Lucene search
K

4644 matches found

Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.7 views

PT-2026-35053

Name of the Vulnerable Software and Affected Versions Axios versions 1.0.0 through 1.15.1 Description Axios is a promise based HTTP client for the browser and Node.js. The library is susceptible to a Prototype Pollution Gadget attack. This occurs because the default transformResponse function cal...

9.1CVSS5.8AI score0.00586EPSS
Exploits1References213
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.7 views

Axios 安全漏洞

Axios is an open-source HTTP client developed by Axios. Versions of Axios from 1.0.0 to 1.15.2 had security vulnerabilities. These vulnerabilities stemmed from the use of the transformResponse function during JSON parsing, where the parseReviver function from the merge configuration object was...

9.1CVSS5.8AI score0.00586EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.3 views

PT-2026-35043

Name of the Vulnerable Software and Affected Versions Axios versions prior to 1.15.1 Axios versions prior to 0.31.1 Description A prototype pollution gadget exists in the HTTP adapter located in 'lib/adapters/http.js'. This issue occurs due to duck-type checking of the data payload. If...

7.4CVSS5.9AI score0.00394EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.5 views

PT-2026-35052

Name of the Vulnerable Software and Affected Versions Axios versions prior to 1.15.1 Axios versions prior to 0.31.1 Description An attacker capable of influencing the target URL of a request can bypass the NO PROXY protection by using any address in the 127.0.0.0/8 range, excluding 127.0.0.1...

10CVSS5.2AI score0.00661EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.9 views

Axios 安全漏洞

Axios is an open-source HTTP client developed by Axios. Versions prior to Axios 1.15.1 and 0.31.1 contain security vulnerabilities. These vulnerabilities allow attackers to influence the target URL of Axios requests, enabling them to bypass the NOPROXY protection by using any address within the...

10CVSS5.8AI score0.00661EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.8 views

Axios 注入漏洞

Axios is an open-source HTTP client developed by Axios, based on Promise a solution for asynchronous programming. Versions of Axios prior to 1.15.1 and 0.31.1 have a injection vulnerability. This vulnerability stems from a prototype pollution tool present in the Axios HTTP adapter, which allows...

7.4CVSS6AI score0.00394EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.9 views

Axios 安全漏洞

Axios is an open-source HTTP client developed by Axios. Versions prior to Axios 1.15.1 and 0.31.1 contain security vulnerabilities. These vulnerabilities arise when Object.prototype is compromised, allowing attackers to silently intercept and modify each JSON response, or completely hijack the...

7.4CVSS5.8AI score0.00838EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.7 views

PT-2026-35042

Name of the Vulnerable Software and Affected Versions Axios versions prior to 0.31.1 Axios versions prior to 1.15.1 Description An issue exists where the software reads keys from Object.prototype without a hasOwnProperty guard. If a co-dependency pollutes the Object.prototype, an attacker can...

7.4CVSS5.8AI score0.00838EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.4 views

Fedora 42 : pgadmin4 (2026-b4633cbe23)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-b4633cbe23 advisory. Update axios to 1.15.0, fixes CVE-2026-40175 and CVE-2025-62718. ---- Update to pgadmin4-9.14. Tenable has extracted the preceding description block...

9.9CVSS5.8AI score0.01815EPSS
Exploits7References5
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.4 views

Fedora 43 : pgadmin4 (2026-e9ecdd44c4)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-e9ecdd44c4 advisory. Update axios to 1.15.0, fixes CVE-2026-40175 and CVE-2025-62718. ---- Update to pgadmin4-9.14. Tenable has extracted the preceding description block...

9.9CVSS5.8AI score0.01815EPSS
Exploits7References5
F5 Networks
F5 Networks
added 2026/04/22 11:18 a.m.11 views

K000160944: Axios NPM supply chain attack MAL-2026-2306 GHSA-fw8c-xr5c-95f9

Security Advisory Description Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be rotated immediately from a different computer. The package should be removed, but as full control of the computer ma...

5.7AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/21 12:36 p.m.12 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to a specific "Gadget" attack chain and proxy bypass and SSRF vulnerabilities due to Node js module axios (CVE-2025-62718 & CVE-2026-40175)

Summary IBM App Connect Enterprise runtime and IBM App Connect Enterprise Connector Discovery and OpenAPI Editor are vulnerable to a specific "Gadget" attack chain and proxy bypass and SSRF vulnerabilities due to Node js module axios. Vulnerability Details CVEID:CVE-2025-62718 DESCRIPTION: Axios ...

9.9CVSS6AI score0.01815EPSS
Exploits6Affected Software1
CISA
CISA
added 2026/04/20 12:0 p.m.15 views

​​Supply Chain Compromise Impacts Axios Node Package Manager​

The Cybersecurity and Infrastructure Security Agency CISA is releasing this alert to provide guidance in response to the software supply chain compromise of the Axios node package manager npm.1 Axios is an HTTP client for JavaScript that developers commonly use in Node.js and browser environments...

6AI score
Exploits0References9
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/17 9:54 a.m.5 views

Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to vulnerability in axios

Summary Automation Assets in IBM Cloud Pak for Integration is vulnerable to vulnerability in axios. CVE-2026-25639 The vulnerability have been addressed. Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to versions...

7.5CVSS5.8AI score0.02591EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/17 5:13 a.m.10 views

Security Bulletin: SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in axios (CVE-2026-39865, CVE-2025-62718, CVE-2026-25639, CVE-2026-40175)

Summary SPSS Collaboration and Deployment Services is affected by multiple vulnerabilities in axios CVE-2026-39865, CVE-2025-62718, CVE-2026-25639, CVE-2026-40175. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2026-39865 DESCRIPTION: Axios is a promise based...

9.9CVSS5.7AI score0.02591EPSS
Exploits8Affected Software1
GithubExploit
GithubExploit
added 2026/04/17 2:46 a.m.105 views

Exploit for CVE-2026-40175

CVE-2026-40175 — Axios CRLF Injection / HTTP Request Smuggling...

10CVSS5.8AI score0.01815EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-62718

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checki...

9.9CVSS6.5AI score0.01186EPSS
Exploits1References3
Vaadin
Vaadin
added 2026/04/17 12:0 a.m.14 views

Vaadin Flow and the axios npm supply-chain compromise

On March 31, 2026, compromised versions of the popular axios HTTP client library 1.14.1 and 0.30.4 were published to NPM via a hijacked maintainer account. The malicious versions injected [email protected], a cross-platform RAT dropper that connected to a command-and-control server. The...

5.8AI score
Exploits0References1
Snyk
Snyk
added 2026/04/16 9:51 p.m.5 views

Server-side Request Forgery (SSRF)

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the secureAxiosRequest and secureFetch functions. An attacker can gain unauthorized access to internal services and potentially exfiltrate sensitive data ...

7.6CVSS5.8AI score0.00232EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/16 9:50 p.m.6 views

Flowise: SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function Sandbox

Summary A Server-Side Request Forgery SSRF protection bypass vulnerability exists in the Custom Function feature. While the application implements SSRF protection via HTTPDENYLIST for axios and node-fetch libraries, the built-in Node.js http, https, and net modules are allowed in the NodeVM sandb...

8.3CVSS6AI score0.00234EPSS
Exploits1References3Affected Software2
Rows per page
Query Builder