Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-58754 (GCVE-0-2025-58754)
Vulnerability from cvelistv5 – Published: 2025-09-12 01:16 – Updated: 2026-01-16 14:50
VLAI
EPSS
Title
Axios is vulnerable to DoS attack through lack of data size check
Summary
Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (`Buffer`/`Blob`) and returns a synthetic 200 response. This path ignores `maxContentLength` / `maxBodyLength` (which only protect HTTP responses), so an attacker can supply a very large `data:` URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested `responseType: 'stream'`. Versions 0.30.2 and 1.12.0 contain a patch for the issue.
Severity
7.5 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://github.com/axios/axios/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/axios/axios/pull/7011 | x_refsource_MISC |
| https://github.com/axios/axios/pull/7034 | x_refsource_MISC |
| https://github.com/axios/axios/commit/945435fc514… | x_refsource_MISC |
| https://github.com/axios/axios/commit/a1b1d3f073a… | x_refsource_MISC |
| https://github.com/axios/axios/commit/c30252f685e… | x_refsource_MISC |
| https://github.com/axios/axios/releases/tag/v0.30.2 | x_refsource_MISC |
| https://github.com/axios/axios/releases/tag/v1.12.0 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-58754",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-12T13:08:38.895896Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-12T13:08:42.426Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "axios",
"vendor": "axios",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.0, \u003c 1.12.0"
},
{
"status": "affected",
"version": "\u003e= 0.28.0, \u003c 0.30.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (`Buffer`/`Blob`) and returns a synthetic 200 response. This path ignores `maxContentLength` / `maxBodyLength` (which only protect HTTP responses), so an attacker can supply a very large `data:` URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested `responseType: \u0027stream\u0027`. Versions 0.30.2 and 1.12.0 contain a patch for the issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T14:50:09.107Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj"
},
{
"name": "https://github.com/axios/axios/pull/7011",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/axios/axios/pull/7011"
},
{
"name": "https://github.com/axios/axios/pull/7034",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/axios/axios/pull/7034"
},
{
"name": "https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593"
},
{
"name": "https://github.com/axios/axios/commit/a1b1d3f073a988601583a604f5f9f5d05a3d0b67",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/axios/axios/commit/a1b1d3f073a988601583a604f5f9f5d05a3d0b67"
},
{
"name": "https://github.com/axios/axios/commit/c30252f685e8f4326722de84923fcbc8cf557f06",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/axios/axios/commit/c30252f685e8f4326722de84923fcbc8cf557f06"
},
{
"name": "https://github.com/axios/axios/releases/tag/v0.30.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/axios/axios/releases/tag/v0.30.2"
},
{
"name": "https://github.com/axios/axios/releases/tag/v1.12.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/axios/axios/releases/tag/v1.12.0"
}
],
"source": {
"advisory": "GHSA-4hjh-wcwx-xvwj",
"discovery": "UNKNOWN"
},
"title": "Axios is vulnerable to DoS attack through lack of data size check"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-58754",
"datePublished": "2025-09-12T01:16:40.513Z",
"dateReserved": "2025-09-04T19:18:09.499Z",
"dateUpdated": "2026-01-16T14:50:09.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-58754",
"date": "2026-06-17",
"epss": "0.01099",
"percentile": "0.61311"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-58754\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-09-12T02:15:46.873\",\"lastModified\":\"2026-01-16T15:15:52.463\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (`Buffer`/`Blob`) and returns a synthetic 200 response. This path ignores `maxContentLength` / `maxBodyLength` (which only protect HTTP responses), so an attacker can supply a very large `data:` URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested `responseType: \u0027stream\u0027`. Versions 0.30.2 and 1.12.0 contain a patch for the issue.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:axios:axios:*:*:*:*:*:node.js:*:*\",\"versionEndExcluding\":\"0.30.2\",\"matchCriteriaId\":\"42CE8592-2921-474D-9A2A-B0ABFEDB2304\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:axios:axios:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"1.0.0\",\"versionEndExcluding\":\"1.12.0\",\"matchCriteriaId\":\"037955F5-7C7D-4C3F-886B-52B009B97300\"}]}]}],\"references\":[{\"url\":\"https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/axios/axios/commit/a1b1d3f073a988601583a604f5f9f5d05a3d0b67\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/axios/axios/commit/c30252f685e8f4326722de84923fcbc8cf557f06\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/axios/axios/pull/7011\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://github.com/axios/axios/pull/7034\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/axios/axios/releases/tag/v0.30.2\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/axios/axios/releases/tag/v1.12.0\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-58754\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-09-12T13:08:38.895896Z\"}}}], \"references\": [{\"url\": \"https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-09-12T13:08:31.642Z\"}}], \"cna\": {\"title\": \"Axios