Lucene search
+L

668 matches found

ibm
ibm
added 3 days ago7 views

Security Bulletin: Vulnerability in follow-redirects bundled with IBM Fusion and IBM Fusion HCI

Summary IBM Fusion and IBM Fusion HCI include the follow-redirects library, which is affected by an information exposure vulnerability. CVE-2026-40895 Vulnerability Details CVEID:CVE-2026-40895 DESCRIPTION: follow-redirects is an open source, drop-in replacement for Node's http and https modules...

7.5CVSS7AI score0.00486EPSS
Exploits0Affected Software2
osv
osv
added 2026/07/08 2:55 p.m.4 views

CVE-2026-49145 App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc

App::Ack versions through 3.10.0 for Perl read arbitrary files via --files-from in a project .ackrc. ack searches up the directory hierarchy from the current directory for a project .ackrc and loads its options. The project-source option blocklist in App::Ack::ConfigLoader does not include...

7.5CVSS6.2AI score0.00329EPSS
Exploits0References6
ibm
ibm
added 2026/07/07 1:50 p.m.3 views

Security Bulletin: IBM Maximo Scheduler Optimizer uses follow-redirects-1.15.11.tgz which is vulnerable to CVE-2026-40895

Summary IBM Maximo Scheduler Optimizer uses follow-redirects-1.15.11.tgz which is vulnerable to CVE-2026-40895. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-40895 DESCRIPTION: follow-redirects is an open source, drop-in...

7.5CVSS6AI score0.00486EPSS
Exploits0Affected Software1
ibm
ibm
added 2026/07/01 4:9 p.m.3 views

Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2026-40895)

Summary IBM Security SOAR uses an older version of the follow-redirects component that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.10.1 Vulnerability Details CVEID:CVE-2026-40895...

7.5CVSS7.1AI score0.00486EPSS
Exploits0Affected Software1
osv
osv
added 2026/06/30 8:17 p.m.2 views

CVE-2026-10129

IBM Langflow OSS 1.0.0 through 1.9.3 contains a Server-Side Request Forgery SSRF protection bypass vulnerability in the API Request component. An authenticated attacker with low-level privileges flow author role can bypass SSRF protections by enabling the followredirects parameter and supplying a...

8.5CVSS6AI score
Exploits0References1
nessus
nessus
added 2026/06/30 12:0 a.m.7 views

IBM MQ 9.2 < 9.2.0.43 LTS / 9.3 < 10.0.0.0 CD / 9.3 < 9.3.0.41 LTS / 9.4 < 9.4.0.25 LTS (7277719)

The version of IBM MQ Server running on the remote host is affected by a vulnerability as referenced in the 7277719 advisory. - follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. Prior to 1.16.0, when an HTTP request...

7.5CVSS7.3AI score0.00486EPSS
Exploits0References2
nvd
nvd
added 2026/06/29 6:16 p.m.10 views

CVE-2026-57949

ruoyi-vue-pro through 2026.05, fixed in commit c779a47, contains a missing authorization vulnerability in the CRM module's GET /admin-api/crm/follow-up-record/get endpoint that allows authenticated users to read any follow-up record by iterating sequential numeric IDs. Attackers can exploit this ...

7.1CVSS0.00231EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/06/29 5:19 p.m.9 views

CVE-2026-57949 ruoyi-vue-pro - Missing Authorization in CRM Follow-up Record GET Endpoint

ruoyi-vue-pro through 2026.05, fixed in commit c779a47, contains a missing authorization vulnerability in the CRM module's GET /admin-api/crm/follow-up-record/get endpoint that allows authenticated users to read any follow-up record by iterating sequential numeric IDs. Attackers can exploit this ...

7.1CVSS5.9AI score0.00231EPSS
Exploits0References3
euvd
euvd
added 2026/06/29 5:19 p.m.9 views

EUVD-2026-40166

ruoyi-vue-pro through 2026.05, fixed in commit c779a47, contains a missing authorization vulnerability in the CRM module's GET /admin-api/crm/follow-up-record/get endpoint that allows authenticated users to read any follow-up record by iterating sequential numeric IDs. Attackers can exploit this ...

7.1CVSS5.9AI score0.00231EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/06/29 5:19 p.m.10 views

CVE-2026-57949

ruoyi-vue-pro through 2026.05, fixed in commit c779a47, contains a missing authorization vulnerability in the CRM module's GET /admin-api/crm/follow-up-record/get endpoint that allows authenticated users to read any follow-up record by iterating sequential numeric IDs. Attackers can exploit this ...

