Lucene search
K

4641 matches found

vulnersOsv
vulnersOsv
added 2026/04/10 8:8 p.m.5 views

0xpay-cc-sdk (>=0.0.8 <=0.1.0), 1inch-agent-kit (=1.0.53) +6204 more potentially affected by CVE-2026-40175 via axios (>=1.0.0 <=1.14.0)

axios NPM version =1.0.0, =0.0.8, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.2-beta.0, =8.0.5, =6.1.0, =0.0.1-alpha.3, =0.1.6-alpha.11, =1.0.3-rc.0, =2.1.0 - @1tokenfe/hd-ble-sdk =1.1.15 - @1tokenfe/hd-common-connect-sdk =1.1.15 and more Source cves: CVE-2026-40175 Source advisory: SNYK:JS-AXIOS-159692...

4.8CVSS6.9AI score0.01815EPSS
Exploits5
Snyk
Snyk
added 2026/04/10 8:8 p.m.4 views

HTTP Response Splitting

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to HTTP Response Splitting via the parseTokens header processing path in lib/core/AxiosHeaders.js. An attacker can smuggle HTTP requests or inject arbitrary...

9CVSS6.1AI score0.01815EPSS
Exploits5References2
EUVD
EUVD
added 2026/04/10 7:47 p.m.9 views

EUVD-2026-21573

Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain...

10CVSS5.8AI score0.01815EPSS
Exploits5References4
vulnersOsv
vulnersOsv
added 2026/04/10 7:47 p.m.8 views

0xpay-cc-sdk (>=0.0.8 <=0.1.0), 1inch-agent-kit (=1.0.53) +6204 more potentially affected by CVE-2026-40175 via axios (>=1.0.0 <=1.14.0)

axios NPM version =1.0.0, =0.0.8, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.2-beta.0, =8.0.5, =6.1.0, =0.0.1-alpha.3, =0.1.6-alpha.11, =1.0.3-rc.0, =2.1.0 - @1tokenfe/hd-ble-sdk =1.1.15 - @1tokenfe/hd-common-connect-sdk =1.1.15 and more Source cves: CVE-2026-40175 Source advisory: OSV:GHSA-FVCV-3M26-P...

4.8CVSS6.9AI score0.01815EPSS
Exploits5
OSV
OSV
added 2026/04/10 7:47 p.m.14 views

GHSA-FVCV-3M26-PCQX Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain

Vulnerability Disclosure: Unrestricted Cloud Metadata Exfiltration via Header Injection Chain Summary The Axios library is vulnerable to a specific gadget-style attack chain in which prototype pollution in a third-party dependency may be leveraged to inject unsanitized header values into outbound...

4.8CVSS6.7AI score0.01815EPSS
Exploits5References11
Github Security Blog
Github Security Blog
added 2026/04/10 7:47 p.m.30 views

Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain

Vulnerability Disclosure: Unrestricted Cloud Metadata Exfiltration via Header Injection Chain Summary The Axios library is vulnerable to a specific gadget-style attack chain in which prototype pollution in a third-party dependency may be leveraged to inject unsanitized header values into outbound...

9CVSS6.7AI score0.01815EPSS
Exploits5References11Affected Software1
Cvelist
Cvelist
added 2026/04/10 7:23 p.m.51 views

CVE-2026-40175 Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain

Axios is a promise based HTTP client for the browser and Node.js. Versions prior to 1.15.0 and 0.3.1 are vulnerable to a specific gadget-style attack chain in which prototype pollution in a third-party dependency may be leveraged to inject unsanitized header values into outbound requests. This...

4.8CVSS0.01815EPSS
Exploits5References7
Vulnrichment
Vulnrichment
added 2026/04/10 7:23 p.m.6 views

CVE-2026-40175 Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain

Axios is a promise based HTTP client for the browser and Node.js. Versions prior to 1.15.0 and 0.3.1 are vulnerable to a specific gadget-style attack chain in which prototype pollution in a third-party dependency may be leveraged to inject unsanitized header values into outbound requests. This...

4.8CVSS6.8AI score0.01815EPSS
Exploits5References7
Debian CVE
Debian CVE
added 2026/04/10 7:23 p.m.7 views

CVE-2026-40175

Axios is a promise based HTTP client for the browser and Node.js. Versions prior to 1.15.0 and 0.3.1 are vulnerable to a specific gadget-style attack chain in which prototype pollution in a third-party dependency may be leveraged to inject unsanitized header values into outbound requests. This...

9CVSS6.8AI score0.01815EPSS
Exploits5
CVE
CVE
added 2026/04/10 7:23 p.m.817 views

CVE-2026-40175

CVE-2026-40175 affects the Axios HTTP client (browser/Node.js). The root cause is prototype pollution in a third‑party dependency, which could allow injection of unsanitized header values into outbound requests. This is fixed in Axios releases 1.15.0 and 0.3.1. If you use Axios prior to those ver...