is vulnerable to DoS attack through lack of data size check\", \"source\": {\"advisory\": \"GHSA-4hjh-wcwx-xvwj\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"axios\", \"product\": \"axios\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 1.0.0, \u003c 1.12.0\"}, {\"status\": \"affected\", \"version\": \"\u003e= 0.28.0, \u003c 0.30.2\"}]}], \"references\": [{\"url\": \"https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj\", \"name\": \"https://github.com/axios/axios/security/advisories/GHSA-4hjh-wcwx-xvwj\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/axios/axios/pull/7011\", \"name\": \"https://github.com/axios/axios/pull/7011\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/axios/axios/pull/7034\", \"name\": \"https://github.com/axios/axios/pull/7034\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593\", \"name\": \"https://github.com/axios/axios/commit/945435fc51467303768202250debb8d4ae892593\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/axios/axios/commit/a1b1d3f073a988601583a604f5f9f5d05a3d0b67\", \"name\": \"https://github.com/axios/axios/commit/a1b1d3f073a988601583a604f5f9f5d05a3d0b67\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/axios/axios/commit/c30252f685e8f4326722de84923fcbc8cf557f06\", \"name\": \"https://github.com/axios/axios/commit/c30252f685e8f4326722de84923fcbc8cf557f06\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/axios/axios/releases/tag/v0.30.2\", \"name\": \"https://github.com/axios/axios/releases/tag/v0.30.2\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/axios/axios/releases/tag/v1.12.0\", \"name\": \"https://github.com/axios/axios/releases/tag/v1.12.0\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Axios is a promise based HTTP client for the browser and Node.js. When Axios starting in version 0.28.0 and prior to versions 0.30.2 and 1.12.0 runs on Node.js and is given a URL with the `data:` scheme, it does not perform HTTP. Instead, its Node http adapter decodes the entire payload into memory (`Buffer`/`Blob`) and returns a synthetic 200 response. This path ignores `maxContentLength` / `maxBodyLength` (which only protect HTTP responses), so an attacker can supply a very large `data:` URI and cause the process to allocate unbounded memory and crash (DoS), even if the caller requested `responseType: \u0027stream\u0027`. Versions 0.30.2 and 1.12.0 contain a patch for the issue.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"CWE-770: Allocation of Resources Without Limits or Throttling\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-01-16T14:50:09.107Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-58754\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-16T14:50:09.107Z\", \"dateReserved\": \"2025-09-04T19:18:09.499Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2025-09-12T01:16:40.513Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
WID-SEC-W-2025-2134
Vulnerability from csaf_certbund - Published: 2025-09-25 22:00 - Updated: 2026-03-30 22:00Summary
Red Hat Enterprise Linux (Developer Hub): Schwachstelle ermöglicht Denial of Service
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Red Hat Enterprise Linux (Developer Hub) (RHEL) ist eine populäre Linux-Distribution.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat Enterprise Linux (Developer Hub) ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Enterprise Linux Quay <3.16.0
Red Hat / Enterprise Linux
|
Quay <3.16.0 | ||
|
Red Hat Enterprise Linux
Red Hat / Enterprise Linux
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
Red Hat Enterprise Linux Developer Hub <1.6.5
Red Hat / Enterprise Linux
|
Developer Hub <1.6.5 | ||
|
IBM MQ
IBM
|
cpe:/a:ibm:mq:operator
|
— | |
|
Red Hat Ansible Automation Platform
Red Hat
|
cpe:/a:redhat:ansible_automation_platform:-
|
— |
References
21 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Red Hat Enterprise Linux (Developer Hub) (RHEL) ist eine popul\u00e4re Linux-Distribution.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in Red Hat Enterprise Linux (Developer Hub) ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2134 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2134.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2134 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2134"
},
{
"category": "external",
"summary": "Red Hat Security Advisory vom 2025-09-25",
"url": "https://access.redhat.com/errata/RHSA-2025:16747"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7248128 vom 2025-10-16",
"url": "https://www.ibm.com/support/pages/node/7248128"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:19221 vom 2025-10-29",
"url": "https://access.redhat.com/errata/RHSA-2025:19221"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:19335 vom 2025-10-30",
"url": "https://access.redhat.com/errata/RHSA-2025:19335"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7249661 vom 2025-10-30",
"url": "https://www.ibm.com/support/pages/node/7249661"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:19529 vom 2025-11-04",
"url": "https://access.redhat.com/errata/RHSA-2025:19529"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:19961 vom 2025-11-10",
