CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/06/11 5:16 p.m.•9 views

CVE-2026-44486

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’ Node.js HTTP adapter can leak proxy credentials to a redirect target in affected versions. When a request is sent through an authenticated proxy, Axios may add a Proxy-Authorization header. If Axi...

7.5CVSS0.00322EPSS

NVD•added 2026/06/11 5:16 p.m.•11 views

CVE-2026-44488

Axios is a promise based HTTP client for the browser and Node.js. Axios versions 1.7.0 through 1.15.x did not enforce configured request and response size limits when requests were sent with the fetch adapter. Applications that selected adapter: 'fetch', or ran in environments where axios resolve...

7.5CVSS0.00344EPSS

7.5CVSS5.3AI score0.00322EPSS

DEBIAN-CVE-2026-44486

OSV•added 2026/06/11 5:16 p.m.•3 views

DEBIAN-CVE-2026-44488

7.5CVSS5.4AI score0.00344EPSS

OSV•added 2026/06/11 5:16 p.m.•3 views

UBUNTU-CVE-2026-44488

7.5CVSS5.4AI score0.00344EPSS

7.5CVSS5.3AI score0.00322EPSS

UBUNTU-CVE-2026-44486

OSV•added 2026/06/11 5:16 p.m.•3 views

UBUNTU-CVE-2026-44494

Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into a full Man-in-the-Middle MIT...

8.7CVSS5.2AI score0.0049EPSS

8.2CVSS5.3AI score0.00287EPSS

UBUNTU-CVE-2026-44490

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, axios exposes two read-side prototype-pollution gadgets. When Object.prototype is polluted by an upstream dependency in the same process e.g. lodash .merge / CVE-2018-16487, axios silently picks up the...

OSV•added 2026/06/11 5:16 p.m.•5 views

UBUNTU-CVE-2026-44492

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios does not normalise IPv4-mapped IPv6 addresses. When NOPROXY lists an IPv4 address such as 127.0.0.1 or 169.254.169.254, a request URL using the IPv4-mapped IPv6 form ::ffff:7f00:1, ::ffff:a9fe:a9fe...

8.6CVSS5.4AI score0.00535EPSS

5.3CVSS5.3AI score0.00228EPSS

UBUNTU-CVE-2026-44489

OSV•added 2026/06/11 5:16 p.m.•5 views

UBUNTU-CVE-2026-44495

Axios is a promise based HTTP client for the browser and Node.js. From 0.19.0 to before 0.31.1 and 1.15.2, Axios contains prototype-pollution gadgets in request config processing. If another vulnerability in the same JavaScript process has already polluted Object.prototype.transformResponse,...

7CVSS5.3AI score0.00227EPSS

Exploits0References3

8.2CVSS5.3AI score0.00385EPSS

UBUNTU-CVE-2026-44487

Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’s Node.js HTTP adapter may forward a Proxy-Authorization header to a redirected origin during specific proxy-to-direct redirect flows. This affects Node.js usage, where an initial HTTP request is...

IBM Security Bulletins•added 2026/06/11 3:44 p.m.•4 views

Security Bulletin: IBM Maximo Scheduler Optimizer uses axios-1.15.0.tgz which is vulnerable to CVE-2026-42033

Summary IBM Maximo Scheduler Optimizer uses axios-1.15.0.tgz which is vulnerable to CVE-2026-42033. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-42033 DESCRIPTION: Axios is a promise based HTTP client for the browser and...

7.5CVSS7.7AI score0.00421EPSS

Exploits8Affected Software1

Cvelist•added 2026/06/11 3:39 p.m.•55 views

CVE-2026-44486 Axios: Proxy-Authorization header leaks to redirect target when proxy is re-evaluated to direct connection

7.5CVSS0.00322EPSS