Lucene search
K

19 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/12/11 11:8 a.m.5 views

Security Bulletin: Formidable 2.1.0–3.5.2 Uses Non-Cryptographically Secure hexoid for Filename Randomization, affects watsonx.data

Summary Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid...

3.1CVSS5.5AI score0.0036EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/03 6:6 a.m.14 views

Security Bulletin: IBM Automation Decision Services for October 2025 - Multiple CVEs addressed

Summary IBM Automation Decision Services is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed Vulnerability Details CVEID:CVE-2025-46653...

8.1CVSS7.7AI score0.26049EPSS
Exploits4Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-12478

Malicious code in bioql PyPI...

3.1CVSS6.4AI score0.0036EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2025/08/21 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-46653

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoi...

3.1CVSS5AI score0.0036EPSS
Exploits1References4
Veracode
Veracode
added 2025/05/07 5:59 p.m.5 views

Insecure Randomness

Formidable is vulnerable to Insecure Randomness. The vulnerability is due to weak randomness due to the use of the non-cryptographically secure hexoid module for generating temporary filenames for untrusted content...

3.1CVSS3.7AI score0.0036EPSS
Exploits1References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/04/28 12:3 a.m.7 views

CVE-2025-46653

Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid string nee...

3.1CVSS7AI score0.0036EPSS
Exploits1References6
OSV
OSV
added 2025/04/26 9:31 p.m.3 views

GHSA-75V8-2H7P-7M2M Formidable relies on hexoid to prevent guessing of filenames for untrusted executable content

Formidable aka node-formidable 2.x before 2.1.3 and 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid...

3.1CVSS6.7AI score0.0036EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2025/04/26 9:31 p.m.7 views

Formidable relies on hexoid to prevent guessing of filenames for untrusted executable content

Formidable aka node-formidable 2.x before 2.1.3 and 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid...

3.1CVSS3.6AI score0.0036EPSS
Exploits1References8Affected Software1
NVD
NVD
added 2025/04/26 9:15 p.m.10 views

CVE-2025-46653

Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid string nee...

3.1CVSS0.0036EPSS
Exploits1References3
OSV
OSV
added 2025/04/26 9:15 p.m.3 views

DEBIAN-CVE-2025-46653

Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid string nee...

3.1CVSS4.7AI score0.0036EPSS
Exploits1References1
OSV
OSV
added 2025/04/26 9:15 p.m.3 views

UBUNTU-CVE-2025-46653

Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid string nee...

3.1CVSS6.7AI score0.0036EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/04/26 12:0 a.m.11 views

CVE-2025-46653

Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid string nee...

3.1CVSS0.0036EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/04/26 12:0 a.m.4 views

formidable 安全特征问题漏洞

formidable is a Node.js module for formidable for parsing form data, especially file uploads. A security signature issue vulnerability exists in versions of formidable prior to 2.1.0 through 3.5.3, which stems from an insufficiently secure filename generated by hexoid, which could lead to the...

8.8CVSS5.5AI score0.0036EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/04/26 12:0 a.m.5 views

PT-2025-17962

Name of the Vulnerable Software and Affected Versions Formidable versions 2.1.0 through 3.x before 3.5.3 Description The issue relies on hexoid to prevent guessing of filenames for untrusted executable content. However, hexoid is documented as not cryptographically secure. There is a scenario in...

8.8CVSS4.7AI score0.0036EPSS
Exploits1References22
OSV
OSV
added 2025/04/26 12:0 a.m.9 views

CVE-2025-46653

Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid string nee...

3.1CVSS6.9AI score0.0036EPSS
Exploits1References5
CVE
CVE
added 2025/04/26 12:0 a.m.244 views

CVE-2025-46653

CVE-2025-46653 affects Formidable (node-formidable) 2.1.0–3.x up to 3.5.3. The issue is that it relies on hexoid to prevent filename guessing for untrusted executable content, but hexoid is not cryptographically secure, which could enable guessing of hexoid strings in some cases. The IBM security...

3.1CVSS7.3AI score0.0036EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/26 12:0 a.m.4 views

CVE-2025-46653

Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid string nee...

3.1CVSS6.9AI score0.0036EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2025/04/26 12:0 a.m.3 views

CVE-2025-46653

Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." Also, there is a scenario in which only the last two characters of a hexoid string nee...

3.1CVSS4.6AI score0.0036EPSS
Exploits1
Snyk
Snyk
added 2025/04/19 1:42 a.m.2 views

Insecure Randomness

Overview Affected versions of this package are vulnerable to Insecure Randomness due to its use of the hexoid function in the generation of fingerprint IDs. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Commit - Vulnerability Report Credit: ZAST.AI...

8.8CVSS6.9AI score0.0036EPSS
Exploits1References2
Rows per page
Query Builder