"url": "https://access.redhat.com/errata/RHSA-2025:19961"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7251247 vom 2025-11-14",
"url": "https://www.ibm.com/support/pages/node/7251247"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:22684 vom 2025-12-04",
"url": "https://access.redhat.com/errata/RHSA-2025:22684"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:22759 vom 2025-12-04",
"url": "https://access.redhat.com/errata/RHSA-2025:22759"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23069 vom 2025-12-10",
"url": "https://access.redhat.com/errata/RHSA-2025:23069"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23131 vom 2025-12-11",
"url": "https://access.redhat.com/errata/RHSA-2025:23131"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:23546 vom 2025-12-17",
"url": "https://access.redhat.com/errata/RHSA-2025:23546"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0627 vom 2026-01-14",
"url": "https://access.redhat.com/errata/RHSA-2026:0627"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:0718 vom 2026-01-15",
"url": "https://access.redhat.com/errata/RHSA-2026:0718"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:1018 vom 2026-01-22",
"url": "https://access.redhat.com/errata/RHSA-2026:1018"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:1942 vom 2026-02-04",
"url": "https://access.redhat.com/errata/RHSA-2026:1942"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:6226 vom 2026-03-31",
"url": "https://access.redhat.com/errata/RHSA-2026:6226"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2025:19375 vom 2026-03-30",
"url": "https://access.redhat.com/errata/RHSA-2025:19375"
}
],
"source_lang": "en-US",
"title": "Red Hat Enterprise Linux (Developer Hub): Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2026-03-30T22:00:00.000+00:00",
"generator": {
"date": "2026-03-31T08:55:45.057+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-2134",
"initial_release_date": "2025-09-25T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-09-25T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-10-16T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-10-28T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-10-30T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Red Hat und IBM aufgenommen"
},
{
"date": "2025-11-03T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-11-09T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-11-16T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-12-03T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-12-04T23:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-12-10T23:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-12-11T23:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2025-12-17T23:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-01-14T23:00:00.000+00:00",
"number": "13",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-01-15T23:00:00.000+00:00",
"number": "14",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-01-22T23:00:00.000+00:00",
"number": "15",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-02-04T23:00:00.000+00:00",
"number": "16",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-03-30T22:00:00.000+00:00",
"number": "17",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "17"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM MQ",
"product": {
"name": "IBM MQ",
"product_id": "T036688",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:operator"
}
}
},
{
"category": "product_name",
"name": "IBM QRadar SIEM",
"product": {
"name": "IBM QRadar SIEM",
"product_id": "T021415",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Ansible Automation Platform",
"product": {
"name": "Red Hat Ansible Automation Platform",
"product_id": "T030096",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:ansible_automation_platform:-"
}
}
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"category": "product_version_range",
"name": "Developer Hub \u003c1.6.5",
"product": {
"name": "Red Hat Enterprise Linux Developer Hub \u003c1.6.5",
"product_id": "T047182"
}
},
{
"category": "product_version",
"name": "Developer Hub 1.6.5",
"product": {
"name": "Red Hat Enterprise Linux Developer Hub 1.6.5",
"product_id": "T047182-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:developer_hub__1.6.5"
}
}
},
{
"category": "product_version_range",
"name": "Quay \u003c3.16.0",
"product": {
"name": "Red Hat Enterprise Linux Quay \u003c3.16.0",
"product_id": "T049495"
}
},
{
"category": "product_version",
"name": "Quay 3.16.0",
"product": {
"name": "Red Hat Enterprise Linux Quay 3.16.0",
"product_id": "T049495-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:quay__3.16.0"
}
}
}
],
"category": "product_name",
"name": "Enterprise Linux"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-58754",
"product_status": {
"known_affected": [
"T049495",
"67646",
"T021415",
"T047182",
"T036688",
"T030096"
]
},
"release_date": "2025-09-25T22:00:00.000+00:00",
"title": "CVE-2025-58754"
}
]
}
WID-SEC-W-2025-2163
Vulnerability from csaf_certbund - Published: 2025-09-30 22:00 - Updated: 2025-10-30 23:00Summary
IBM App Connect Enterprise: Mehrere Schwachstellen
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM App Connect Enterprise kombiniert die branchenbewährten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.
