security Bulletin: Due to use of Axios, IBM watsonx Code Assistant IDE Extensions is affected by unbounded memory and denial of service

Summary Axios is used internally by IBM watsonx Code Assistant IDE Extensions CVE-2025-58754 Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. When Axios prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL...

7.5CVSS6.9AI score0.0106EPSS
Exploits1Affected Software2
OSV
OSV
added 2025/10/17 5:0 a.m.5 views

CVE-2025-11849

Versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth before 1.11.0; versions of the package org.zwobble.mammoth:mammoth before 1.11.0 are vulnerable to Directory Traversal due to the lack of...

6.4CVSS6.8AI score0.00942EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2025/10/17 5:0 a.m.2 views

CVE-2025-11849

Versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth from 0.3.25 and before 1.11.0; versions of the package mammoth before 1.11.0; versions of the package org.zwobble.mammoth:mammoth before 1.11.0 are vulnerable to Directory Traversal due to the lack of...

9.3CVSS6.4AI score0.00942EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/16 12:14 p.m.9 views

Security Bulletin: IBM QRadar Investigation Assistant app for IBM QRadar SIEM includes components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar Investigation Assistant app for IBM QRadar SIEM has addressed the applicable CVEs Vulnerability Details CVEID:CVE-2025-58754 DESCRIPTION: Axios is a...

8.7CVSS6.5AI score0.0106EPSS
Exploits1Affected Software1
Snyk
Snyk
added 2025/10/14 8:4 p.m.5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to the lack of path or file type validation when processing a docx file containing an image with an external link r:link attribute instead of embedded r:embed. The library resolves the URI to a file path and afte...

9.3CVSS7.5AI score0.00942EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/14 8:4 p.m.5 views

Directory Traversal

Overview mammoth is a Convert Word documents from docx to simple HTML and Markdown Affected versions of this package are vulnerable to Directory Traversal due to the lack of path or file type validation when processing a docx file containing an image with an external link r:link attribute instead...

9.3CVSS7.5AI score0.00942EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/14 8:4 p.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to the lack of path or file type validation when processing a docx file containing an image with an external link r:link attribute instead of embedded r:embed. The library resolves the URI to a file path and afte...

9.3CVSS7.5AI score0.00942EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2004-2217

Malware in sbrugna...

5CVSS6.4AI score0.01805EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2015-3016

Malware in sbrugna...

4.3CVSS6.1AI score0.02216EPSS
Exploits1References10
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2009-2995

Malware in sbrugna...

4.3CVSS6.4AI score0.00938EPSS
Exploits1References4
Rows per page
Query Builder