Lucene search
K

4641 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/08 2:25 p.m.6 views

CVE-2026-39865

Axios is a promise based HTTP client for the browser and Node.js. Starting in version 1.13.0 and prior to 1.13.2, Axios HTTP/2 session cleanup logic contains a state corruption bug that allows a malicious server to crash the client process through concurrent session closures. The vulnerability...

5.9CVSS5.8AI score0.00731EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/04/08 2:25 p.m.21 views

CVE-2026-39865 Axios HTTP/2 Session Cleanup State Corruption Vulnerability

Axios is a promise based HTTP client for the browser and Node.js. Starting in version 1.13.0 and prior to 1.13.2, Axios HTTP/2 session cleanup logic contains a state corruption bug that allows a malicious server to crash the client process through concurrent session closures. The vulnerability...

5.9CVSS0.00731EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2026/04/08 2:25 p.m.2 views

CVE-2026-39865

Axios is a promise based HTTP client for the browser and Node.js. Starting in version 1.13.0 and prior to 1.13.2, Axios HTTP/2 session cleanup logic contains a state corruption bug that allows a malicious server to crash the client process through concurrent session closures. The vulnerability...

5.9CVSS5.4AI score0.00731EPSS
Exploits1
CVE
CVE
added 2026/04/08 2:25 p.m.28 views

CVE-2026-39865

Axios HTTP/2 session cleanup state corruption in Http2Sessions.getSession() (lib/adapters/http.js) is fixed in 1.13.2. Prior to 1.13.2, the cleanup logic could corrupt state when removing sessions from the sessions array, allowing a malicious server to crash the client process via concurrent sess...

5.9CVSS5.8AI score0.00731EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.5 views

Axios 安全漏洞

Axios is an open-source HTTP client developed by Axios itself, based on Promise a solution for asynchronous programming. Versions of Axios prior to 1.13.2 contain security vulnerabilities; these vulnerabilities stem from state corruption and could potentially lead to process crashes...

5.9CVSS5.8AI score0.00731EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.9 views

PT-2026-31322

Name of the Vulnerable Software and Affected Versions Axios versions prior to 1.13.2 Description A flaw exists in the Axios HTTP/2 session cleanup logic, allowing a malicious server to crash the client process through concurrent session closures. The issue resides in the Http2Sessions.getSession...

5.9CVSS5.8AI score0.00731EPSS
Exploits1References15
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2026-39865

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Axios is a promise based HTTP client for the browser and Node.js. Starting in version 1.13.0 and prior to 1.13.2, Axios HTTP/2 session cleanup logic contains a...

5.9CVSS5.8AI score0.00731EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/04/07 5:3 p.m.3 views

CVE-2026-34841

Bruno is an open source IDE for exploring and testing APIs. Prior to 3.2.1, Bruno was affected by a supply chain attack involving compromised versions of the axios npm package, which introduced a hidden dependency deploying a cross-platform Remote Access Trojan RAT. Users of @usebruno/cli who ran...

9.8CVSS5.8AI score0.00234EPSS
Exploits0References1
NVD
NVD
added 2026/04/06 5:17 p.m.8 views

CVE-2026-34841

Bruno is an open source IDE for exploring and testing APIs. Prior to 3.2.1, Bruno was affected by a supply chain attack involving compromised versions of the axios npm package, which introduced a hidden dependency deploying a cross-platform Remote Access Trojan RAT. Users of @usebruno/cli who ran...

9.8CVSS0.00234EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 5:12 p.m.5 views

Security Bulletin: IBM OpenAPI SDK Generator (Node.js) is affected by the Axios supply chain attack

Summary Due to an Axios supply chain attack, a fix for IBM Node.js SDK Core https://github.com/IBM/node-sdk-core was made available on April 2, 2026 21:03 UTC to mitigate the attack. If you used a previous version there is a possibility the affected Axios package could have been available on your...