Angriff: Ein lokaler Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Daten zu manipulieren, und um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
- Sonstiges
- UNIX
- Windows
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.5.0
IBM / App Connect Enterprise
|
<13.0.5.0 | ||
|
IBM App Connect Enterprise <12.0.12.18
IBM / App Connect Enterprise
|
<12.0.12.18 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM QRadar SIEM
IBM
|
cpe:/a:ibm:qradar_siem:-
|
— | |
|
IBM App Connect Enterprise <13.0.5.0
IBM / App Connect Enterprise
|
<13.0.5.0 | ||
|
IBM App Connect Enterprise <12.0.12.18
IBM / App Connect Enterprise
|
<12.0.12.18 | ||
|
IBM App Connect Enterprise
IBM / App Connect Enterprise
|
cpe:/a:ibm:app_connect_enterprise:-
|
— |
References
6 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM App Connect Enterprise kombiniert die branchenbew\u00e4hrten Technologien des IBM Integration Bus mit Cloud-nativen Technologien.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler Angreifer kann mehrere Schwachstellen in IBM App Connect Enterprise ausnutzen, um Daten zu manipulieren, und um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2163 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2163.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2163 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2163"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-09-30",
"url": "https://www.ibm.com/support/pages/node/7246664"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-09-30",
"url": "https://www.ibm.com/support/pages/node/7246662"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7248127 vom 2025-10-16",
"url": "https://www.ibm.com/support/pages/node/7248127"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7249810 vom 2025-10-31",
"url": "https://www.ibm.com/support/pages/node/7249810"
}
],
"source_lang": "en-US",
"title": "IBM App Connect Enterprise: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-10-30T23:00:00.000+00:00",
"generator": {
"date": "2025-10-31T12:33:29.931+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-2163",
"initial_release_date": "2025-09-30T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-09-30T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-10-16T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2025-10-30T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM App Connect Enterprise",
"product": {
"name": "IBM App Connect Enterprise",
"product_id": "T032495",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:-"
}
}
},
{
"category": "product_version_range",
"name": "\u003c13.0.5.0",
"product": {
"name": "IBM App Connect Enterprise \u003c13.0.5.0",
"product_id": "T047292"
}
},
{
"category": "product_version",
"name": "13.0.5.0",
"product": {
"name": "IBM App Connect Enterprise 13.0.5.0",
"product_id": "T047292-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:13.0.5.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c12.0.12.18",
"product": {
"name": "IBM App Connect Enterprise \u003c12.0.12.18",
"product_id": "T047293"
}
},
{
"category": "product_version",
"name": "12.0.12.18",
"product": {
"name": "IBM App Connect Enterprise 12.0.12.18",
"product_id": "T047293-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:12.0.12.18"
}
}
}
],
"category": "product_name",
"name": "App Connect Enterprise"
},
{
"category": "product_name",
"name": "IBM QRadar SIEM",
"product": {
"name": "IBM QRadar SIEM",
"product_id": "T021415",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:qradar_siem:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-36843",
"product_status": {
"known_affected": [
"T021415",
"T047292",
"T047293",
"T032495"
]
},
"release_date": "2025-09-30T22:00:00.000+00:00",
"title": "CVE-2020-36843"
},
{
"cve": "CVE-2025-58754",
"product_status": {
"known_affected": [
"T021415",
"T047292",
"T047293",
"T032495"
]
},
"release_date": "2025-09-30T22:00:00.000+00:00",
"title": "CVE-2025-58754"
}
]
}
WID-SEC-W-2025-2465
Vulnerability from csaf_certbund - Published: 2025-11-02 23:00 - Updated: 2026-02-01 23:00Summary
IBM InfoSphere Information Server (Axios): Schwachstelle ermöglicht Denial of Service
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM InfoSphere Information Server ist eine Softwareplattform zur Integration heterogener Daten.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM InfoSphere Information Server ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme: - Sonstiges
- UNIX
- Windows
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM InfoSphere Information Server <11.7.1.0
IBM / InfoSphere Information Server
|
<11.7.1.0 | ||