7.1CVSS5.9AI score0.00231EPSS
Exploits0References4
cve
cve
added 2026/06/29 5:19 p.m.17 views

CVE-2026-57949

ruoyi-vue-pro (through 2026.05) contains a missing authorization vulnerability in the CRM module’s GET /admin-api/crm/follow-up-record/get endpoint. The issue allows an authenticated user to read any follow-up record by iterating sequential numeric IDs, exfiltrating follow-up notes, file attachme...

7.1CVSS5.9AI score0.00231EPSS
Exploits0References3
osv
osv
added 2026/06/29 5:19 p.m.4 views

CVE-2026-57949 ruoyi-vue-pro - Missing Authorization in CRM Follow-up Record GET Endpoint

ruoyi-vue-pro through 2026.05, fixed in commit c779a47, contains a missing authorization vulnerability in the CRM module's GET /admin-api/crm/follow-up-record/get endpoint that allows authenticated users to read any follow-up record by iterating sequential numeric IDs. Attackers can exploit this ...

7.1CVSS6.1AI score0.00231EPSS
Exploits0References6
cvelist
cvelist
added 2026/06/29 5:19 p.m.35 views

CVE-2026-57949 ruoyi-vue-pro - Missing Authorization in CRM Follow-up Record GET Endpoint

ruoyi-vue-pro through 2026.05, fixed in commit c779a47, contains a missing authorization vulnerability in the CRM module's GET /admin-api/crm/follow-up-record/get endpoint that allows authenticated users to read any follow-up record by iterating sequential numeric IDs. Attackers can exploit this ...

7.1CVSS0.00231EPSS
Exploits0References3
ibm
ibm
added 2026/06/27 3:52 p.m.12 views

Security Bulletin: Vulnerabilities in axios, follow-redirects, fast-uri and babel might affect IBM Storage Defender Sentinel Anomaly Scan Engine.

Summary IBM Storage Defender Sentinel Anomaly Scan Engine can be affected by axios, follow-redirects, fast-uri and babel. Vulnerabilities include allowing an attacker to create Prototype Pollution in any third-party dependency to be escalated into Remote Code Execution, inject vulnerable code,...

9CVSS5.8AI score0.01815EPSS
Exploits5Affected Software1
osv
osv
added 2026/06/26 12:32 p.m.24 views

ROOT-APP-NPM-GHSA-R4Q5-VMMM-2653 GHSA-r4q5-vmmm-2653 in @rootio/follow-redirects - Patched by Root

Root has patched GHSA-r4q5-vmmm-2653 in the @rootio/follow-redirects package for Root:npm. Multiple fixed versions available...

5.8AI score
Exploits0
cve
cve
added 2026/06/25 8:1 p.m.22 views

CVE-2026-7531

CVE-2026-7531 describes a use-after-free in the handling of PQC hybrid key-shares for TLS 1.3. The issue occurs when a malicious server sends a truncated PQC hybrid KeyShare, which can trigger the error cleanup path to operate on freed memory. Documents consistently label this as an incomplete fi...

9.8CVSS5.9AI score0.00346EPSS
Exploits0References2Affected Software1
ibm
ibm
added 2026/06/25 7:2 p.m.4 views

Security Bulletin: SPSS Collaboration and Deployment Services is affected by vulnerabilities in i18next, follow-redirects, & brace-expansion

Summary SPSS Collaboration and Deployment Services is affected by vulnerabilities in i18next, follow-redirects, & brace-expansion. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2026-40895 DESCRIPTION: follow-redirects is an open source, drop-in replacement fo...

9.1CVSS6AI score0.00486EPSS
Exploits0Affected Software1
redhat
redhat
added 2026/06/25 6:47 p.m.8 views

keycloak: Keycloak: Information disclosure through arbitrary filesystem path probing

A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, determining...

4.9CVSS5.9AI score0.00519EPSS
Exploits0References4
ibm
ibm
added 2026/06/25 4:30 p.m.6 views

Security Bulletin: Multiple vulnerabilities in IBM DevOps Solution Workbench

Summary Multiple vulnerabilities were addressed in IBM DevOps Solution Workbench version 5.2.0 Vulnerability Details CVEID:CVE-2026-40895 DESCRIPTION: follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. Prior to 1.16.0,...

9.8CVSS6.6AI score0.01339EPSS
Exploits4Affected Software1
attackerkb
attackerkb
added 2026/06/25 4:17 p.m.8 views

CVE-2026-9083

A flaw was found in Keycloak. A realm administrator with the "manage-realm" role can exploit this vulnerability by submitting an arbitrary filesystem path as a keystore parameter when creating a key provider component. This allows the administrator to probe arbitrary filesystem paths, determining...

4.9CVSS5.9AI score0.00519EPSS
Exploits0References7
Rows per page
Query Builder