6AI score
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/06 4:8 p.m.2 views

CVE-2026-34841 Axios npm Supply Chain Incident Impacting @usebruno/cli

Bruno is an open source IDE for exploring and testing APIs. Prior to 3.2.1, Bruno was affected by a supply chain attack involving compromised versions of the axios npm package, which introduced a hidden dependency deploying a cross-platform Remote Access Trojan RAT. Users of @usebruno/cli who ran...

9.8CVSS5.8AI score0.00234EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/06 4:8 p.m.18 views

CVE-2026-34841 Axios npm Supply Chain Incident Impacting @usebruno/cli

Bruno is an open source IDE for exploring and testing APIs. Prior to 3.2.1, Bruno was affected by a supply chain attack involving compromised versions of the axios npm package, which introduced a hidden dependency deploying a cross-platform Remote Access Trojan RAT. Users of @usebruno/cli who ran...

9.8CVSS0.00234EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/06 4:8 p.m.2 views

EUVD-2026-19354

Bruno is an open source IDE for exploring and testing APIs. Prior to 3.2.1, Bruno was affected by a supply chain attack involving compromised versions of the axios npm package, which introduced a hidden dependency deploying a cross-platform Remote Access Trojan RAT. Users of @usebruno/cli who ran...

9.8CVSS5.8AI score0.00234EPSS
Exploits0References5
CVE
CVE
added 2026/04/06 4:8 p.m.43 views

CVE-2026-34841

Bruno (open source IDE for APIs) was affected by a supply-chain incident prior to version 3.2.1 involving compromised axios releases that introduced a hidden dependency deploying a cross‑platform Remote Access Trojan (RAT). The affected window was npm install between 00:21 UTC and ~03:30 UTC on 3...

9.8CVSS5.8AI score0.00234EPSS
Exploits0References4Affected Software1
The Hacker News
The Hacker News
added 2026/04/06 12:46 p.m.16 views

⚡ Weekly Recap: Axios Hack, Chrome 0-Day, Fortinet Exploits, Paragon Spyware and More

This week had real hits. The key software got tampered with. Active bugs showed up in the tools people use every day. Some attacks didn’t even need much effort because the path was already there. One weak spot now spreads wider than before. What starts small can reach a lot of systems fast. New...

10CVSS6.1AI score0.99562EPSS
Exploits398
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/06 6:30 a.m.16 views

Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues

Summary Multiple vulnerabilities affect IBM Sterling Secure Proxy and are addressed in the latest release and fixpack Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig...

7.5CVSS5.9AI score0.01564EPSS
Exploits3Affected Software1
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.6 views

Bruno 安全漏洞

Bruno is an open-source IDE developed by usebruno, designed for exploring and testing APIs. Versions of Bruno prior to 3.2.1 contained security vulnerabilities. These vulnerabilities were caused by a supply chain attack involving a tampered axios npm package, which could potentially deploy...

9.8CVSS5.8AI score0.00234EPSS
Exploits0References4
Talos Blog
Talos Blog
added 2026/04/03 5:31 p.m.4 views

Do not get high(jacked) off your own supply (chain)

In the span of just a few weeks, we have observed a dizzying array of major supply chain attacks. Prominent examples include the malicious modification of Axios, a popular HTTP client library for JavaScript, as well as cascading compromises from TeamPCP, a "chaos-as-a-service" group that injected...

5.9AI score
Exploits0
Talos Blog
Talos Blog
added 2026/04/03 5:0 p.m.6 views

Axios NPM supply chain incident

Cisco Talos is actively investigating the March 31, 2026 supply chain attack on the official Axios node package manager npm package during which two malicious versions v1.14.1 and v0.30.4 were deployed. Axios is one of the more popular JavaScript libraries with as many as 100 million downloads pe...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/03 11:4 a.m.7 views

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

The maintainer of the Axios npm package has confirmed that the supply chain compromise was the result of a highly-targeted social engineering campaign orchestrated by North Korean threat actors tracked as UNC1069. Maintainer Jason Saayman said the attackers tailored their social engineering effor...

6AI score
Exploits0
Rows per page
Query Builder