|
IBM Business Automation Workflow
IBM
|
cpe:/a:ibm:business_automation_workflow:-
|
— | |
|
IBM InfoSphere Information Server <11.7.1.6
IBM / InfoSphere Information Server
|
<11.7.1.6 |
References
4 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM InfoSphere Information Server ist eine Softwareplattform zur Integration heterogener Daten.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM InfoSphere Information Server ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2465 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2465.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2465 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2465"
},
{
"category": "external",
"summary": "IBM Security Bulletin vom 2025-11-02",
"url": "https://www.ibm.com/support/pages/node/7249766"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7259322 vom 2026-01-30",
"url": "https://www.ibm.com/support/pages/node/7259322"
}
],
"source_lang": "en-US",
"title": "IBM InfoSphere Information Server (Axios): Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2026-02-01T23:00:00.000+00:00",
"generator": {
"date": "2026-02-02T09:26:55.495+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-2465",
"initial_release_date": "2025-11-02T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-11-02T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-02-01T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "IBM Business Automation Workflow",
"product": {
"name": "IBM Business Automation Workflow",
"product_id": "T019704",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c11.7.1.0",
"product": {
"name": "IBM InfoSphere Information Server \u003c11.7.1.0",
"product_id": "T048263"
}
},
{
"category": "product_version",
"name": "11.7.1.0",
"product": {
"name": "IBM InfoSphere Information Server 11.7.1.0",
"product_id": "T048263-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:infosphere_information_server:11.7.1.0"
}
}
},
{
"category": "product_version_range",
"name": "\u003c11.7.1.6",
"product": {
"name": "IBM InfoSphere Information Server \u003c11.7.1.6",
"product_id": "T048264"
}
},
{
"category": "product_version",
"name": "11.7.1.6",
"product": {
"name": "IBM InfoSphere Information Server 11.7.1.6",
"product_id": "T048264-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:infosphere_information_server:11.7.1.6"
}
}
}
],
"category": "product_name",
"name": "InfoSphere Information Server"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-58754",
"product_status": {
"known_affected": [
"T048263",
"T019704",
"T048264"
]
},
"release_date": "2025-11-02T23:00:00.000+00:00",
"title": "CVE-2025-58754"
}
]
}
WID-SEC-W-2026-0559
Vulnerability from csaf_certbund - Published: 2026-03-01 23:00 - Updated: 2026-03-01 23:00Summary
IBM Rational Build Forge: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: IBM Rational Build Forge ist ein Framework zur Automatisierung und Standardisierung des Softwareerstellungsprozesses
Angriff: Ein Angreifer kann mehrere Schwachstellen in IBM Rational Build Forge ausnutzen, um Sicherheitsvorkehrungen zu umgehen, um beliebigen Programmcode auszuführen, um einen Denial of Service Angriff durchzuführen, um Informationen offenzulegen, und um Dateien zu manipulieren.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Build Forge <8.0.0.29
IBM / Rational Build Forge
|
<8.0.0.29 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Build Forge <8.0.0.29
IBM / Rational Build Forge
|
<8.0.0.29 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Build Forge <8.0.0.29
IBM / Rational Build Forge
|
<8.0.0.29 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Build Forge <8.0.0.29
IBM / Rational Build Forge
|
<8.0.0.29 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Build Forge <8.0.0.29
IBM / Rational Build Forge
|
<8.0.0.29 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Build Forge <8.0.0.29
IBM / Rational Build Forge
|
<8.0.0.29 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Build Forge <8.0.0.29
IBM / Rational Build Forge
|
<8.0.0.29 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Build Forge <8.0.0.29
IBM / Rational Build Forge
|
<8.0.0.29 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Build Forge <8.0.0.29
IBM / Rational Build Forge
|
<8.0.0.29 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Build Forge <8.0.0.29
IBM / Rational Build Forge
|
<8.0.0.29 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Build Forge <8.0.0.29
IBM / Rational Build Forge
|
<8.0.0.29 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Build Forge <8.0.0.29
IBM / Rational Build Forge
|
