Lucene search
K

322 matches found

RedHat Linux
RedHat Linux
added 5 days ago8 views

Important: Red Hat Security Advisory: Kiali 2.22.7 for Red Hat OpenShift Service Mesh 3.3

Kiali 2.22.7 for Red Hat OpenShift Service Mesh 3.3 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

9.1CVSS7AI score0.00715EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.6 views

axios: Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget

A flaw was found in Axios, a widely used HTTP client. This vulnerability, known as a Prototype Pollution "Gadget" attack, allows a remote attacker to subtly alter JSON API responses. By manipulating a specific function, an attacker can selectively modify data within these responses. This could le...

9.1CVSS6AI score0.00586EPSS
Exploits1References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/01 5:53 p.m.5 views

Security Bulletin: IBM DataPower Gateway affected by prototype pollution due to Axios (CVE-2026-42264)

Summary Axios is used by the UI and Gateway Director components of IBM DataPower Gateway Vulnerability Details CVEID:CVE-2026-42264 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. From version 1.0.0 to before version 1.15.2, fFive config properties auth, baseURL,...

9.1CVSS7AI score0.00715EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2026/07/01 11:9 a.m.5 views

axios: Axios: Denial of Service due to unenforced request and response size limits

A flaw was found in Axios, a promise-based HTTP client. When using the fetch adapter, Axios did not properly enforce configured request and response size limits. This vulnerability allows a remote attacker, through a malicious or compromised server, or by supplying a large data URL, to send or...

7.5CVSS5.8AI score0.0063EPSS
Exploits1References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/27 3:52 p.m.12 views

Security Bulletin: Vulnerabilities in axios, follow-redirects, fast-uri and babel might affect IBM Storage Defender Sentinel Anomaly Scan Engine.

Summary IBM Storage Defender Sentinel Anomaly Scan Engine can be affected by axios, follow-redirects, fast-uri and babel. Vulnerabilities include allowing an attacker to create Prototype Pollution in any third-party dependency to be escalated into Remote Code Execution, inject vulnerable code,...

9CVSS5.8AI score0.01815EPSS
Exploits5Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/24 6:15 a.m.3 views

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and ifix. Vulnerability Details CVEID:CVE-2026-8149 DESCRIPTION: A vulnerability in Legion of the Bouncy Castle Inc. BC-LTS on Linux, X8664, AVX, AVX-512f. This vulnerability is associated wi...

9CVSS7.5AI score0.01815EPSS
Exploits10Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 1:42 p.m.3 views

Security Bulletin: Vulnerability in Axios affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in Axios has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerability...

9.9CVSS6.6AI score0.01161EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/12 10:57 a.m.10 views

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate Developer Edition

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate Developer Edition version 2.11.0 Vulnerability Details CVEID:CVE-2026-42577 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. From 4.2.0.Final to 4.2.13.Final , Netty's epoll transport fail...

9.8CVSS7AI score0.00745EPSS
Exploits5Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/12 1:13 a.m.13 views

CVE-2026-44492

A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not properly normalize IPv4-mapped IPv6 addresses. When a NOPROXY setting is configured to block direct access to specific IPv4 addresses, an attacker can bypass this restriction by using the...

8.6CVSS5AI score0.00889EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/06/12 1:9 a.m.15 views

CVE-2026-44487

A flaw was found in Axios. During specific proxy-to-direct redirect flows in the Node.js HTTP adapter, a remote attacker could exploit this vulnerability. The Proxy-Authorization header, which contains proxy credentials and is intended only for the outbound proxy, may be forwarded to the final...

8.2CVSS5.1AI score0.00664EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.23 views

Linux Distros Unpatched Vulnerability : CVE-2026-44487

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios's Node.js HTTP adapter may forward a Proxy-Authorization...

8.2CVSS5.9AI score0.00664EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/06/11 11:14 p.m.13 views

CVE-2026-44489

A flaw was found in Axios, a promise-based HTTP client. A remote attacker could exploit a prototype pollution vulnerability, which occurs when nested objects are created without proper checks, allowing an attacker to inject malicious properties into Object.prototype. This vulnerability specifical...

5.3CVSS5.1AI score0.00228EPSS
Exploits1References4
Atlassian
Atlassian
added 2026/06/11 5:30 p.m.10 views

DoS (Denial of Service) axios Dependency in Bamboo Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 10.0.0, 10.1.0, 10.2.0, 11.0.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows a...

7.5CVSS5.2AI score0.00622EPSS
Exploits1
Atlassian
Atlassian
added 2026/06/11 5:30 p.m.10 views

Information Disclosure axios Dependency in Bamboo Data Center

This High severity Information Disclosure vulnerability was introduced in versions 10.0.0, 10.1.0, 10.2.0, 11.0.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This Information Disclosure vulnerability, with a CVSS Score of 8.2 and a CVSS Vector of...

8.2CVSS5.3AI score0.00664EPSS
Exploits1
NVD
NVD
added 2026/06/11 5:16 p.m.14 views

CVE-2026-44490

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, axios exposes two read-side prototype-pollution gadgets. When Object.prototype is polluted by an upstream dependency in the same process e.g. lodash .merge / CVE-2018-16487, axios silently picks up the...

8.2CVSS0.00287EPSS
Exploits1References1
OSV
OSV
added 2026/06/11 5:16 p.m.5 views

DEBIAN-CVE-2026-44494

Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into a full Man-in-the-Middle MIT...

8.7CVSS5.2AI score0.01041EPSS
Exploits1References1
NVD
NVD
added 2026/06/11 5:16 p.m.18 views

CVE-2026-44494

Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into a full Man-in-the-Middle MIT...

8.7CVSS0.01041EPSS
Exploits1References31
NVD
NVD
added 2026/06/11 5:16 p.m.19 views

CVE-2026-44492

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios does not normalise IPv4-mapped IPv6 addresses. When NOPROXY lists an IPv4 address such as 127.0.0.1 or 169.254.169.254, a request URL using the IPv4-mapped IPv6 form ::ffff:7f00:1, ::ffff:a9fe:a9fe...

8.6CVSS0.00889EPSS
Exploits1References27
OSV
OSV
added 2026/06/11 5:16 p.m.7 views

UBUNTU-CVE-2026-44486

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’ Node.js HTTP adapter can leak proxy credentials to a redirect target in affected versions. When a request is sent through an authenticated proxy, Axios may add a Proxy-Authorization header. If Axi...

7.5CVSS5.3AI score0.00532EPSS
Exploits1References3
CVE
CVE
added 2026/06/11 3:39 p.m.35 views

CVE-2026-44486

Axios (Node.js) prior to 0.32.0 and 1.16.0 is vulnerable to leaking Proxy-Authorization credentials to a redirect target when using an authenticated proxy and automatic redirects. If a request uses a proxy and follows a redirect that switches to a direct connection, a stale Proxy-Authorization he...

7.5CVSS5.5AI score0.00532EPSS
Exploits1References25Affected Software1
Rows per page
Query Builder