9CVSS6.8AI score0.01815EPSS
Exploits5References43Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 2:21 p.m.3 views

Security Bulletin: Vulnerabilities in urllib3, router, qs, cryptography, axios might affect IBM Storage Defender Sentinel Anomaly Scan Engine.

Summary IBM Storage Defender Sentinel Anomaly Scan Engine can be affected by vulnerabilities in urllib3, router, qs, cryptography, and axios. Vulnerabilities include allowing an attacker to cause cross-site scripting, input improper data, provide a public key point from a small order subgroup, an...

8.9CVSS7.2AI score0.02667EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/10 1:32 p.m.8 views

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the Axios HTTP client library

Summary Due to use of the Axios HTTP client library, DevOps Test Performance and Rational Performance Tester contain a potentil denial of service DoS vulnerability. CVE-2026-25639 Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is a promise based HTTP client for the browser and...

7.5CVSS6.9AI score0.01564EPSS
Exploits1Affected Software1
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.4 views

Axios 代码问题漏洞

Axios is an open-source HTTP client developed by Axios. Versions of Axios prior to 1.15.0 had code vulnerabilities. These vulnerabilities stemmed from a specific Gadget attack chain, which could potentially upgrade prototype pollution in any third-party dependencies into remote code execution or...

4.8CVSS7.6AI score0.01815EPSS
Exploits5References9
vulnersOsv
vulnersOsv
added 2026/04/09 5:32 p.m.6 views

0xpay-cc-sdk (>=0.0.8 <=0.1.0), 1inch-agent-kit (=1.0.53) +6204 more potentially affected by CVE-2025-62718 via axios (>=1.0.0 <=1.14.0)

axios NPM version =1.0.0, =0.0.8, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.2-beta.0, =8.0.5, =6.1.0, =0.0.1-alpha.3, =0.1.6-alpha.11, =1.0.3-rc.0, =2.1.0 - @1tokenfe/hd-ble-sdk =1.1.15 - @1tokenfe/hd-common-connect-sdk =1.1.15 and more Source cves: CVE-2025-62718 Source advisory: OSV:GHSA-3P68-RC4W-Q...

9.9CVSS6.5AI score0.01186EPSS
Exploits1
Circl
Circl
added 2026/04/09 4:39 p.m.2 views

CVE-2025-62718

creationtimestamp| type| source ---|---|--- 2026-04-09 16:39:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mj3ap6fdyn2z 2026-04-09 17:32:19+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-3p68-rc4w-qgx5 2026-04-10 05:55:04+00:00| seen|...

9.9CVSS6.4AI score0.01186EPSS
Exploits1References11
Snyk
Snyk
added 2026/04/09 4:14 p.m.3 views

Unintended Proxy or Intermediary ('Confused Deputy')

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' via improper hostname normalization in the NOPROXY environment variable. An attacker controlling reques...

9.9CVSS5.7AI score0.01186EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2026/04/09 4:14 p.m.7 views

0xpay-cc-sdk (>=0.0.8 <=0.1.0), 1inch-agent-kit (=1.0.53) +6204 more potentially affected by CVE-2025-62718 via axios (>=1.0.0 <=1.14.0)

axios NPM version =1.0.0, =0.0.8, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.2-beta.0, =8.0.5, =6.1.0, =0.0.1-alpha.3, =0.1.6-alpha.11, =1.0.3-rc.0, =2.1.0 - @1tokenfe/hd-ble-sdk =1.1.15 - @1tokenfe/hd-common-connect-sdk =1.1.15 and more Source cves: CVE-2025-62718 Source advisory: SNYK:JS-AXIOS-159658...

9.9CVSS6.5AI score0.01186EPSS
Exploits1
Snyk
Snyk
added 2026/04/09 4:14 p.m.1 views

Unintended Proxy or Intermediary ('Confused Deputy')

Overview axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Unintended Proxy or Intermediary 'Confused Deputy' via improper hostname normalization in the NOPROXY environment variable. An attacker controlling request URLs can acces...

9.9CVSS5.7AI score0.01186EPSS
Exploits1References2
OSV
OSV
added 2026/04/09 3:16 p.m.1 views

DEBIAN-CVE-2025-62718

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NOPROXY rules. Requests to loopback addresses like localhost. with a trailing dot or ::1 IPv6 literal skip NOPROXY matching and go...

9.9CVSS5.3AI score0.01186EPSS
Exploits1References1
NVD
NVD
added 2026/04/09 3:16 p.m.2 views

CVE-2025-62718

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NOPROXY rules. Requests to loopback addresses like localhost. with a trailing dot or ::1 IPv6 literal skip NOPROXY matching and go...

9.9CVSS0.01186EPSS
Exploits1References41
Rows per page
Query Builder