<8.0.0.29 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Build Forge <8.0.0.29
IBM / Rational Build Forge
|
<8.0.0.29 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Build Forge <8.0.0.29
IBM / Rational Build Forge
|
<8.0.0.29 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Rational Build Forge <8.0.0.29
IBM / Rational Build Forge
|
<8.0.0.29 |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM Rational Build Forge ist ein Framework zur Automatisierung und Standardisierung des Softwareerstellungsprozesses",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in IBM Rational Build Forge ausnutzen, um Sicherheitsvorkehrungen zu umgehen, um beliebigen Programmcode auszuf\u00fchren, um einen Denial of Service Angriff durchzuf\u00fchren, um Informationen offenzulegen, und um Dateien zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0559 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0559.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0559 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0559"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7262249 vom 2026-03-01",
"url": "https://www.ibm.com/support/pages/node/7262249"
}
],
"source_lang": "en-US",
"title": "IBM Rational Build Forge: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-03-01T23:00:00.000+00:00",
"generator": {
"date": "2026-03-02T11:27:19.791+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0559",
"initial_release_date": "2026-03-01T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-03-01T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c8.0.0.29",
"product": {
"name": "IBM Rational Build Forge \u003c8.0.0.29",
"product_id": "T051329"
}
},
{
"category": "product_version",
"name": "8.0.0.29",
"product": {
"name": "IBM Rational Build Forge 8.0.0.29",
"product_id": "T051329-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:rational_build_forge:8.0.0.29"
}
}
}
],
"category": "product_name",
"name": "Rational Build Forge"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-25031",
"product_status": {
"known_affected": [
"T051329"
]
},
"release_date": "2026-03-01T23:00:00.000+00:00",
"title": "CVE-2018-25031"
},
{
"cve": "CVE-2019-17495",
"product_status": {
"known_affected": [
"T051329"
]
},
"release_date": "2026-03-01T23:00:00.000+00:00",
"title": "CVE-2019-17495"
},
{
"cve": "CVE-2021-22060",
"product_status": {
"known_affected": [
"T051329"
]
},
"release_date": "2026-03-01T23:00:00.000+00:00",
"title": "CVE-2021-22060"
},
{
"cve": "CVE-2021-22096",
"product_status": {
"known_affected": [
"T051329"
]
},
"release_date": "2026-03-01T23:00:00.000+00:00",
"title": "CVE-2021-22096"
},
{
"cve": "CVE-2022-22968",
"product_status": {
"known_affected": [
"T051329"
]
},
"release_date": "2026-03-01T23:00:00.000+00:00",
"title": "CVE-2022-22968"
},
{
"cve": "CVE-2022-22970",
"product_status": {
"known_affected": [
"T051329"
]
},
"release_date": "2026-03-01T23:00:00.000+00:00",
"title": "CVE-2022-22970"
},
{
"cve": "CVE-2024-38820",
"product_status": {
"known_affected": [
"T051329"
]
},
"release_date": "2026-03-01T23:00:00.000+00:00",
"title": "CVE-2024-38820"
},
{
"cve": "CVE-2024-38828",
"product_status": {
"known_affected": [
"T051329"
]
},
"release_date": "2026-03-01T23:00:00.000+00:00",
"title": "CVE-2024-38828"
},
{
"cve": "CVE-2025-41248",
"product_status": {
"known_affected": [
"T051329"
]
},
"release_date": "2026-03-01T23:00:00.000+00:00",
"title": "CVE-2025-41248"
},
{
"cve": "CVE-2025-41249",
"product_status": {
"known_affected": [
"T051329"
]
},
"release_date": "2026-03-01T23:00:00.000+00:00",
"title": "CVE-2025-41249"
},
{
"cve": "CVE-2025-48734",
"product_status": {
"known_affected": [
"T051329"
]
},
"release_date": "2026-03-01T23:00:00.000+00:00",
"title": "CVE-2025-48734"
},
{
"cve": "CVE-2025-53057",
"product_status": {
"known_affected": [
"T051329"
]
},
"release_date": "2026-03-01T23:00:00.000+00:00",
"title": "CVE-2025-53057"
},
{
"cve": "CVE-2025-53066",
"product_status": {
"known_affected": [
"T051329"
]
},
"release_date": "2026-03-01T23:00:00.000+00:00",
"title": "CVE-2025-53066"
},
{
"cve": "CVE-2025-58754",
"product_status": {
"known_affected": [
"T051329"
]
},
"release_date": "2026-03-01T23:00:00.000+00:00",
"title": "CVE-2025-58754"
},
{
"cve": "CVE-2025-7783",
"product_status": {
"known_affected": [
"T051329"
]
},
"release_date": "2026-03-01T23:00:00.000+00:00",
"title": "CVE-2025-7783"
}
]
}
WID-SEC-W-2026-1207
Vulnerability from csaf_certbund - Published: 2026-04-21 22:00 - Updated: 2026-04-21 22:00Summary
Oracle PeopleSoft: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Oracle PeopleSoft ist eine ERP Anwendung.
