Find notable cyber news and cases, enriched with sources, timelines, and signals.

Node-forge developers security patch release for CVE-2025-12816

Security Patch Release
First reported
Last updated
Happening score
H score 31
1 unique sources, 1 articles

Summary

Hide ▲

The node-forge maintainers released version 1.3.2 to close CVE-2025-12816, reducing the risk of signature-verification bypass in applications that rely on the library's ASN.1 checks. The fix matters because versions 1.3.1 and earlier can accept malformed data that appears valid, undermining authentication and signed-data trust decisions. Developers are being told to upgrade immediately to the patched release.

Related Happenings

GitHub npm version 12 hardens installs and token management

Security Tool/Service
H score11 First: 09.07.2026 19:49 Last: 09.07.2026 19:49 Sources 1

About this happening: **GitHub** released **npm version 12**, making install-time scripts opt-in by default and tightening **package publishing** controls to reduce **supply-chain risk**. The update al...

Gitea Docker images security update (CVE-2026-20896)

Security Patch Release
H score51 First: 06.07.2026 19:28 Last: 06.07.2026 19:28 Sources 1

About this happening: Gitea released **version 1.26.3** to fix **CVE-2026-20896**, closing a critical authentication-bypass risk in **Gitea Docker images**. The update removed the default **"*"** wildc...

Squid web proxy patch for CVE-2026-47729

Security Patch Release
H score20 First: 22.06.2026 17:29 Last: 22.06.2026 17:29 Sources 1

About this happening: **Squid maintainers** merged a **null-terminator check** for **CVE-2026-47729** into the **development branch** and **v7**, closing the FTP-parser over-read that could expose shar...

Google Vertex AI SDK for Python security patch release (1.144.0–1.148.0)

Security Patch Release
H score15 First: 16.06.2026 22:05 Last: 16.06.2026 22:05 Sources 1

About this happening: Google released staged fixes for **Google Cloud Vertex AI SDK for Python**, closing a **bucket-squatting** path that could hijack model uploads and enable code execution in Google...

Ivanti security patch release for CVE-2026-8043

Security Patch Release
H score25 First: 18.05.2026 13:54 Last: 18.05.2026 13:54 Sources 1

About this happening: **Ivanti, Fortinet, SAP, Broadcom, and n8n** released **security fixes** on **2026-05-18** for flaws that could enable **authentication bypass**, **remote code execution**, **SQL...

Timeline

  1. 26.11.2025 21:32 2 articles · 7mo ago

    node-forge 1.3.2 patch release for CVE-2025-12816

    Mitigation Patch Update

    node-forge maintainers released version 1.3.2 to fix CVE-2025-12816, an ASN.1 interpretation-conflict flaw in versions 1.3.1 and earlier that could let unauthenticated attackers craft malformed data to bypass cryptographic verification. Developers using node-forge were advised to upgrade to the patched release as soon as possible.

    Show sources