Angriff: Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle PeopleSoft ausnutzen, um die Vertraulichkeit, Integrität und Verfügbarkeit zu gefährden.
Betroffene Betriebssysteme: - Linux
- UNIX
- Windows
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft 9.2
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:9.2
|
9.2 |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft <=8.62
Oracle / PeopleSoft
|
<=8.62 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft 9.2
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:9.2
|
9.2 |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft <=8.62
Oracle / PeopleSoft
|
<=8.62 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft 9.2
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:9.2
|
9.2 |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft <=8.62
Oracle / PeopleSoft
|
<=8.62 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft 9.2
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:9.2
|
9.2 |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft <=8.62
Oracle / PeopleSoft
|
<=8.62 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft 9.2
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:9.2
|
9.2 |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft <=8.62
Oracle / PeopleSoft
|
<=8.62 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft 9.2
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:9.2
|
9.2 |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft <=8.62
Oracle / PeopleSoft
|
<=8.62 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft 9.2
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:9.2
|
9.2 |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft <=8.62
Oracle / PeopleSoft
|
<=8.62 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft 9.2
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:9.2
|
9.2 |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft <=8.62
Oracle / PeopleSoft
|
<=8.62 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft 9.2
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:9.2
|
9.2 |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft <=8.62
Oracle / PeopleSoft
|
<=8.62 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft 9.2
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:9.2
|
9.2 |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft <=8.62
Oracle / PeopleSoft
|
<=8.62 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft 9.2
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:9.2
|
9.2 |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft <=8.62
Oracle / PeopleSoft
|
<=8.62 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft 9.2
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:9.2
|
9.2 |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft <=8.62
Oracle / PeopleSoft
|
<=8.62 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft 9.2
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:9.2
|
9.2 |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft <=8.62
Oracle / PeopleSoft
|
<=8.62 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft 9.2
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:9.2
|
9.2 |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft <=8.62
Oracle / PeopleSoft
|
<=8.62 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft 9.2
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:9.2
|
9.2 |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft <=8.62
Oracle / PeopleSoft
|
<=8.62 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft 9.2
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:9.2
|
9.2 |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft <=8.62
Oracle / PeopleSoft
|
<=8.62 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft 9.2
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:9.2
|
9.2 |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft <=8.62
Oracle / PeopleSoft
|
<=8.62 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft 9.2
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:9.2
|
9.2 |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft <=8.62
Oracle / PeopleSoft
|
<=8.62 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft 9.2
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:9.2
|
9.2 |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft <=8.62
Oracle / PeopleSoft
|
<=8.62 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft 9.2
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:9.2
|
9.2 |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft <=8.62
Oracle / PeopleSoft
|
<=8.62 |
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft 9.2
Oracle / PeopleSoft
|
cpe:/a:oracle:peoplesoft:9.2
|
9.2 |
Last affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle PeopleSoft <=8.62
Oracle / PeopleSoft
|
<=8.62 |
References
3 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Oracle PeopleSoft ist eine ERP Anwendung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder authentisierter Angreifer kann mehrere Schwachstellen in Oracle PeopleSoft ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1207 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1207.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1207 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1207"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - April 2026 - Appendix Oracle PeopleSoft vom 2026-04-21",
"url": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixPS"
}
],
"source_lang": "en-US",
"title": "Oracle PeopleSoft: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-04-21T22:00:00.000+00:00",
"generator": {
"date": "2026-04-22T08:59:00.456+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-1207",
"initial_release_date": "2026-04-21T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-04-21T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "9.2",
"product": {
"name": "Oracle PeopleSoft 9.2",
"product_id": "T019030",
"product_identification_helper": {
"cpe": "cpe:/a:oracle:peoplesoft:9.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c=8.62",
"product": {
"name": "Oracle PeopleSoft \u003c=8.62",
"product_id": "T042827"
}
},
{
"category": "product_version_range",
"name": "\u003c=8.62",
"product": {
"name": "Oracle PeopleSoft \u003c=8.62",
"product_id": "T042827-fixed"
}
}
],
"category": "product_name",
"name": "PeopleSoft"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-14017",
"product_status": {
"known_affected": [
"T019030"
],
"last_affected": [
"T042827"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2025-14017"
},
{
"cve": "CVE-2025-15467",
"product_status": {
"known_affected": [
"T019030"
],
"last_affected": [
"T042827"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2025-15467"
},
{
"cve": "CVE-2025-43967",
"product_status": {
"known_affected": [
"T019030"
],
"last_affected": [
"T042827"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2025-43967"
},
{
"cve": "CVE-2025-58754",
"product_status": {
"known_affected": [
"T019030"
],
"last_affected": [
"T042827"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2025-58754"
},
{
"cve": "CVE-2025-66418",
"product_status": {
"known_affected": [
"T019030"
],
"last_affected": [
"T042827"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2025-66418"
},
{
"cve": "CVE-2025-68161",
"product_status": {
"known_affected": [
"T019030"
],
"last_affected": [
"T042827"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2025-68161"
},
{
"cve": "CVE-2025-8194",
"product_status": {
"known_affected": [
"T019030"
],
"last_affected": [
"T042827"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2025-8194"
},
{
"cve": "CVE-2026-22006",
"product_status": {
"known_affected": [
"T019030"
],
"last_affected": [
"T042827"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-22006"
},
{
"cve": "CVE-2026-22019",
"product_status": {
"known_affected": [
"T019030"
],
"last_affected": [
"T042827"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-22019"
},
{
"cve": "CVE-2026-34266",
"product_status": {
"known_affected": [
"T019030"
],
"last_affected": [
"T042827"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-34266"
},
{
"cve": "CVE-2026-34269",
"product_status": {
"known_affected": [
"T019030"
],
"last_affected": [
"T042827"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-34269"
},
{
"cve": "CVE-2026-34277",
"product_status": {
"known_affected": [
"T019030"
],
"last_affected": [
"T042827"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-34277"
},
{
"cve": "CVE-2026-34280",
"product_status": {
"known_affected": [
"T019030"
],
"last_affected": [
"T042827"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-34280"
},
{
"cve": "CVE-2026-34295",
"product_status": {
"known_affected": [
"T019030"
],
"last_affected": [
"T042827"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-34295"
},
{
"cve": "CVE-2026-34299",
"product_status": {
"known_affected": [
"T019030"
],
"last_affected": [
"T042827"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-34299"
},
{
"cve": "CVE-2026-34300",
"product_status": {
"known_affected": [
"T019030"
],
"last_affected": [
"T042827"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-34300"
},
{
"cve": "CVE-2026-34301",
"product_status": {
"known_affected": [
"T019030"
],
"last_affected": [
"T042827"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-34301"
},
{
"cve": "CVE-2026-34306",
"product_status": {
"known_affected": [
"T019030"
],
"last_affected": [
"T042827"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-34306"
},
{
"cve": "CVE-2026-34307",
"product_status": {
"known_affected": [
"T019030"
],
"last_affected": [
"T042827"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-34307"
},
{
"cve": "CVE-2026-34309",
"product_status": {
"known_affected": [
"T019030"
],
"last_affected": [
"T042827"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-34309"
},
{
"cve": "CVE-2026-35241",
"product_status": {
"known_affected": [
"T019030"
],
"last_affected": [
"T042827"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-35241"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…